[ExchangeList] Re: Spam Attack

  • From: "Dan Crain" <DanC@xxxxxxxxxxxx>
  • To: <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 18 Oct 2007 15:21:02 -0400

Thanks Simon..got it fixed.


From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Simon Butler
Sent: Thursday, October 18, 2007 1:36 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: Spam Attack

Depends what sort of attack it is. 
Sounds like an NDR attack. Therefore the first thing you should do is
turn off the option on the SMTP virtual server to receive a copy of
NDRs. That is usually a waste of time anyway. 
You haven't said which version of Exchange it is, if it is Exchange 2003
or higher you should enable recipient filtering. 
If there are messages in the queues, then you will need to clean them
Take a look at my spam cleanup article:
Simon Butler
MVP: Exchange, MCSE
Amset IT Solutions Ltd.

e: simon@xxxxxxxxxxx
w: www.amset.co.uk
w: www.amset.info

Need cheap certificates for Exchange, compatible with Windows Mobile
Go to http://www.certificatesforexchange.com/ for certificates for just
$20 a year. 


From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Dan Crain
Sent: 18 October 2007 17:21
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Spam Attack

Woke up today to find my phone downloading 5000 system administrator
messages so I naturally assumed spam attack.
Checked my isa logs to make sure it was coming from outside the company
and sure enough they are from a range of ip addresses which appear to be
168.95.6.xxx and 168.95.4.xxx the whole range
Right now I've been deleting the emails by stopping the smtp queue and
deleting the emails from the folder.
My question is, how do I stop this? This is the first time I've had this
done to my server. 
Any help would be great...thanks,
Daniel A. Crain
Systems Administrator
Dean, Ringers, Morgan & Lawton, P.A.
201 East Pine Street, Suite 1200
Orlando, FL 32801
Phone: 407-422-4310

NOTE: The information contained in this message may be privileged and
confidential and protected from disclosure. If the reader of this
message is not the intended recipient, or an employee or agent
responsible for delivering this message to the intended recipient, you
are hereby notified that any dissemination, distribution or copying of
this communication is strictly prohibited. If you have received this
message in error, please notify Dan Crain at DanC@xxxxxxxxxxxx
immediately by replying to the message and deleting it from your
computer. Thank you.

Other related posts: