Question : Exchange Server being used to send Spam

I have a customer that has an exchange server that is being used to send spam. It a Windows SBS Server 2003, and everything was fine until this weekend. I have checke dfor an open relay, there is none. I was able to narrow down to an IP Address that was connecting to my server to send the spam, I blocked that IP Address. How did this hapopen and what else can I check to see hwo it happened and also how do I prevent this.

Answer : Exchange Server being used to send Spam

There are basically three ways an Exchange 2003 server can be abused.

Open Relay
Authenticated relay
NDR spam.

Authenticated relay is where an account is compromised and then used to authenticate when sending email. By default this option is turned on and the Administrator account is targeted.

NDR spam is where email is sent to the server with invalid email addresses on purpose, the idea being that the server then rejects the email and sends an NDR back to the "sender". The sender is spoofed and is the real target.

My spam cleanup article goes through all three methods and how to secure the server:
http://www.amset.info/exchange/spam-cleanup.asp

Simon.

Random Solutions

Using commit and rollback with ASP

How to communicate variables back to calling script not using a file

!! Start Up Folder Problem !!

Import Outlook Express address book to Outlook 2007

New Vista Laptop had a user account on it prior to mine

Mysql server failed to start on redhat AS4

Cannot add new calendar entries in Outlook 2003

Safe mode with command prompt + windows explorer

Outlook Exchange send error