smtp / exchange exploited
Posted on 2009-05-11
I have a small business server running exchange 2003 sp2. I know the server is exploited as I can see outbout port 25 traffic moving from the server through the firewall. It has been directing this traffic to an ISP in Las Vegas *.somecaptain.com. There are NO entries in the exchage queues bound for such a domain. The queues are backing up terribly because of this traffic and I need the email to flow.
If someone could just point me to some tools to dig into the smtp service a bit, I think I can probably find the problem, but I'm just not sure where to start.
I'm bleary-eyed and should probably provide some more detail, but i need a break and will check back here in a bit