Re: Someone is using my exchange server to send thousands of messages.
- From: "Gerritjan" <gerritjan@xxxxxxx>
- Date: Mon, 11 Sep 2006 09:55:04 +0200
If I look in Queues under Servers I can see a ton of messages going out
with the sender postmaster@ <my domain>.
I also saw chinese senders although I think I stoped those by by
restricting the smtp conector and the virtural host to users on my system.
The real thing I need help with is how to figure out who is doing this and
getting rid of it. It look like some kind of virus but I have virus
protecting on all my systems and they come up clean.
I don't think you need to worry, Exchange is most likely trying to send NDRs
as a response on spam-messages to non-existing users on your server. By
default SBS accepts all messages to your domain and then tries to deliver
them. If the message can't be delivered it will send an NDR after a few days
of trying. You can change this behaviour by following the steps listed
below. Exchange will then first check the possibility to deliver the message
before accepting it.
I'm copying a text from Mariëtte Knap - MVP:
a. Load exchange system manager and then click the + on Global Settings.
b. Right click on Delivery options and choose Properties.
c. Click on the tab for "Recipient Filtering".
d. I checked the box for "filter recipients that are not in the directory".
Once this box is checked the server gives you a message that you still have
to make another setting to complete the process as described in next step.
e. As a final setting you have to go to the SMTP Virtual Server (also in the
exchange system manager under the server) right click on the SMTP virtual
server and choose Properties. Now go to Advanced for the IP address and
click EDIT for the IP address (usually unassigned) and you will see a check
box that says "Apply Recipient Filter". Check that box.
f. Now this will stop the exchange server from taking a message to a user
that does not exist on your domains (active directory in this case) and
sending NDR reports back to the spammers reducing traffic on the server.
You can also delete all the messages currently in your Exchange queue by
stopping the SMTP server, deleting all the files under "C:\Program
Files\Exchsrvr\Mailroot\vsi1\Queue" and restart the SMTP service. Remember
these messages are not delivered because the addresses they are being sent
to do not exist (unless you have an extremely busy server and very low
bandwidth in which case you better open some of them and verify they are all
junk).
.
- References:
- Prev by Date: RE: ISA 2004 REPORT FAILURE
- Next by Date: RE: Messages from ending up in badmail folder
- Previous by thread: Someone is using my exchange server to send thousands of messages.
- Next by thread: I need to reinstall Windows Time Service SBS 2003 Premium Sp1
- Index(es):
Relevant Pages
|
Loading
