Announcement

Collapse
No announcement yet.

Exchange 2003 unwanted smtp connectors

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2003 unwanted smtp connectors

    I have been experiencing a major problem with Exchange 2003 SP1. I am not configured as a open relay, However I have numerous unwanted SMTP Connectors that continue to connect and send mass amounts of mail from my server. I take the steps to delete the queues but they return immediately. I am not sure if this is related but I am now unable to receive email on the domain dispite all attemps to resolve this issue ( I can connect to the server via telnet and I can send emails and the exchange server and network reports no virus activity) I have also disabled outbound email in an attempt to stop mail from being transmitted. Anyone have clue to what this is? I am stumped. Thanks
    Attached Files

  • #2
    Re: Exchange 2003 unwanted smtp connectors

    1. Follow the next article and verify that your SMTP configurations are OK:
    http://www.msexchange.org/tutorials/MF005.html
    2. Scan your network with AV and Anti spyware - maybe there is a worm or spyware that sends emails from your ORG.
    CNE 5, CCA, MCSE NT4.0-2003, MCSE 2003 messaging, Exchange Server MVP.
    Tzahi Kolber - IT Supervisor
    Polycom Israel.

    Comment


    • #3
      Re: Exchange 2003 unwanted smtp connectors

      I am going to be very naughty now, and send you to my own web site.
      http://www.amset.info/exchange/spam-cleanup.asp

      You need to identify which way the server is being compromised.
      I very much doubt if it is a virus or a trojan, certainly not on your network. You can further verify this by adjusting your firewall to block port 25 traffic for all machines except the Exchange server.

      Simon.
      --
      Simon Butler
      Exchange MVP

      Blog: http://blog.sembee.co.uk/
      More Exchange Content: http://exchange.sembee.info/
      Exchange Resources List: http://exbpa.com/
      In the UK? Hire me: http://www.sembee.co.uk/

      Sembee is a registered trademark, used here with permission.

      Comment


      • #4
        Re: Exchange 2003 unwanted smtp connectors

        Thanks fot the responses. I ran the prescribed fixes and I am not found to be an open relay. Could this be an account that has been compromised and if so How can that be determinedor should I begin to change passwords to users and accounts? Thanks

        Comment


        • #5
          Re: Exchange 2003 unwanted smtp connectors

          I still think that it is very likely that a worm / virus / spyware are sending those emails.
          Have you tried scanning the network with Anti tools for the above?
          CNE 5, CCA, MCSE NT4.0-2003, MCSE 2003 messaging, Exchange Server MVP.
          Tzahi Kolber - IT Supervisor
          Polycom Israel.

          Comment


          • #6
            Re: Exchange 2003 unwanted smtp connectors

            If you suspect that an account has been compromised then the first account I would change the password of is the administrator account. It is the most likely target.

            If you do not have any users sending email with Outlook Express or other POP3/SMTP client then you could turn off authenticated relaying totally.

            I doubt whether it is a worm or a trojan sending the email messages. I haven't seen one yet that uses another SMTP server to send their messages. They all have their own SMTP engine. It would be a stupid trojan writer who went looking for another SMTP server to use - how would they find one and it makes it very easy to spot that there is an infected machine. The last thing that the trojan writers want to do is get noticed.

            Simon.
            --
            Simon Butler
            Exchange MVP

            Blog: http://blog.sembee.co.uk/
            More Exchange Content: http://exchange.sembee.info/
            Exchange Resources List: http://exbpa.com/
            In the UK? Hire me: http://www.sembee.co.uk/

            Sembee is a registered trademark, used here with permission.

            Comment

            Working...
            X