Worst Nightmare : Internal SMTP server compromised - sending spam - now blacklisted
Posted on 2011-03-23
Please post, but realize I shut down my inbound mail for the time being.
I have and Exchange FE/BE setup. My FE is inbound mail only until today(or yesterday) it has been compromised and is sending out THOUSANDS of spam as Mike Morris <email@example.com>
I suspect a PC compromise found my SMTP server and is sending off it. I have 1000+ messages queued with my outbound mail currently disabled.
My IP has been blacklisted by SORBS and Barracuda. I have scanned my network with ESET NOD 32 v4.2 to no avail.
I need help determining the potential source.
If you can help please send a note to buffsr1 at gmail dot com