Exchange 2003 SMTP Server Hacked with Auto sending of junk mails.
Posted on 2006-06-19
Help! I am currently facing a huge problems with my Exchange SP-2 2003. Windows 2003 SBS and P-4-3ghz, 1GB RAM, 400GB harddrive.
The Exchange SMTP queue keeps trying to send out junk mails. The Virtual SMTP Server keeps growing in its number of mails like every 100 per second. it used to be 1000 per second until i did the following.
1) Disabled Outgoing SMTP server on router. Isolate external intrusion or spam relay
2) Shutdown all systems in the office.
3) Stop outbound emails: to enable further troubleshooting, otherwise the system will hang as the SMTP will take up too much memory and crash the server
4) Stop Network Interface. The only network interface. To see if its internal or external factors causing the problem.
5) Stop Exchange Services
6) Deleted SMTP virtual server (reduced 1000 per seconds to 100 per seconds)
7) run Ewido scan to remove any known malwares (none found)
8) Updated Trend Micro officescan AV to latest virus def (it was already updated)
9) Netstat doesn’t show any strange behaviours (no known external ports)
10) Went into IIS to stop all running services (freed up more memory)
Running services that takes up most CPU Processes are:
1) Ewido (malware scanner)
2) PBE server (APC UPS Server)
3) DAVCDATA (IIS component)
4) LSASS, Explorer, Taskmgr, SVCHost, InetInfo