Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Stopping SPAM from being relayed through Exch 5.5 Server 1

Status
Not open for further replies.
Aug 18, 2003
8
US
I have tried to find a comprehensive answer to this question on Microsoft Knowledgebase but as so far, I haven't found the right answer so hopefully one of you Exchange guru's out there can answer this for me specifically:

Running an Exch 5.5 server with IMS. Have a few internal users but a majority of people check and send mail through the server via remote connections using OWA. I have been getting hit HARD with SPAM e-mail relaying through my server.... the type with the <> originator. Most of it is caught up in my outgoing queue and I would probably be here for hours trying to delete them all and even when I do try to clear the queue, there is a new batch waiting in a minute or so. Whenever I try to lock down my server by restricting routing or setting up security, my external users cannot login.

What is the best way to secure the server against SPAM relaying but still have my external users able to conduct business. I also have about four users that download their mail via POP3 so I have that to consider as well. Any advice on this would be much appreciated... or at least point me towards the correct Microsoft tech bullitins.

Thanks...
 
In the Exchange Administrator / Connections / Internet Mail Service Properties / Routing Tab / Routing Restrictions Button click on the check boxes for &quot;Hosts and clients that successfully authenticate&quot; and &quot;Hosts and clients with these IP addresses&quot;. OK your way out of it and restart the Internet Mail Service.

Your remote POP3 users will need to enable the setting in their mail client that says &quot;My SMTP Server requires authentication&quot; and they'll be able to send.

Gary McDonnell
 
I also have the same problem, which is why I have 2 agents of mines which get constant e-mails still with the So.Big Virus. I have InoculateIT from Computer Associates, and it allows the message to get through. I guess I will need to purchase a virus scanner for e-mail before it hits the exchange server, that way if a file is infected, it will not be delivered to my agents. Until then I still keep getting these spam e-mails with the viruses. I have told my agents to just delete the files, but when I look at My Application Log in the Event Viewer, it is filled with numerous warnings stating that a file with a virus was opened, could not be cured, insted it was renamed. I have checked all the PC's and they are virus free, and have the latest Microsoft patch. Are there any suggestions on what i should do.

FOR &quot;gmcdonnell&quot; If i do what u suggested in the Exchange administrator, when I check the check box for &quot;Hosts and clients with these IP addresses&quot;, will I have to add IP addresses of the people who are sending me the spam, or just leave it blank? Please reply................THNAKS

THE DRAGON
 
My IMS is all jacked up now. I have been trying to implement routing security and now the damn thing won't even start properly. It is in process of starting but has been trying for around 10 minutes or so. Don't know what is causing it but I guess if I let it sit awhile, maybe an error message will pop up or it will finally start.

If anybody has any tips about forcing IMS to start, I would be open to suggestions.

 
Here is a good thread on the <> email
thread10-518095
 
I have a similar problem in Exchange 5.5 SP4 where messages build up in the Outgoing queue that appear to be spam. There is no originator and what appears to be stopping them is an error in host name resolution.

I have configured the Routing Restrictions long ago that only allow those who authenticate to relay as well as a couple of IP addresses.

I have also applied the patch Q289258 that is supposed to address an issue with authentication causing a security problem in relaying.

So, at this point, the routing is restricted as much as possible, and I have applied any available patch of known relaying issues (only 1 known at this point).

Am I getting concerned over nothing, since the messages in the queue will never be delivered, or could there be ones that actually are being relayed that I don't know about? If that's the case, how do I stop this crap from even getting into the queue? I don't want the queue filling up even if they aren't being relayed.
 
Tip for restarting IMS:

This usually works for me:

Unplug the server from the network
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top