Prevent Spammers from using my SMTP Queue in Server 2003

windows-server-2003 exchange spam windows-sbs activesync
5,301

Solution 1

It sounds like backscatter (NDR spam) to me, rather than your server being an open relay. Exchange Server 2003 by default is not an open relay. You can check whether or not your Exchange server is an open relay by using any number of online tests. You can help prevent backscatter spam in a few ways:

  1. Disable NDR's on your Exchange server.

  2. Filter email sent to recipients that don't exist in AD.

EDIT

After reading the other answers and reading the comments to my answer, here's an updated answer:

  1. Filter email sent to recipients that don't exist in AD. This is probably the more preferred method to deal with backscatter at your Exchange server.

  2. Disable NDR's on your Exchange server. This is the least preferred method and was probably not the best suggestion on my part. While it does deal with the problem, it may not be completely in the spirit of RFC 5321 (although it probably is acceptable based on the verbage of RFC 5321 section 6.2).

Solution 2

There is a Microsoft KB article that describes this perfectly. It's even an SBS based article:

http://support.microsoft.com/kb/886208

The basic answer is you're suffering from a backscatter problem. The solution is to turn on recipient filtering as detailed in the MS KB article.

That's a short-term solution. The problem with recipient filtering is that it leaves you vulnerable to a directory harvest attack. If you want to really secure your server, you shouldn't accept SMTP connections directly. The best thing to do is use a service like Postini or MXLogic and only accept SMTP connections from those systems.

Solution 3

Perhaps you should take a look at This article which will explain the purpose of the [email protected].

Nonetheless, it may help to run the MS Exchange Best Practices Analyzer and the MX Toolbox SuperTool to ensure your server is secure and set up to best practice standards.

Share:
5,301
mclark1129
Author by

mclark1129

Updated on September 18, 2022

Comments

  • mclark1129
    mclark1129 over 1 year

    I am running Exchange on an installation of SBS 2003 and I have recently run into a problem where random spam queues began showing up in my SMTP queues. I was first alerted to it because my antivirus software was telling me my server was infected, but luckily I think it's just because the spam contains malicious attachments. One weird thing is that all of the messages in the queue appear to be from '[email protected]' to address on the spammer domain. Does this mean that they are trying to get me to email them sensitive information from my server? At any rate, I need to figure out how to secure my server so that the only people who can send email from my server are authenticated domain users. Does anyone know the best way to lock this down so that only domain accounts can send email, and no one else? Users need to be able to send mail both in and out of the office. Remote email is done through Remote Web Workplace and ActiveSync to smartphones. I am using the Microsoft-Server-ActiveSync web application in my default web site in IIS 6, in case that is providing any security holes for spammers to get through.

    Any help is greatly appreciated.

  • joeqwerty
    joeqwerty over 12 years
    RFC 5321 section 6.2 seems to be saying that this is an acceptable practice, albeit probably frowned upon. I realize that this setting in Exchange 2003 is all or nothing, but it is a method for combating NDR spam.
  • BillThor
    BillThor over 12 years
    The requirement for NDRs can be severely limited by not accepting email from the Internet unless you are willing and able to deliver it. The can reduce local back scatter to near 0. It can't fix open relay back scatter, but there aren't many of them left.
  • joeqwerty
    joeqwerty over 12 years
    Glad to help...
  • joeqwerty
    joeqwerty over 12 years
    Which approach are you referring to?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Can I use Outlook 2010 (beta) with OWA account?
Will Outlook 2016 connect to Exchange using EAS?
Outlook user is sending multiple calendar invites to recipients
How to make Android to connect nicely with Exchange Server 2013
Using Powershell to Create Exchange Contacts from a .CSV file
Outbound message getting 554 rejecting banned content from Postini
How can I open Exchange Management Console 2007 from the "Run" dialog on Windows Server 2003?
Changing the the hostname (remote.ex.com) for Exchange and Remote Workplace in SBS 2011
Can an administrator spy on your iPhone just by setting up a Microsoft Exchange account?
Exchange Activesync policy - can I make it not required for a user?