BadMail and Queue, how to stop virus/attack?
Posted on 2007-11-27
Our email is hosted on a Win2K server/Win2k Exchange Server. About 5 days ago the store.exe and inetpub.exe began to use up so much memory that no one was allowed to receive email. Our server's hard drive space then filled up. I cleaned up some old data and rebooted the server but then it happened again.
I now see that in the Badmail folder there are so many emails that I can't open it. Also, in the Queue new spam(?) emails keep appearing from the Navy Credit Union with no receipient (I imagine it gets moved to Badmail). Is there a virus on this server (doesn't come back with one after being searched by Symantec)? Is there someone inside the organization that has to have a virus that is causing this? Can it be someone from the outside? Our firewall currently allows all SMTP traffic (just got a new firewall a couple of months ago, I've been slow to add our old SMTP rules due to how strange it is with NAT). Do I just need to update the firewall to accept from only our spam filtering company?
I'm guessing that will help. Additional question to help me...is Queue showing emails that are coming into the domain or that are leaving? It seems like coming into, but I just need some clarification. Thanks.