Questions about exploited SMTP relay

Home Forums Server Operating Systems Windows Server 2008 / 2008 R2 Questions about exploited SMTP relay

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    batric
    Member
    #164870

    Hello,

    I’m using SmarterMail on Windows Server 2008.

    I changed the SMTP relay from “Nobody” to “Only local users” and in last 2 days I had a large number of outgoing spam messages sent from my server (close to 6.000).

    This has happened in the past, and setting SMTP relay back to “Nobody” has fixed the issue.

    However, this means that I have to use SMTP authentication for every single website from which I want to send emails.

    I have the following questions:

    1. If relay is set to “Only local users”, how is it possible to send emails from domains which are not on my server?
    2. If I use “Nobody” for SMTP relay, it safe to lower the number of seconds for SMTP authentication? The default is 120 seconds, which is way too long.
    3. Any ideas on how these emails are sent? The SMTP relay was still “only local users” and emails were sent from other domains as well (e.g. @refund.co.uk which is a spam domain I think).
    4. Can you please point me to some decent source where I can learn more about this?

    Thank you!

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.