General discussion

Locked

Spammers Using my Exchange 5.5 Server

By fbustos ·
I am running an Exchange 5.5 server with POP3 users. In the outgoing mail queue in IMS I keep getting outgoing messages with blank originators addressed to email destinations such as travelagentpromos4.net, e-marketingsolutions.com, bestoffers.net...All sounding like they are some type of spam going out. I have tightened the security on the box well however they continue to send the emails. I have reviewed my IMS logs which I cranked up to maximum since i noticed this and it appears that they actually authenticate in and send messages right from port 25. I have run tests on port 25 to very that authentication is required and that relay is also prohibited. Authentication was required in order to send mail and relay was prohibited. In IMS properties I have selected accept hosts only with Authentication, clients can only submit if homed on this server and clients can only submit if auth account matches subbmission address.
What else can I do? They continue to send messages and I am worried I will be blacklisted soon. Any help is appreciated!!!
Thanks
JM

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Joseph Moore In reply to Spammers Using my Exchang ...

If you want, I can try and connect to your SMTP service running on Exchange and try to send e-mail with authentication.
Send me a message via the Peer Directory if you want to try this.

Collapse -

by Curacao_Dejavu In reply to Spammers Using my Exchang ...

you can check on http://dsbl.org/main
if you are on there list,

http://www.abuse.net/relay.html
you can test if you are relaying.

and check the following 2 sites too.
http://www.emailsecuritytest.com/
http://www.eventlogscan.com/

Leopold

Collapse -

by joshg In reply to Spammers Using my Exchang ...

Make sure there aren't any machines with adware sending things through your server, this will defeat the relaying since it is originating on your network.

One way to test your exchagne server is at www.ordb.org this will allow you to have an open relay test performed on the hostname or IP that you give. while your there, make sure that IP isn't already in their DB.

Collapse -

by Rabbit_Runner In reply to Spammers Using my Exchang ...

Check this also.

Open your Exchange administrator and find the Internet Mail Service. Double click, find and click the 'Routing' tab. Then click on the button "Routing Restrictions" It is down towards the bottom of the window. When it opens, make certain that there is a check mark in these boxes....
Hosts and Clients that successfully authenticate
AND
Hosts and Clients with these IP addresses
Microsoft does not tell you that you can select these options and leave the large boxes blank. After you close out all of your windows, stop and start your Microsoft Exchange Internet Mail Service.

Collapse -

by Rabbit_Runner In reply to Spammers Using my Exchang ...

Check this also.

Open your Exchange administrator and find the Internet Mail Service. Double click, find and click the 'Routing' tab. Then click on the button "Routing Restrictions" It is down towards the bottom of the window. When it opens, make certain that there is a check mark in these boxes....
Hosts and Clients that successfully authenticate
AND
Hosts and Clients with these IP addresses
Microsoft does not tell you that you can select these options and leave the large boxes blank. After you close out all of your windows, stop and start your Microsoft Exchange Internet Mail Service.

Collapse -

by Rabbit_Runner In reply to

Sorry, I submitted this twice. Didn't mean to.

Collapse -

by Rabbit_Runner In reply to Spammers Using my Exchang ...

Check this also.

Open your Exchange administrator and find the Internet Mail Service. Double click, find and click the 'Routing' tab. Then click on the button "Routing Restrictions" It is down towards the bottom of the window. When it opens, make certain that there is a check mark in these boxes....
Hosts and Clients that successfully authenticate
AND
Hosts and Clients with these IP addresses
Microsoft does not tell you that you can select these options and leave the large boxes blank. After you close out all of your windows, stop and start your Microsoft Exchange Internet Mail Service.

I had a customer that was having the same problem you explained above. After doing quite a bit of research, I found that doing the above settings will stop the relay. This was done for my customer and they are currently not having any more problems.

Back to Windows Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums