SMTP Server Queue get flooded

HI,
I have a client who runs a SBS 2003 SP2 with exchange server 2003 SP2(they have 1 server). They are having problem with mail server being flooded with spam. It sits behind a firewall which has port 25 redirected to the server. After we got the first flow of spam,  we applied filters on recipient, sender amd connection(in the properties of Virtual SMTP). We renamed the queue folder and restarted with a new queue, it worked fine for  a day and we restarted getting another flow of spam (sender: ebay-center@e-bay.com). we recently updated our internet security on all workstations and server and did a full scan ( everything came up clean). What coulfd be the problem, is there a way to trace the orogin of the spam? Any setting that i could check ?

By the way the server is not an open relay.
benhurmxAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
benhurmxConnect With a Mentor Author Commented:
Hi again,

I found out it was a spam attack. One of the passwords is compromised. The attacker was authticating and relaying through the server as an authenticated user . I stopped the relay option for the client domain and for authenticated  users. The problem seems to be fixed.I will be changing all users passowords.

Thanks for all the help
0
 
kamleshgwalaniConnect With a Mentor Commented:
U must get an external resouces, if you are client is ready to buy then go for GFI mail essentials http://www.gfi.com/mes/

More expensive and better SPAM filter - message labs http://www.messagelabs.com/
0
 
benhurmxAuthor Commented:
The SPAM messages are kind of targeting the server( flooding) than the users. Most of these messages are originating from bogus users and targeting users outside the domain, as if it is a server attack. Will the GFI software prevent that ?
0
All Courses

From novice to tech pro — start learning today.