Hijacknig our email server
Posted on 2009-05-12
Our email server continues to be abused by something I can't identify. We have Exchange 2003. When I look at the Queue I see thousands of domains queued. We've had this happen twice before. I followed a link provided to me by TigerMatt ( I believe) that made sure we aren't an open relay and it showed how to create a connector to clean out all the unwanted junk. And that worked.
The problem is it keeps happening. We aren't open for relay. I don't see how our server is being compromised. When using Find Messages in the Queue, it shows the sender as "Lloyds TSB Bank". Previously it was some other bank. and the receipient addresses are AOL or Hotmail and others
How do I stop this junk from filling the queue? I hope we didn't try to send it all out again...