Skip to main content

Nobody likes to see the Exchange Server sending spam. If you have never seen this situation, you are lucky. Hopefully, you will never have to see this, as this can bring a lot of stress and damage to the organization. The ISP will block you from sending emails, and emails will start to deliver to the recipient’s spam folder. In this article, you will learn the steps that you can take to stop the Exchange Server from sending spam.


A company was receiving and sending spam messages for weeks. They tried a lot, but it kept sending spam whatever they did. So finally, I was asked if I could have a look into the Exchange Server organization and solve the spam once and for all.

Below are the steps that will help you stop the Exchange Server organization from sending and receiving spam.

Get the best spam filter

This is the most crucial part and the first what you should look into. Look if the spam filter is correctly configured. If not, get a good spam filter and configure that as soon as possible.

Note: The spam filter will help you filter and monitor incoming and outgoing messages. You can identify where the spam messages come from.

I only recommend the SpamBull spam filter:

  • Easy to use
  • Cloud-based (no downtime)
  • All updates are taken care off
  • Incoming and outgoing filtering
  • Create automatic reports
  • Monitor all incoming and outgoing messages
  • No need to spin up a dedicated machine for hygiene solution

Go through the below SpamBull documentation to set incoming and outgoing filtering:

Configure firewall ports

There are incoming and outgoing ports for mail flow. Let’s look at the best way to configure the ports for mail flow protection.

Inbound firewall port

Only allow port 25 from spam filter to Exchange Server. So if you check port 25 from the internet, it should show that it’s closed. Except, when you check port 25 from the spam filter, it should make a connection to the Exchange Server.

  • Go to Open port Check Tool
  • Enter the Exchange Server public IP address and port 25
  • Click on Check

It will show that port 25 is closed from the outside world.

Close port 25 from outbound to inbound except for spam filter
  • Sign in to the SpamBull admin center
  • Click on the domain
  • Select Continuity > Network tools > SMTP
  • Fill in the Exchange Server Hostname
  • Click Run

It will show that Exchange Server on port 25 is reachable from the spam filter.

Stop Exchange Server sending spam port 25 open

Outbound firewall port

Only allow port 587 from Exchange Server to the spam filter. This means that you have to configure the send connector on port 587. Port 25 is blocked for everyone else on LAN (internal) to WAN (outside world).

Every mail needs to go through the Exchange Server to the spam filter, and then it will arrive in the recipient’s mail server and, as of last, in the recipient’s mailbox.

Note: I recommend to block port 25 from LAN > WAN in the firewall. This will restrict outgoing mail to stop scammers and malware from sending mail from your IP address. Configure the send connector to use port 587.

Run the Test-NetConnection cmdlet to ensure that outgoing port 25 is blocked and outgoing port 587 is allowed to the spam filter:

  • Run PowerShell as administrator
  • Enter the SpamBull SMTP host (redacted), including port 25

The TcpTestSucceeded in the output shows False.

PS C:\> Test-NetConnection smtp.*********.com -Port 25

ComputerName     : smtp.*********.com
RemoteAddress    :
RemotePort       : 25
InterfaceAlias   : Network 192x
SourceAddress    :
TcpTestSucceeded : False

Change the port to 587 and run the command.

The TcpTestSucceeded in the output shows True.

PS C:\> Test-NetConnection smtp.*********.com -Port 587

ComputerName     : smtp.*********.com
RemoteAddress    :
RemotePort       : 587
InterfaceAlias   : Network 192x
SourceAddress    :
TcpTestSucceeded : True

The RemoteAddress in the output can change because the SpamBull spam filter has hundreds of servers deployed in the cloud to protect your domain from spam.

Protect domain with SPF, DKIM, and DMARC

You must have the following three records set up on each domain for maximum protection:

An excellent way to check that SPF, DKIM, and DMARC records are set up for the domain is to use DMARC Domain Checker. Fill in the domain and check the results.

This is the result if your domain is not protected against abuse by phishers and spammers.

Stop Exchange Server sending spam not protected

This is the result when your domain is protected against abuse by phishers and spammers.

Stop Exchange Server sending spam protected

After you check the records, we recommend to send an email to CheckTLS and check the report that is sent back to you. The report explains if the SPF, DKIM, and DMARC authentication methods are set up the way they should.

Read more in the article How to check SPF/DKIM/DMARC are correctly set.

Run Exchange health checker script

Run Exchange Server health check with PowerShell script and see if there are any errors or warnings. If so, fix the errors and warnings.

Update Exchange Server

Always keep your Exchange Server up to date. This means that you need to:

  • Install Exchange Cumulative Update
  • Install Exchange Security Update (if there are any)

Run security scan on Exchange Server

Start Windows Defender and run a scan. Suppose you have a third-party antivirus/security product, do run that. If there are threats found, inspect and clean them.

Stop Exchange Server sending spam security scan


You learned how to stop Exchange Server from sending spam. It’s important that you carefully go through all the steps. Ensure that the Exchange Server is up to date with the latest Cumulative Update and run a security scan.

Check that you have an excellent spam filter to protect the organization from sending and receiving spam messages. Configure the firewall ports to only communicate with the spam filter and only use incoming on port 25 and outgoing on port 587. Set up SPF, DKIM, and DMARC records to protect the domain.

In my scenario, a mailbox account was compromised, and sending spam to external recipients. Unfortunately, the spam filter that was running was not that great, and it didn’t provide precise monitoring of what was happening.

Leave a Reply