Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2003 sending massive amounts of SPAM

Posted on 2011-09-20
3
Medium Priority
?
290 Views
Last Modified: 2012-05-12
I have a client with an old SBS 03 box. They are the type that only calls when something is totally broken. So they call and cant login. When I go onsite I kind the server mostly locked up and stating it cant write to a log file. I tried to login at the console but it fails to create the profile files and goes back to CTRL+alt+delete. So I had to hard power it. RAID looks healthy, etc. I noticed it drills the scsi drives constantly even after a reboot. It only has about 1.4GB free on C because the partition is only 12GB. I noticed in Exchange Queues there are over 5000+ messages waiting to send to all different domains. The from is listed as some yahoo.hk account and the to is to semi legit looking domains and sites. The outbound queue gets bigger hundreds per minute even with it off the network. So far a viru scan is comming back clean, what might be happening? I turned on authentication logging in case an account was compromised, and I dont get any new event in the application log. I also told it to only accept mail from their spam filtering appliance, and turned the sender filter on. I also turned on logging for the whole exchange system and its log file grows insanely fast showing all of the outbound crap. I have an image based backup and a virus scan, whats the next step?
0
Comment
Question by:borgmember
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 4

Expert Comment

by:ctc1900
ID: 36569607
Check your SMTP logs and see if there is a client somwhere around there SPAMING through that Exchange system
0
 
LVL 34

Accepted Solution

by:
Shreedhar Ette earned 2000 total points
ID: 36570668
0
 

Author Closing Comment

by:borgmember
ID: 36575135
I enabled the suggestions. I think it was a one time attack over 2 days. There was close to 100K messages in the outbound queue and I think that was too much for the old 1GB of RAM server to handle. Once I deleted all of that messages it has been fine since.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question