Question : Exchange Server being used to send Spam

I have a customer that has an exchange server that is being used to send spam. It a Windows SBS Server 2003, and everything was fine until this weekend. I have checke dfor an open relay, there is none. I was able to narrow down to an IP Address that was connecting to my server to send the spam, I blocked that IP Address. How did this hapopen and what else can I check to see hwo it happened and also how do I prevent this.

Answer : Exchange Server being used to send Spam

There are basically three ways an Exchange 2003 server can be abused.

Open Relay
Authenticated relay
NDR spam.

Authenticated relay is where an account is compromised and then used to authenticate when sending email. By default this option is turned on and the Administrator account is targeted.

NDR spam is where email is sent to the server with invalid email addresses on purpose, the idea being that the server then rejects the email and sends an NDR back to the "sender". The sender is spoofed and is the real target.

My spam cleanup article goes through all three methods and how to secure the server:
http://www.amset.info/exchange/spam-cleanup.asp

Simon.

Random Solutions

DRAC 4 access, How do I change admin password and create users?

How to install "Developer tools" after installation completed

Genarate mutilple PDF from Mss ACCESS REPORT

Relaying denied. Proper authentication required

SQL Server view error: View Definition includes no output columns or includes not items in the from Clause

Archive Linux email in/out

Only select part of a column with SQL

How do I get all the latest stuff for Fedora using yum?

Question on Windows File Share Witness for a CCR setup

Download File and Make it the Active Window