smtp queues
I have exchange 2003 Im getting a lot of spam mails from an email address that is unknown to us. I have some uses that are allowed to SMTP relay through the server How can I see which domain account was used to place the offending email in the queue
July 29th, 2010 2:34pm

hello , Configure RBL in IMFfree RBL provide in below:- sbl.spamhaus.org relays.ordb.org dnsbl.njabl.org cbl.abuseat.org bl.spamcop.net thanks
Free Windows Admin Tool Kit Click here and download it now
July 29th, 2010 4:33pm

First and foremost, go to https://www.testexchangeconnectivity.com/ and test your Inbound mail connectivity and verify that you are not an open relay to the world. If you are receiving a lot of spam inbound to your mail server, it is probably *not* coming from one of your users. Anyone can submit e-mail to your Exchange server if the message is intended for one of your users. You can enable logging on the SMTP virtual server if you want to see more details on where the spam is coming from, though. That is done on the General property page of the SMTP virtual server. What tools are you using to help you fight spam? Block lists? Intelligent Message Filter? Third party?Jim McBee - Blog - http://mostlyexchange.blogspot.com
July 30th, 2010 1:13am

Blindly configuring blacklists isn't going to help as it doesn't deal with the underlying issue. It could be authenticated user, it could also be an open relay, or an NDR attack. SMTP logs will show which account has been abused, although the most common one is the administrator account. Authenticated relaying does not have to be enabled on the Exchange server for Exchange to work correctly. If all clients are Outlook, and you have no POP3/SMTP clients, then you can turn it off. Remember to restart SMTP Server Service to make the change take effect. http://www.amset.info/exchange/spam-cleanup.asp Simon.Simon Butler, Exchange MVP. http://blog.sembee.co.uk , http://exbpa.com/
Free Windows Admin Tool Kit Click here and download it now
July 30th, 2010 1:18am

And enable recpient filtering against AD. If you dont have a anti-spam solution that does this, use the built-in capabilities of Exchange: ( see Bullet 5) http://support.microsoft.com/kb/823866 Create a recipient filter When you use recipient filtering, you can prevent messages from being delivered to e-mail addresses that exist in your organization, and you can filter messages that are directed to e-mail addresses that do not exist in your organization. Recipient filtering only applies to messages that come from anonymous connections. To create a recipient filter, follow these steps: Start Exchange System Manager. Expand Global Settings, right-click Message Delivery, and then click Properties. Click the Recipient Filtering tab. To filter e-mail based on a particular e-mail address, click Add, type the e-mail address, and then click OK. To filter messages that are directed to e-mail addresses that do not exist in your organization, click to select the Filter recipients who are not in the directory check box
July 30th, 2010 2:08am

On Thu, 29 Jul 2010 13:33:25 +0000, RockVino wrote: >Configure RBL in IMFfree RBL provide in below:- O! . . . M! . . . G! >sbl.spamhaus.org relays.ordb.org dnsbl.njabl.org cbl.abuseat.org bl.spamcop.net If you're going to use sbl.spamhaus.org AND cbl.abuse.org, why not use zen.spamhaus.org and eliminate at least one DNS lookup and the potential to delay e-mail unnecessarily. Before using any spamhaus.org DNSBL, read their terms of use. They aren't free for everyone. The ordb.org DNSBL went out of business years ago. Every DNS lookup is going to 1) take longer than necessary, and 2) produce no results. Using spamcop's DNSBL isn't a good idea unless you agree with their policies of listing a lot of IP addresses from relatively minor infractions of "the rules". --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
July 30th, 2010 3:19am

Using spamcop's DNSBL isn't a good idea unless you agree with their policies of listing a lot of IP addresses from relatively minor infractions of "the rules". --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP And you want to stop receiving mail entirely! :P
July 30th, 2010 3:39am

Hi Nick, Are you sure that the mails are sended from your exchange server? I am agree with Jim. The spam mails may came from Internet. "Anyone can submit e-mail to your Exchange server if the message is intended for one of your users. " What's the sender's email address? Is it xxx@yourdomain.com? You can try the following step to block the sender: 1. Open Outlook, right click the spam email and click "Message Options". 2. In Internet Header section, you will see the following information: Microsoft Mail Internet Headers Version 2.0 Received: from xxx.domain.com (157.54.88.97) by xxx.yourdomain.com (196.60.220.216) with Microsoft SMTP Server (TLS) id 14.0.682.1; Fri, 28 May 2010 14:07:22 +0800 The IP address in red 157.54.88.97 is the sender of this spam email. The IP address in green 196.60.220.216 is your exchange server’s IP address. Note: I am assuming that you only have one exchange server and all emails are received by this server. Once you find the culprit, you can block it from your exchange server: 1. Open EMS, right click SMTP virtual server and choose properties. 2. In Access tab, click Connection button. 3. Select “All except the list below”. Add the culprit’s IP address. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Thanks
Free Windows Admin Tool Kit Click here and download it now
July 30th, 2010 6:32am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics