Preventing Outbound Spam in Email Security.cloud

book

Article ID: 161490

calendar_today

Updated On:

Products

Email Security.cloud

Issue/Introduction

You are looking for more information about preventing your system from relaying spam outbound. We notify you if we observe that you have sent out spam emails and the Support team may have already stopped relaying outbound emails from your compromised server. We recommend that you check the following points to help prevent outbound spam relay about outbound email relay and possible outbound mail flow interruption.

 

Resolution

Firewall security
Ensure that inbound connections on port 25 are only accepted from our IPs. The full list list of ranges can be found here: http://images.messagelabs.com/EmailResources/ImplementationGuides/Subnet_IP.pdf
Password security
Ensure that you do not have any test accounts or demonstration accounts with generic or easily guessed passwords.
Guest accounts
Disable guest accounts. (Guest accounts usually have the user name "Guest" and a default password. If you disable the guest accounts, you reduce the risk of an attacker breaking into the system.)
Open relaying in Microsoft Exchange
  1. Open the Microsoft Exchange Manager.
  2. Navigate to the Virtual Server section, Administrative Groups, Servers, (your mail server ), Protocols, SMTP sub-tree.
  3. Click Properties on the Action menu.
  4. Click the Relay tab.
  5. Ensure that the checkbox that is labeled Allow all computers which successfully authenticate to relay, regardless of the list above is NOT checked.
Spamhaus' recommendations
Check http://www.spamhaus.org/ for spam control recommendations.

If your IP has been removed for outbound spam relay, before contacting Support to have it re-enabled, please consider the following:

Mail server log and firewall log
  • Check the logs on your mail server and also on your firewall.
  • Look for any external connections from alien IP addresses or failed logon attempts to the compromised mail server.
Queued spam
Delete any spam from the outbound email queue on your server to prevent your system from being blacklisted once the service is reconnected.