Exchange 2007 Server Sending Spam – Troubleshooting

exchangemalwaresmtpspam

Our exchange server is sending out spam, as it has been listed on various spam blacklist and not to sure know how to stop it.

I've started with verify SMTP with a site like http://www.pagasa.net/test-smtp-server/, so relay has been ruled out.

I started to suspected that it's came from internal user's PC, which has been infected by spam trojan or zombie and piggyback on log-on user's AD authentication performs a broadcast (from the log the source ip is 255.255.255.255) doing a try and error and hopefully try to landed on a SMTP server within the lan… Is my assumption correct?

Any help would be very greatly appreciated.

Thanks

Mick

Best Answer

A more likely scenario is that you have a PC which is infected and sending out spam itself. A computer does not need to go through your server in order to send out spam. There are a few ways to prevent this from occurring or effecting your ability to send out email:

Block outbound access to port 25 from all computers on your network. Allow an exception only for your Exchange server
Give your Exchange server its own external IP address. This can be accomplished with most business grade routers and firewalls provided your ISP has given you more than a single address.
Use an email sanitization service like Postini or Exchange Defender to process all outgoing email for your Exchange server.
Use a good anti-virus on your workstations...ESPECIALLY if you give your users administrative rights

Best Answer

Related Solutions

Ubuntu – My system is sending spam, where to start fixing it

Exchange 2003 mail non-delivery (NDR), spam activity? events 7002 & 7004

Related Topic