Re: How to tighten down Exchange Server security - blacklisted

Tech-Archive recommends: Fix windows errors by optimizing your registry

Note my autosignature. The answer, I believe, is to get management to agree that those who get infected at home by doing non-work activities on their notebooks (by surfing porn sites) are to have their mail privileges revoked. They can use Hotmail.

You can enforce the use of OWA when off-net. It's hard for malware to send a lot of mail over that.

I like your idea of forcing installation of antivirus via group policy. That actually will protect you from them at home--assuming Symantec detects the malware doing the sending--because it should continue to run even when they're at home.
--
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
..

"r042wal" <rob@xxxxxxxxxxxxxxxx> wrote in message news:3AED6A8E-E135-4AE0-990D-3BF809249DA4@xxxxxxxxxxxxxxxx
I have an unusual circumstance. I have Exchange on the network for a real estate agents. All the agents have laptops that they own that we have joined to the domain. We the company does not own the laptops, we occasional get an infected laptop that wants to start sending SPAM e-mail out the Exchange server and getting us blacklisted.

We have Symantec Corporate 10.2 installed on the network, but many of the agents potentiall pick up malicious code browwsing web sites when connected to the Internet at home.

There is no 'relay' enabled on the server, not even authenticated users. We do not use POP or IMAP either. All the remote laptops connect using RPC over HTTPS. We use IMF on the front end of Exchange followed by GFI MailEssentials 12.

I am looking for something to detect an abnormal queue of e-mails being sent out. We have been blacklisted twice this year and senderbase.org has given us a 'poor' rating which is now affecting out e-mail delivery.

I consider this senariou out of the ordinary and would welcome any suggestions. I though about installing Symantec Corporate 10.2 and using a Group Policy to force the installation, but this does not allow for a computer that became infected at an agents home and then gets plugged into teh network.

TIA

.

Quantcast