I am a user of Trend CSM which does a pretty good job of killing viri and spam. You still suffer some traffic/overhead dealing with ndr and directory lookup when you are getting spammed. I have a guide Microsoft Exchange 2003 by William R. Stanek which has some things to reduce some of this hassle. Les Conner, another SBS MVP discovered the same things about the same time I did.
Open the Exchange System Manager and find Global Settings/ Internet Message Formats/Advanced. I do not check the first three boxes and the last three are checked. I do sometimes clear the Allow non-delivery reports when I am doing post attack cleanup. Clearing that box is not RPC compliant so you really should have it checked.
Same general area but go to Message Delivery. I have had a few accounts get blacklisted as spammers because they were trying to send out mass emails. There are programs to help you mass email without looking like a spammer. I’ll list one once I find that program. Go to the defaults page. I set the maximum number of recipients to 100. It works for most. Recipient Filtering tab. I check the Filter recipients not in the directory. Exchange does not waste any more time processing recipeints who are not in Active Directory. I think these messages sit around in the messge queues and eventualy go away. I have not confirmed that theory. You should get a notice that you need to do one more step. Head over to your default virtual server.
In ESM click on Servers\your server name\Prtocols\SMTP\Default SMTP Virtual Server\Right click-Properties\Advanced\Edit and check all three boxes. If you don’t check these boxes that recipient filter for one does not work.
I like to set the FQDN in the Default SMTP Virtual Server. Go to Delivery and Advanced. Sometimes other servers may block email if you do not have this populated with the same record as your MX record. Of course this brings up the question of what happens if your Exchange server is responsible for 2 or more email domains? I do not know that answer. It seems like a silly way to authenticate.
I check make sure that in Default SMPT Virtual Server\Access\Relay that I clear the checkmark for all computers which successfully authenticate. You only need this if you have external users that are sending against your box without using Outlook or OWA. I never have anyone doing this so I clear it always. It reduces the chances of a spammer guessing an account and password and spamming against your server.
Use “strong“ passwords. There is great debate on this but at least try. I like 8 characters and complex. In SBS there is a password wizard. In AD it just a few clicks to enable.
Get your isp to make a reverse dns entry. They should know what this means. AOL and other businesses may only accept email if you have a reverse dns entry. See www.dnsstuff.com for some cool testing tools and more answers.
There are gazillions of articles at Microsoft.
http://support.microsoft.com/?kbid=886208
http://support.microsoft.com/default.aspx?scid=KB;EN-US;324958
mail relay settings Kind of complex article
http://support.microsoft.com/default.aspx?scid=kb;en-us;895853
Telnet to test your port 25
http://support.microsoft.com/default.aspx?scid=kb;en-us;153119
Anti spam for Exchange 2000. I always clear that checkbox that allows authenticated users to relay.
http://support.microsoft.com/default.aspx?scid=kb;en-us;319356
This guy has lots of great articles. Here is one on Mail eXcahnge records.Yes that is typed correctly. Think MX.http://www.petri.co.il/configure_mx_records_for_incoming_smtp_email_traffic.htm
Very nice site! Good work.