RE: Email being sent to unknown users

From: Terry Liu [MSFT] (v-teliu_at_online.microsoft.com)
Date: 04/01/04 

Date: Thu, 01 Apr 2004 06:43:18 GMT

I suggest you refer to the three steps listed below:

Step 1: Stop Open Relay in Exchange 2003:

<Relaying> occurs when there is an inbound connection to your Simple Mail
Transfer Protocol (SMTP) server that is used to send e-mail messages to
external domains. With unsolicited commercial e-mail messages, a single
e-mail message that is sent to your SMTP server with multiple recipients in
domains that are external to your organization is an example of relaying.
When the SMTP server is configured to use anonymous authentication, the
messaging system that is used to propagate the unsolicited commercial
e-mail messages accepts the inbound message as typical. After the message
is accepted, the SMTP server recognizes that the message recipients belong
to external domains, and then the SMTP server delivers the messages. The
unauthorized users who send unsolicited commercial e-mail messages only
have to send one inbound message to your SMTP server for it to be delivered
to thousands of recipients. This may result in decreased performance and
congested queues. Additionally, this may annoy the recipients when the
messages arrive.

To prevent relaying, do not grant relay permissions to other hosts.
However, there are situations when relaying is required. You may have Post
Office Protocol 3 (POP3) and Internet Message Access Protocol 4 (IMAP4)
clients who rely on SMTP for message delivery. These clients may have
legitimate reasons for sending e-mail messages to external domains. To work
around this issue, create a second SMTP virtual server that is dedicated to
receiving e-mail messages from POP3 and from IMAP4 clients. You can
configure this additional SMTP virtual server to use authentication that is
combined with Secure Sockets Layer (SSL) based encryption, and then
configure it to permit relaying for authenticated clients.

Note
By default, the Default SMTP Virtual Server in Exchange 2003 is configured
to prevent relaying of e-mail messages through the virtual server.

To prevent computers from relaying messages through the SMTP virtual
server:

1. Click "Start", point to "Programs", point to "Microsoft Exchange", and
then click "System Manager".
2. Expand "Servers", expand "<ServerName>", and then expand "Protocols".
3. Expand "SMTP", right-click "Default SMTP Virtual Server", and then click
"Properties".
4. Click the "Access" tab, and then click "Relay".
5. In the "Relay Restrictions" dialog box, click "Only the list below" (if
it is not already selected), and then make sure that the "Computers" list
is empty. If you are not using any POP3 and IMAP4 clients with this virtual
server, click to clear the "Allow all computers which successfully
authenticate to relay, regardless of the list above" check box, and then
click "OK".
6. Click "OK".

Step 2: Use built-in antivirus features to block incoming SPAM e-mails:

Microsoft Exchange Server?2003 and Microsoft Office Outlook??2003, along
with antispam partner solutions, are designed to help organizations deal
more effectively with the junk e-mail problem.

?¡è Real-Time Block List Service Provider Support
?¡è Global Deny and Accept Lists
?¡è Sender Filtering
?¡è Inbound Recipient Filtering
?¡è Improved Ability to Restrict Submissions to and Relaying on an SMTP
Virtual Server
?¡è Integration with Outlook?2003 and Outlook Web Access Block and Safe
Lists
?¡è Junk E-Mail Filter
?¡è Intelligent Message Filter

For detailed information, please refer to this link:
http://www.microsoft.com/exchange/techinfo/security/antispam.asp

Step 3: You can archive all mails to check the detailed information.

On Exchange 2000 and 2003 server, there is a feature that can help us
archive all messages in a mailbox. To do so, you can refer to the following
steps:

1. Create a new mail-enabled user accounts in your Exchange organization.
e.g. Archive@yourdomain.com.
2. Log on to the Exchange 2003 computer, and then start Exchange System
Manager.
3. Expand "Administrative Groups", expand "First Administrative Group",
expand "Servers", expand your Exchange server, and then expand "First
Storage Group".
4. Right-click "Mailbox Store (<ServerName>)", and then click "Properties".
5. Click to select the "Archive all messages sent or received by mailboxes
on this store" check box, and then click the "Browse" button that is next
to this check box.
6. Click the "Archive" user account that you created, and then click "OK".
7. Let one of your clients send any message out (to an external recipient
or a user in your organization).
8. Log on to a client computer as the Archive user, and then start
Microsoft Outlook.
9. You can then find the message that your client sent is in the Archive
user's mailbox.

Alternatively, you can use the ArchiveSink utility on Exchange server 2003.
To download this utility, please go to:
"http://www.microsoft.com/downloads/details.aspx?FamilyID=5d3475bd-6915-4110
-959d-6e4cb233d79d&displaylang=en"
NOTE: This link can be wrapped. Please make sure that you have included the
entire contents between the quotation marks when you download this tool.

IMPORTANT: Either of the methods may affect server performance and possibly
fill up disk space.

In addition, we will release another built-in antispam feature and you may
refer to this link:
http://www.microsoft.com/exchange/techinfo/security/imfoverview.asp

For more information, please refer to this link:
http://www.microsoft.com/presspass/press/2003/apr03/04-14AntiSpamPR.asp

Here is another good resource for you to secure the Exchange Server 2003:
Exchange Server 2003 Security Hardening Guide --
http://www.microsoft.com/downloads/details.aspx?FamilyID=6A80711F-E5C9-4AEF-
9A44-504DB09B9065&displaylang=en

Best regards,

Terry Liu
MCSE 2K MCSA MCDBA CCNA
Microsoft Online Support Engineer

Get Secure! - <www.microsoft.com/security>
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.