This week our IIS SMTP (Internet Information Server, Simple Mail Transfer Protocol) server was compromised and spammers were able to get control of it and started sending spams from all over the world. When the server started running low we found that there are around 100,000 spam mails in the SMTP queue (and similar numbers in the Bad Mail folder). Some of our customers did not get some of their mail delivered. We have since corrected the problem. Some of our customers are using SMTP in IIS to send their emails via OfficeClip Installed Version. I will relate some precautions to be taken in such a situation.
- Always enable the SMTP log in the IIS
- Create an alarm if the SMTP log is becoming too big, too fast
- Set the SMTP port to some higher port number instead of 25
- Make sure that you put the correct IP addresses of the machines in the SMTP Relay settings
- If the SMTP server gets compromised, check all the blacklists and work with your SMTP to get removed from the list.