RTV Tools

Monday, July 12, 2010

Fighting Spam on Exchange Server 2003

We run a Small Business Server box and it primarily provides our email via Exchange Server 2003.

Recently, our ISP indicated that our server was relaying or forwarding spam messages. I have tried a number of different things to correct this, and I would like to share a few of the steps of I have taken.

  1. Ensure that Exchange SMTP is not acting as an open relay. You can run a test at http://www.spamhelp.org/shopenrelay/
  2. Use SMTP Authentication (if you are forwarding mail through an SMTP smart host).
  3. Enable Recipient Filtering on the SMTP Virtual Server. Link here. KB Article here.
  4. Enable SMTP Tarpit Time. Link here.
  5. Enable Connection Filtering on the SMTP Virtual Server. You might use something like the Spamhaus ZEN list to start with.
  6. Enable Message Logging (so that you can get an idea of where spam is coming from).
  7. Disable Non Delivery Reports (NDRs). How to here.
  8. Don't allow anonymous access to your Default SMTP Server.
  9. Run trojan/virus scans on your server and on your Client PCs (including remote Clients).
  10. Install and run the Exchange Best Practices Analyzer.

On a slightly unrelated note, some nefarious characters kept trying to login to our server via Remote Desktop. I have defended against these attacks by using a program called 2x SecureRDP. This 'filters' incoming RDP connections and stops repetitive RDP attacks before they occure.

I hope some of this information has been useful to you.

3 comments:

  1. Postfix + amavisd-new + spamassassin + postgrey (with spamhaus). I've never had any problems with unauthorized relaying of spam or incoming spam.

    i still wonder why exchange is used and also how many badly configured exchange servers there are bombarding my smtp. does exchange come with such idiotic default settings that it allows anonymous open relaying?

    ReplyDelete
  2. gr8 article
    i found some question answers on server 2003

    http://winservers.co.in/category/interview-question/

    ReplyDelete
  3. Not sure why you'd go to all this bother when you can go with a hosted solution like Microsoft Exchange online - check it out.. some of their options are as low as 20.00 per user per year and you'd never have to deal with these sorts of issues. Just an idea. It's something I've considered for my own business

    ReplyDelete