So i came across my HD space getting full too quickly and after doing some inspecting with wireshark and powershell. It seems my email server is being used as a relay for spam.
- I closed port 25 on my firewall suspecting the spam was external but the queue kept filling up.
- I ran wireshark and filtered ports 25,587 and 465 to see if any other device on the network was sending emails to my server but i did not see any external traffic coming into the server.
- Ran TCP dump on the only 2 linux machines i have for the same ports and did not see any traffic as well.
right now im currently running virus scans on my exchange server to see if it somehow got infected. But the queue keeps sending emails to some domain called "desmondelliottprize.org.uk"
Is there any way i can block messages to a domain in ECP from sending or reaching the queue? I need to figure out what is spamming my server but in the mean time i figure i block it temporarily while i get it fixed so my IP doesn't get blacklisted.
If anyone has a similar issue in the future.
i ran
get-queuein EMC which provided me the "NextHopDomain". So in order to stop these messages from reaching and spamming the queue, i created a mail flow rule to reject/delete any messages containing that domain in the sender/recipient address. That seemed to stop the queue from filling up. But now im going to be running virus scans on my server. But other than that, it helped for now.Now the queue is clean
Thanks for your sharing, and i'm glad you have resolved your issue.
In addition, you could configure spam filter policies when your environment is in exchange online, refer to this article and hope this help. If you are in exchange on premise, transport rule is also a good choice:)
It is helpful to other people who encounters the same issue with you if you mark the helpful reply as best answer.