my ISP called me asking about lots of spam emails comming out from my server.
it seems it's a virus , i'm not sure,
i'm using MS Exchange server 5.5
any one have any idea what to do ?
Printable View
my ISP called me asking about lots of spam emails comming out from my server.
it seems it's a virus , i'm not sure,
i'm using MS Exchange server 5.5
any one have any idea what to do ?
If you have SMTP relaying turned on, turn it off.
DjM
Do you have a <FORM> command on your webpage?
Two things to do...turn off SMTP relaying (if you can). Run a virus scanner on the email server to see if you have been "infected."
HTH
http://www.abuse.net/relay.html run your server through that that will let you know if its on or not
RiOtEr
ok guys ... i can't turn off the SMTP coz' the mail goes through it ...
the server act as in-comming and out-going mail server ... and it's just a mail server not web based mail system.
so how can i deny SMTP mail relaying from outside my LAN.
and by the way ... anti virus didn't help .
Bimmer, You should get a firewall. Have it filter all out going data packets port 25(SMTP).
Specify that you only want outbound traffic on your smtp coming from your lan.
isn't there any other solution than the firewall .
I asked a few co-workers about this and they could offer any other FOR SURE solution. The Best way would be a software firewall. Configure it filter 25,and set the rule. Other than that theorectically, I think you could download a Administration tool from any Networking site. I'm sure somone has made a program doing what you need.
I am interested in how your being exploited. Do you have a website? If that has a mail server on it. And you use your mail server to submit <FORM> in HTML you could be exploited in more ways than one.
Are you using "Send Mail" as you SMTP Engine? If not, what are you using?
DjM
Look at the site Rioter suggested.
bimmer check out this site
http://support.microsoft.com/default...;en-us;Q193922
It will help.
bimmer,
You can turn off relaying without affecting its mailing capability unless you use IMAP and POP connections. You can however go in to configuration connections then internet mail service and the routing and under the routing restrictions options set the internal address range and clients who authenticate as an option. This will stop non authenticated relaying.
PC
Toker ... i have no idea man ... we don't have a web site ...
and whats going on as follows.
u might recieve a mail from my company ...
for example : the sender is : [email protected] ... but actually we don't have this address in our company ....
and as for DJM : if u mean the unix based send mail .. then, NO .. they use Exchange ( Intel Based Server ).
ok guys ... WHAT !
my client start shitting on me ...
i think the software firewall solution seems a good one ... does the ISA server work for that ( Proxy server ) ... ?
Also check out this site:
http://mail-abuse.org/tsi/ar-fix.html
It has pointers for fixing relaying problems on most of the popular 'mailer' programs.
DjM
Including Exchange.
Bimmer, listen to what Paul & I had to say. This will fix 90% of your problem without a firewall, though you should have some sort of firewall to protect your network, on a different computer from your email server.
I've don that ... it stoped the out going spam for a while ... but then everything got back ?Quote:
Originally posted here by paulcottingham
bimmer,
You can turn off relaying without affecting its mailing capability unless you use IMAP and POP connections. You can however go in to configuration connections then internet mail service and the routing and under the routing restrictions options set the internal address range and clients who authenticate as an option. This will stop non authenticated relaying.
PC
weird ... isn't it !!
Bimmer, I pointed you to the solution. There is a fix for Exchange 5.5.
Check this: http://www.exchangeadmin.com/Article...ArticleID=7696
and this: http://www.microsoft.com/technet/tre...l/excrelay.asp
Follow the instructions and turn off relaying.
DjM
a firewall wont help as port 25 needs to be open anyway to recieve your mail
Bimmer,
You need to stop and start the Exchange internet mail service for it to take effect if you have not already done so
thanks guys .. i think by now i should have the solution .. i check all site u gave .. hope that it works .... thanks alot for the support.
Ok been reading here a long time and thought I'd pass this along. After you follow the two mentioned fixes to end relays with Exchange watch your event viewer application log. You will get the offending IP address as a RED Stop Sign Event "Refused to relay blah blah for and the IP address. Save the event log as a txt file cut and paste the offending IP send the info to the ISP. Do get the firewall to filter port 25 because your IP addy is known to spammers now and the refuse to relay can crash exchange or slow it down because of the automatiated email programs they use will hit your server with thousands of message in short order. Expect months of relay events.
Nobody said it was going to be easy :D :DQuote:
Originally posted here by Palemoon
Ok been reading here a long time and thought I'd pass this along. After you follow the two mentioned fixes to end relays with Exchange watch your event viewer application log. You will get the offending IP address as a RED Stop Sign Event "Refused to relay blah blah for and the IP address. Save the event log as a txt file cut and paste the offending IP send the info to the ISP. Do get the firewall to filter port 25 because your IP addy is known to spammers now and the refuse to relay can crash exchange or slow it down because of the automatiated email programs they use will hit your server with thousands of message in short order. Expect months of relay events.
DjM