none
Exchange server sending spam from non-existing domain users RRS feed

  • Question

  • Hi All,

    I searched all over the web but am not able to find the answer.
    Our organization is running an Exchange 2007 server which has worked fine the last years.

    Since this week however we are regularly blacklisted.
    I scanned all PC's and found no malware or virusses.

    In the Queue viewer I see many mails from non-existing users eg gary_xxx@ourdomain.nl
    Our server passes an open-relay check, but apparently it allows any user @ourdomain.nl

    Off course it should only allow real/existing users to send mail.
    How can I fix this?

    Many thanks

    Michel

    Tuesday, February 16, 2016 10:34 AM

Answers

All replies

  • Hello ,

    As you said that there is no open relay in your mail servers , so in that case i would suggest you to have reverse dns check for all the inbound connections from the external world .

    Additionally we need to do a message track in the smart host devices and also in the exchange servers to find out the ip address of the message origination .In case if any of the messages is delivered to the recipients in exchange then you have to analyze the message headers as well.

    Moreover in your smart host you can adjust the filter saying that the external inbound connection from internet with your domain suffix in the From field has to be blocked .

    Finally i would suggest you to provide those SPAM message samples to the Smarthost vendor for analyzation.


    Thanks & Regards S.Nithyanandham

    Tuesday, February 16, 2016 1:22 PM
  • Hi Nithyanandham,

    Thanks for your quick response and tips.
    How should I enable this reverse DNS check?

    And where can I configure the smarthost settings?
    We do not have separate hard-or-software between the internet and the exchange server.

    Many thanks

    Kind regards

    Michel

    Wednesday, February 17, 2016 2:40 PM
  • Hi Michel,

    You can also use Sender Policy Framework (SPF) records to ensure that destination email systems trust messages sent from your domain. It helps prevent spoofing and phishing by verifying the domain name from which email messages are sent.

    More details for your reference:

    Customize an SPF record to validate outbound email sent from your domain

    Managing SPF and reverse DNS in Exchange Server

    Best regards,


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Niko Cheng
    TechNet Community Support

    Thursday, February 18, 2016 9:25 AM
    Moderator