Tag: sbs2003

We run a Small Business Server box and it primarily provides our email via Exchange Server 2003.

Recently, our ISP indicated that our server was relaying or forwarding spam messages. I have tried a number of different things to correct this, and I would like to share a few of the steps of I have taken.

1. Ensure that Exchange SMTP is not acting as an open relay. You can run a test at http://www.spamhelp.org/shopenrelay/
2. Use SMTP Authentication (if you are forwarding mail through an SMTP smart host).
3. Enable Recipient Filtering on the SMTP Virtual Server. Link here. KB Article here.
4. Enable SMTP Tarpit Time. Link here.
5. Enable Connection Filtering on the SMTP Virtual Server. You might use something like the Spamhaus ZEN list to start with.
6. Enable Message Logging (so that you can get an idea of where spam is coming from).
7. Disable Non Delivery Reports (NDRs). How to here.
8. Don’t allow anonymous access to your Default SMTP Server.
9. Run trojan/virus scans on your server and on your Client PCs (including remote Clients).
10. Install and run the Exchange Best Practices Analyzer.

On a slightly unrelated note, some nefarious characters kept trying to login to our server via Remote Desktop. I have defended against these attacks by using a program called 2x SecureRDP. This ‘filters’ incoming RDP connections and stops repetitive RDP attacks before they occure.

I hope some of this information has been useful to you.