njellis
IS-IT--Management
- Jul 17, 2006
- 29
Exchange 2007 Server is sending spam. I have tried to isolate where the issue is, but cannot figure it out.
Small personal exchange 2007 server with just 4 users on it. Sends/Recieves email for 2 domains.
Xeams for spam filtering, and my VPS for outbound mail.
So mail flow looks as such: Incoming mail -> Xeams -> Exchange 2007 -> VPS (postfix) -> World
Postfix is configured to ONLY relay from the exchange server's IP. (while I still have the issue I simply told postfix to not accept relays from my exchange - which is good because I can watch the reject log for postfix to see it's still happening).
Exchange server ONLY used with Outlook and OWA and Outlook Anywhere. No POP/IMAP/SMTP (except to receive)
I tested "relay status" from tools online and it does not report to be an open relay.
In the exchange log I enabled I get many entries such as this:
How can I lock the server down so only the 4 users in the domain can send mail and no-one else?
Thank you! Dying here having to constantly stop and start postfix but googling isn't getting me what I need.
Small personal exchange 2007 server with just 4 users on it. Sends/Recieves email for 2 domains.
Xeams for spam filtering, and my VPS for outbound mail.
So mail flow looks as such: Incoming mail -> Xeams -> Exchange 2007 -> VPS (postfix) -> World
Postfix is configured to ONLY relay from the exchange server's IP. (while I still have the issue I simply told postfix to not accept relays from my exchange - which is good because I can watch the reject log for postfix to see it's still happening).
Exchange server ONLY used with Outlook and OWA and Outlook Anywhere. No POP/IMAP/SMTP (except to receive)
I tested "relay status" from tools online and it does not report to be an open relay.
In the exchange log I enabled I get many entries such as this:
Code:
0,,1.2.3.4,*,,attempting to connect
1,192.168.1.100:3572,1.2.3.4,+,,
2,192.168.1.100:3572,1.2.3.4,<,220 PcComputerGuy.com ESMTP Postfix (Debian/GNU),
3,192.168.1.100:3572,1.2.3.4,>,EHLO mail.joessite.com,
4,192.168.1.100:3572,1.2.3.4,<,250-PcComputerGuy.com,
5,192.168.1.100:3572,1.2.3.4,<,250-PIPELINING,
6,192.168.1.100:3572,1.2.3.4,<,250-SIZE 10240000,
7,192.168.1.100:3572,1.2.3.4,<,250-ETRN,
8,192.168.1.100:3572,1.2.3.4,<,250-STARTTLS,
9,192.168.1.100:3572,1.2.3.4,<,250-AUTH PLAIN LOGIN,
10,192.168.1.100:3572,1.2.3.4,<,250-ENHANCEDSTATUSCODES,
11,192.168.1.100:3572,1.2.3.4,<,250-8BITMIME,
12,192.168.1.100:3572,1.2.3.4,<,250 DSN,
13,192.168.1.100:3572,1.2.3.4,>,STARTTLS,
14,192.168.1.100:3572,1.2.3.4,<,220 2.0.0 Ready to start TLS,
15,192.168.1.100:3572,1.2.3.4,*,,Sending certificate
16,192.168.1.100:3572,1.2.3.4,*,"CN=mail.joessite.com, C=US",Certificate subject
17,192.168.1.100:3572,1.2.3.4,*,"CN=joessite-PCCG-EXCHANGE-CA, DC=joessite, DC=com",Certificate issuer name
18,192.168.1.100:3572,1.2.3.4,*,13BC2D5E000000000002,Certificate serial number
19,192.168.1.100:3572,1.2.3.4,*,84C575999AF962054EE8B5604043EBC38A661081,Certificate thumbprint
20,192.168.1.100:3572,1.2.3.4,*,mail.joessite.com;autodiscover.joessite.com,Certificate alternate names
21,192.168.1.100:3572,1.2.3.4,*,,Received certificate
22,192.168.1.100:3572,1.2.3.4,*,3259082035820582058280 (cert stuff),Certificate thumbprint
23,192.168.1.100:3572,1.2.3.4,>,EHLO mail.joessite.com,
24,192.168.1.100:3572,1.2.3.4,<,250-PcComputerGuy.com,
25,192.168.1.100:3572,1.2.3.4,<,250-PIPELINING,
26,192.168.1.100:3572,1.2.3.4,<,250-SIZE 10240000,
27,192.168.1.100:3572,1.2.3.4,<,250-ETRN,
28,192.168.1.100:3572,1.2.3.4,<,250-AUTH PLAIN LOGIN,
29,192.168.1.100:3572,1.2.3.4,<,250-ENHANCEDSTATUSCODES,
30,192.168.1.100:3572,1.2.3.4,<,250-8BITMIME,
31,192.168.1.100:3572,1.2.3.4,<,250 DSN,
32,192.168.1.100:3572,1.2.3.4,*,4614,sending message
33,192.168.1.100:3572,1.2.3.4,>,MAIL FROM:<> SIZE=12850,
34,192.168.1.100:3572,1.2.3.4,>,RCPT TO:<GNCGiftforFeedback@value054.approverewardcard.rocks>,
35,192.168.1.100:3572,1.2.3.4,<,250 2.1.0 Ok,
36,192.168.1.100:3572,1.2.3.4,<,554 5.7.1 <GNCGiftforFeedback@value054.approverewardcard.rocks>,
37,192.168.1.100:3572,1.2.3.4,>,QUIT,
38,192.168.1.100:3572,1.2.3.4,<,221 2.0.0 Bye,
39,192.168.1.100:3572,1.2.3.4,-,,Local
How can I lock the server down so only the 4 users in the domain can send mail and no-one else?
Thank you! Dying here having to constantly stop and start postfix but googling isn't getting me what I need.