Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Am I Relaying Spam?

Status
Not open for further replies.
Barnacle

Barnacle

MIS
Jan 15, 2003
70
US
I am getting about 50 messages a day in the Administrator account, both inbound and outbound mail failures that all seem to relate to SPAM messages.

I have done the Spam Relaying test, the one where you telnet into the Exchange Server and type Helo Me, Mail From: Rcpt To:, etc... It comes back saying as "Relaying is Prohibited". We are using XWALL (if that matters).

When I open Internet Mail Service in Exchange under Outbound Messages Awaiting Delivery I see listings apparently related to the SPAM messages. There are 4 Hosts listed right now. An example is under Destination Host it says &quot;bottlefil.net&quot; and Originator says &quot;<>&quot;. I have deleted these types of listings before only to have them return!

What is going on here and how do I stop it?

Thanks!
 
Sort by date Sort by votes
As I understand it, mail in the outbound queue from &quot;<>&quot; is generated by your email server...it does not have an originator to prevent mail from bouncing back and forth forever when you receive a bad email address that originated from a fake address. There isn't much you can do about those, but I heard exchange2003 handles that better.

Make sure your local and domain guest accounts are disabled on your exchange server. Sometimes that account can be used to send spam.

Also check the routing restrictions button under the routing tab of the Internet Mail Service connector (in the exchange administrator). Have the first three check boxes checked.

 
Upvote 0 Downvote
Turn of your notifications in your Exchange Admin. If these are on then what your see is your Exchange Server trying to reply and send an NDR to the SPAMMER that sent email to an address that doesn't exist on your domain.


Dev
 
Upvote 0 Downvote
So, these messages are a result of people who are trying to spam us from the outside, not a result of relaying spam?

Should I turn off ALL notifications? There are 5 or 6 choices of what to allow in Notifications.
 
Upvote 0 Downvote
Messages that have an originator are system messages, probably NDRs because your server can't deliver the spam, as devastrator says. I turn off all the notifications except for 'multiple matches for an email address', which I figure I'd want to know about.
 
Upvote 0 Downvote
That last posting should read:

Messages that have an <> originator are system messages, probably NDRs because your server can't deliver the spam, as devastator says. I turn off all the notifications except for 'multiple matches for an email address', which I figure I'd want to know about.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
3K
DrB0b
DrB0b
PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
3K
PatrickRoggers
PatrickRoggers
microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
3K
microsGuy16
microsGuy16
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove &quot;✉&quot; icon when it appears in a subject title from a supplier
Replies
0
Views
3K
Brent Fletcher
Brent Fletcher
DrB0b
  • Locked
  • Question
Moved to 365 in cloud, cannot get iPhones default mail app to connect
Replies
2
Views
3K
Priyanka_Chauhan
Priyanka_Chauhan

Part and Inventory Search

Sponsor

Back
Top