none
Block sending spam trough exchange server 2003

    Question

  • How to block relay sending spam ... I want be able to receive emails from internet but sending emails over the internet only from users that are in intranet, because someone is sending spam trough my server. My ISP announced me that they will block my IP address .. so I have to do something urgently! 
    • Edited by xD90europe Monday, January 23, 2012 12:58 PM
    Monday, January 23, 2012 12:49 PM

Answers

  • How to block relay sending spam ... I want be able to receive emails from internet but sending emails over the internet only from users that are in intranet, because someone is sending spam trough my server. My ISP announced me that they will block my IP address .. so I have to do something urgently! 


    Most probably your exchange was configured as an "open relay" so allowing anyone to send emails through it and, if (as I strongly suspect) this is the case, then your ISP is correct in doing what you wrote (blocking you if you won't reconfigure your mailserver) since an open relay won't just damage you, given that it may/will quickly get blacklisted (so won't be able to send out any email at all), but will also damage others receiving undesired/unrequested junk messages sent through your server and will also damage your ISP reputation.

    To fix the issue, start by reading this, this and this and understanding and carefully following the directions; done that, check that your exchange isn't an open relay anymore by using this online tool and, if that's not the case, revise your config and retest the server; at that point, once the relay issue will be fixed, you'll also want to ensure to filter incoming junk since otherwise your server may still generate bounces and/or allow malware/phishing to reach your users and cause other junk to go out from your server; for such a task, I suggest you to read this and this and proceed configuring the exchange junk filter to cut off junk emails; once all the above will be ok (and NOT before it) you may then go on and use this site to check if the public IP of your mailserver is listed by some DNSBL and, if that's the case, to go on and request its removal but be warned, requesting blacklist removal WITHOUT fixing the server config may/will cause future removal requests to be rejected so, do NOT request removal from blacklist if you didn't fix and verify your config.

    HTH

     



    • Edited by ObiWan Monday, January 23, 2012 3:03 PM
    • Marked as answer by xD90europe Monday, January 23, 2012 3:31 PM
    Monday, January 23, 2012 2:59 PM

All replies

  • How to block relay sending spam ... I want be able to receive emails from internet but sending emails over the internet only from users that are in intranet, because someone is sending spam trough my server. My ISP announced me that they will block my IP address .. so I have to do something urgently! 


    Most probably your exchange was configured as an "open relay" so allowing anyone to send emails through it and, if (as I strongly suspect) this is the case, then your ISP is correct in doing what you wrote (blocking you if you won't reconfigure your mailserver) since an open relay won't just damage you, given that it may/will quickly get blacklisted (so won't be able to send out any email at all), but will also damage others receiving undesired/unrequested junk messages sent through your server and will also damage your ISP reputation.

    To fix the issue, start by reading this, this and this and understanding and carefully following the directions; done that, check that your exchange isn't an open relay anymore by using this online tool and, if that's not the case, revise your config and retest the server; at that point, once the relay issue will be fixed, you'll also want to ensure to filter incoming junk since otherwise your server may still generate bounces and/or allow malware/phishing to reach your users and cause other junk to go out from your server; for such a task, I suggest you to read this and this and proceed configuring the exchange junk filter to cut off junk emails; once all the above will be ok (and NOT before it) you may then go on and use this site to check if the public IP of your mailserver is listed by some DNSBL and, if that's the case, to go on and request its removal but be warned, requesting blacklist removal WITHOUT fixing the server config may/will cause future removal requests to be rejected so, do NOT request removal from blacklist if you didn't fix and verify your config.

    HTH

     



    • Edited by ObiWan Monday, January 23, 2012 3:03 PM
    • Marked as answer by xD90europe Monday, January 23, 2012 3:31 PM
    Monday, January 23, 2012 2:59 PM
  •  Solved!

    Thanks ObiWan(MCC)

    Daniel
    Monday, January 23, 2012 3:32 PM
  •  Solved!

    Please, add some more details; they will help others with your same issue to find an answer; giving few or no feedback isn't a good way to contribute to these forums, so, please and again, explain how you solved the issue and what caused it.

     

    Monday, January 23, 2012 3:41 PM
  • What I did:

    > I have added to "Relay Permission and settings" a new group "ANONYMOUS LOGON" and I set deny for submit and relay. Than I changed AUTHENTICATED USER relay setting from allow to deny

    I have to see the final results this night ... That virus will be active again ...

    • Marked as answer by xD90europe Monday, January 23, 2012 8:43 PM
    • Unmarked as answer by xD90europe Monday, January 23, 2012 8:43 PM
    • Marked as answer by xD90europe Monday, January 23, 2012 8:43 PM
    • Unmarked as answer by xD90europe Wednesday, January 25, 2012 12:23 PM
    Monday, January 23, 2012 5:40 PM
  • What I did:

    > I have added to "Relay Permission and settings" a new group "ANONYMOUS LOGON" and I set deny for submit and relay. Than I changed AUTHENTICATED USER relay setting from allow to deny

    I have to see the final results this night ... That virus will be active again ...


    This is NOT a solution; you just applied a band-aid but didn't solve the issue; if you have active malware running on your network, you'd better go on and clean up the compromised systems, otherwise the issue will come back over and over again
    Tuesday, January 24, 2012 9:14 AM