We are moving mailboxes to another database in Exchange Server. It's always good to keep…
Nobody likes to see the Exchange Server sending spam. If you have never seen this situation, you are lucky. Hopefully, you will never have to see this, as this can bring a lot of stress and damage to the organization. The ISP will block you from sending emails, and emails will start to deliver to the recipient’s spam folder. In this article, you will learn the steps that you can take to stop the Exchange Server from sending spam.
Table of contents
A company was receiving and sending spam messages for weeks. They tried a lot, but it kept sending spam whatever they did. So finally, I was asked if I could have a look into the Exchange Server organization and solve the spam once and for all.
Below are the steps that will help you stop the Exchange Server organization from sending and receiving spam.
Get the best spam filter
This is the most crucial part and the first what you should look into. Look if the spam filter is correctly configured. If not, get a good spam filter and configure that as soon as possible.
Note: The spam filter will help you filter and monitor incoming and outgoing messages. You can identify where the spam messages come from.
I only recommend the SpamBull spam filter:
- Easy to use
- Cloud-based (no downtime)
- All updates are taken care off
- Incoming and outgoing filtering
- Create automatic reports
- Monitor all incoming and outgoing messages
- No need to spin up a dedicated machine for hygiene solution
Go through the below SpamBull documentation to set incoming and outgoing filtering:
- Add domain
- Set up MX records (incoming filtering)
- Create outgoing user
- Set up smart host (outgoing filtering)
Configure firewall ports
There are incoming and outgoing ports for mail flow. Let’s look at the best way to configure the ports for mail flow protection.
Inbound firewall port
Only allow port 25 from spam filter to Exchange Server. So if you check port 25 from the internet, it should show that it’s closed. Except, when you check port 25 from the spam filter, it should make a connection to the Exchange Server.
- Go to Open port Check Tool
- Enter the Exchange Server public IP address and port 25
- Click on Check
It will show that port 25 is closed from the outside world.
- Sign in to the SpamBull admin center
- Click on the domain
- Select Continuity > Network tools > SMTP
- Fill in the Exchange Server Hostname
- Click Run
It will show that Exchange Server on port 25 is reachable from the spam filter.
Outbound firewall port
Only allow port 587 from Exchange Server to the spam filter. This means that you have to configure the send connector on port 587. Port 25 is blocked for everyone else on LAN (internal) to WAN (outside world).
Every mail needs to go through the Exchange Server to the spam filter, and then it will arrive in the recipient’s mail server and, as of last, in the recipient’s mailbox.
Note: I recommend to block port 25 from LAN > WAN in the firewall. This will restrict outgoing mail to stop scammers and malware from sending mail from your IP address. Configure the send connector to use port 587.
Run the Test-NetConnection cmdlet to ensure that outgoing port 25 is blocked and outgoing port 587 is allowed to the spam filter:
- Run PowerShell as administrator
- Enter the SpamBull SMTP host (redacted), including port 25
The TcpTestSucceeded in the output shows False.
PS C:\> Test-NetConnection smtp.*********.com -Port 25 ComputerName : smtp.*********.com RemoteAddress : 18.104.22.168 RemotePort : 25 InterfaceAlias : Network 192x SourceAddress : 192.168.1.52 TcpTestSucceeded : False
Change the port to 587 and run the command.
The TcpTestSucceeded in the output shows True.
PS C:\> Test-NetConnection smtp.*********.com -Port 587 ComputerName : smtp.*********.com RemoteAddress : 22.214.171.124 RemotePort : 587 InterfaceAlias : Network 192x SourceAddress : 192.168.1.52 TcpTestSucceeded : True
The RemoteAddress in the output can change because the SpamBull spam filter has hundreds of servers deployed in the cloud to protect your domain from spam.
Protect domain with SPF, DKIM, and DMARC
You must have the following three records set up on each domain for maximum protection:
An excellent way to check that SPF, DKIM, and DMARC are set up on the domain is to use DMARC Domain Checker. Fill in the domain and check the results.
This is the result if your domain is not protected against abuse by phishers and spammers.
This is the result when your domain is protected against abuse by phishers and spammers.
Run Exchange health checker script
Run Exchange Server health check with PowerShell script and see if there are any errors or warnings. If so, fix the errors and warnings.
Update Exchange Server
Always keep your Exchange Server up to date. This means that you need to:
Run security scan on Exchange Server
Start Windows Defender and run a scan. Suppose you have a third-party antivirus/security product, do run that. If there are threats found, inspect and clean them.
You learned how to stop Exchange Server from sending spam. It’s important that you carefully go through all the steps. Ensure that the Exchange Server is up to date with the latest Cumulative Update and run a security scan.
Check that you have an excellent spam filter to protect the organization from sending and receiving spam messages. Configure the firewall ports to only communicate with the spam filter and only use incoming on port 25 and outgoing on port 587. Set up SPF, DKIM, and DMARC records to protect the domain.
In my scenario, a mailbox account was compromised, and sending spam to external recipients. Unfortunately, the spam filter that was running was not that great, and it didn’t provide precise monitoring of what was happening. Changing the spam filter with the SpamBull cloud-based spam filter showed me instantly which mailbox was sending spam.
Did you enjoy this article? You may also like Exchange SMTP high availability with Kemp load balancer. Don’t forget to follow us and share this article.