My client is running Exchange 5.5 on NT service pack 6a. I just received complaints that people are unable to send outgoing email - in the network is fine, but ougoing doesn't go. So I looked in the IMS outgoing delivery queue and noticed THOUSANDS of awaiting outgoing messages. However, these messages do not originate from any known internal user. Lots of them have this domain "seed.net.tw" and are going to a host I've never seen before. Lots of jarbled characters and actually some asian looking characters. Something looks fishy here.
This screams "spam" to me, but I don't know what to do to stop these outbound mails. I think this is the reason for the users being unable to send mail outside the network.
Last thursday I opened port 25 on the router as I'm about to make some changes to Exchange and how mail is delivered. Could that have triggered an onslaught of this spam? Has someone hacked/hijacked the exchange server?
I have read about some spam/DoS attack called Bluestell that many others have had problems with. It seems that the symptoms are exactly like mine, but I haven't noticed "bluestell" anywhere. Then again, I have not looked hard. I've been trying to clear the queue, but it seems to choke things up.
Any ideas as to how to remedy this?