• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 581
  • Last Modified:

Exchange SBS 2003 : SMTP Queue Filling Up

I have a client with an  Exchange 2003 SBS running.  Has been in production over 3 years.  In the last week, it appears we have been compromised.  Everyday, when I look at the Queue under Exchange System Manager, there are thousands of messages loaded up going to places in Italy.

We have no open relays that I can see  The only ports open on the firewall are 80, 443, 25, 3389.  My hunch is that a user account  has been compromised and it is his account that is being used.  How can I tell what account is being used to send these messages.

If anyone has additional insight or additional things to check it would be appreciated.

Additional System Info
SBS 2003 R2
Symantec Endpoint  11d
Symantec Mail Security For Exchange 6.0
Broadband connection

ACTIONS ALREADY TAKEN
Clear the Queue as per MS KB324958 (Have done this multiple times to no avail).

Thanks in advance.
0
tech911
Asked:
tech911
  • 2
2 Solutions
 
Alan HardistyCo-OwnerCommented:
Please have a read of my article for this very problem:
http://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/Why-are-my-outbound-queues-filling-up-with-mail-I-didn't-send.html
Make sure that you don't have127.0.0.1 as an allowed relay in your default SMTP Virtual Server Relay settings.
If you need help - please shout.
0
 
Alan HardistyCo-OwnerCommented:
My article advises you how to detect which account is being abused.
0
 
jerrypdCommented:
in SBS, there are reports that show email usage, disk usage, etc.
If you run one of those reports, you will see the user that has been compromised (hopefully).
If the code for the compromise is using their own SMTP server, then it will not show up in this list.
When I had a situation like this, I put wireshark on the system and watched who was connecting to the server via port 25. This pointed me to the user, and then all I needed to do was to change the password.
You could just have all your users change their passwords, which should also fix the problem!
0
 
tech911Author Commented:
Thanks for the great advice.  The article saved me an untold number of hours wading through the web.
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now