Can Exchange Server 2003 Service Pack 1 be loaded in safe mode?

I have exchange server loaded as a part of Small Business Server 2003.  I got a denial of service attack which created 700,000 entries in the c:/program files/exchsrvr/mailroot/vsi 1/badmail directory.  I shut down to safe mode to scan for malicious software with the Microsoft Malisious Software detection and removal tool and delete the records in the badmail directory.  I rebooted as administrator so that I could load exchange server 2003 service pack 1 which I understand can take care of the problem.  Problem is that I have the server disconnected from the web and all other machines and the folder is filling up again.  Is this because it had buffered the information before the shutdown or is there still some malicious software out there?  Can I shut down to single user mode and load the sp1?
utahspcAsked:
Who is Participating?
 
SembeeConnect With a Mentor Commented:
The service pack goes straight in. Have you updated the rest of the system? Windows, SBS etc? There is a procedure to go through with updating an SBS Server, it is documented on Microsoft's web site. However where it says to install SP1 you can install SP2.

Simon.

--
If your question has been answered, please remember to accept the answer and close the question.
0
 
SembeeCommented:
You cannot install the service pack in safe mode.
Why are you planning to install Exchange 2003 SP1 and not Exchange 2002 SP2? I would skip the service pack and move straight to SP2.

Another thing that you may want to do is simply stop and disable the Exchange based services. Then restart the server. Change the services back to Automatic but do not start them. Then install the service pack. They will be restarted and the messages processed.
However if you have had an NDR attack then it can take a while for Exchange to process the messages.
Are you also installing the Windows service pack? If so then you should be looking to enable recipient filtering and the tar pit.
http://www.amset.info/exchange/filter-unknown.asp

Simon.

--
If your question has been answered, please remember to accept the answer and close the question.
0
 
utahspcAuthor Commented:
So will Service Pack 2 include all of service pack 1?  I went in and stopped all of the exchange related services and it is still creating emails.  Is that a problem with the answer you provided?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
SembeeCommented:
Did you stop the IIS Services as well? Those are Exchange related. SMTP will continue to process the messages.

Microsoft service packs have been cumulative since NT4, you do not need to install SP1 and then SP2 except in very specific circumstances when using multiple machines.

Simon.

--
If your question has been answered, please remember to accept the answer and close the question.
0
 
utahspcAuthor Commented:
You are correct.  It seems to be the SMTP service that is running amock.
0
 
utahspcAuthor Commented:
Thanks for the last tip.  SMTP was the issue.  I have now disabled the services and rebooted.  I will set them to automatic and load SP2.  When I am finished and the services start, then I assume the system will still need to finish processing through the rest of the emails.  Anything else I should knwo before I start the loading of SP2?
0
 
utahspcAuthor Commented:
I hate to be stupid, but after downloading SP2 and unzipping it how do you install it?  I do not see any kind of executable?
0
 
utahspcAuthor Commented:
I an't believe the fix was this easy.  After loading SP2 it also did something with the smtp queue so that the 800,000 emails quit processing
0
 
SembeeCommented:
Have you updated Windows as well? You should make the changes I outlined in my article linked to above to ensure that you don't have problems in the future.

Simon.

--
If your question has been answered, please remember to accept the answer and close the question.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.