Exchange Server on SBS 2003: spam problem

T

tripex

Gawd
Joined
Jun 8, 2002
Messages
854
Hello my friends,

I'm looking for some help, as usual :)

I have a server:

* SBS 2003 Premium SP2 server
* Exchange 2003 with SP2 - IMF is enabled.
* ISA Server


I'm having a annoying spam issue where one of my users keep getting emails from his own address. These emails keep coming in and i dont know how to block them. I've checked the headers and they always come from different international servers.

Can anyone shed some light into this?
 
Here's what i did so far.

I went to Message Delivery / Sender Filtering and added my domain name there.
I read about this on another site so I just put *@mydomain.com in the list of addresses to deny since we should never be getting anything from @mydomain.com from anything other than the Exchange server itself.

In fact this worked and the spam stopped coming in!


But then i noticed most emails (if not all) were not going out! :(

For every sent item, a message from the Administrator came in:
Subject: Delivery Status Notification (Delay)

This is an automatically generated Delivery Status Notification.

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipients has been delayed.

[email protected]
Click to expand...

So i checked the Exchange Queue and the messages were there. Forcing them to go had no successful results until i removed the Sender Filtering.

Now everything seems normal but i suspect the spam is coming back very soon.
 
tripex said:
I'm having a annoying spam issue where one of my users keep getting emails from his own address. These emails keep coming in and i dont know how to block them. I've checked the headers and they always come from different international servers.

Can anyone shed some light into this?
Click to expand...
Make sure the users remove their own email address from outlook contacts. Email from yourself is automatically white listed, regardless of contents. We just went through this a month ago.
 
Outlook contacts.. ok ill check that.

What about Exchange contacts?

I wont remove the address from there.
 
tripex said:
i heard about SPF.

Can anyone help me with this?
Click to expand...

http://www.msexchange.org/articles/SPF-support-Exchange-freeware.html

Is your Exchange server open and receiving e-mail directly? Or do you run it through an SMTP smart host? (like Postini or Appriver). All my clients..most of which are on SBS, I have their Exchange running through a smart host, never ever doing direct receive/direct send. You get to avoid all of these many headaches, and keep your Exchange more secure.

You may find more luck moving this thread to the Networking/Security forum, where more "network admins" hang out.
 
ORF spam filter by Vamsoft is only $240 to buy (unlimited mailboxes) and $99 a year for maintenance (new versions).

They have an article on how to address the self sending spam issue using their software.

We don't mess with any of the built in spam filtering offered by Exchange because this software is far easier to configure, maintain, and update.
 
I forgot to update this thread but in fact i solved this problem...

What i did was to update my domain with this TXT record:

< v=spf1 mx a a:smtp.isp.com ~all >

smtp.isp.com being the smtp server of my ISP (I'm not using the direct way of delivering mail atm).


This has decreased spam in 95% !!

Some spam mails still come in, i dont know why but its only a couple per day so i'm not worried because before i had like 50.

Thank you guys.
 
You must log in or register to reply here.
Back
Top