BadMail and Queue, how to stop virus/attack?

Hello,
Our email is hosted on a Win2K server/Win2k Exchange Server.  About 5 days ago the store.exe and inetpub.exe began to use up so much memory that no one was allowed to receive email.  Our server's hard drive space then filled up.  I cleaned up some old data and rebooted the server but then it happened again.

I now see that in the Badmail folder there are so many emails that I can't open it.  Also, in the Queue new spam(?) emails keep appearing from the Navy Credit Union with no receipient (I imagine it gets moved to Badmail).  Is there a virus on this server (doesn't come back with one after being searched by Symantec)?  Is there someone inside the organization that has to have a virus that is causing this?  Can it be someone from the outside?  Our firewall currently allows all SMTP traffic (just got a new firewall a couple of months ago, I've been slow to add our old SMTP rules due to how strange it is with NAT).  Do I just need to update the firewall to accept from only our spam filtering company?

I'm guessing that will help.  Additional question to help me...is Queue showing emails that are coming into the domain or that are leaving?  It seems like coming into, but I just need some clarification.  Thanks.
youthworksAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
SembeeConnect With a Mentor Commented:
Spammers are very good at hiding themselves, so you will not find any tools as such to find it, only applications to block the email messages they are trying to send to your users or through your server. Blocking messages going through your server is quite easy to do, blocking messages being sent to your users is more difficult.

The tool I use as a primary defence I have already given to you above - Vamsoft ORF. That can do recipient filtering and greylisting which I find will deal with most spam.

Simon.
0
 
youthworksAuthor Commented:
Update:
We are okay right now, but the issue is still there.
The Queue will receive an email(s) that seems to have an SMTP engine of some sorts.  Once that email is in there, other emails are created, maybe an average of 10/sec.  But I can delete a lot of them, and if I stop the SMTP service I can delete them all.  It's good for awhile but then it starts up again.

The memory issue isn't happening as bad, it's really not a big deal.  The big deal is now stopping these emails.

Thanks!
0
 
youthworksAuthor Commented:
also, how do I delete/rename and delete what's in the Badmail folder?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
SembeeCommented:
You can delete the entire badmail folder using SHIFT-DEL. Exchange will recreate it when required.
Unfortunately Exchange 2000 doesn't have much spam protection built in, and I don't think the Symantec product will block the basic - email messages to unknown recipients. To do that you will need to use a third party product that can LDAP lookups. The one I usually suggest is Vamsoft ORF http://www.vamsoft.com/

Microsoft have a tool for dealing with Badmail as well, which you can download from here: http://www.microsoft.com/downloads/details.aspx?FamilyId=782AAF0F-6239-40AD-ADDA-97863D852FF7&displaylang=en

Simon.
0
 
youthworksAuthor Commented:
okay, so I figured out we were getting a "spam attack," from someone in our domain or not I'm not sure.

I changed our open relay settings from allow all authenticated users to just specific internal IPs and the spamming quit going to the Queue and started going straight to Badmail, which is now just receiving a ton of spam.  Is there a way to stop this from happening or to put a size limit on the Badmail folder?  Please remember we are using Win2k server with Exchang2K.

Thanks!
0
 
SembeeCommented:
You have to use the link I have posted above to remove the messages from badmail. Remember badmail is just a copy of the NDRs, and goes down as one of those "nice ideas" Microsoft had with Exchange 2000 (Alongside the M drive). You will need to use a third party tool of some description to protect Exchange 2000, it has no protection of its own.

Simon.
0
 
youthworksAuthor Commented:
great, thanks.

Any idea how to find what is spamming us?  any tools you can recommend?
0
 
youthworksAuthor Commented:
thanks for your help
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.