Exchange 2003 sending massive amounts of SPAM
Posted on 2011-09-20
I have a client with an old SBS 03 box. They are the type that only calls when something is totally broken. So they call and cant login. When I go onsite I kind the server mostly locked up and stating it cant write to a log file. I tried to login at the console but it fails to create the profile files and goes back to CTRL+alt+delete. So I had to hard power it. RAID looks healthy, etc. I noticed it drills the scsi drives constantly even after a reboot. It only has about 1.4GB free on C because the partition is only 12GB. I noticed in Exchange Queues there are over 5000+ messages waiting to send to all different domains. The from is listed as some yahoo.hk account and the to is to semi legit looking domains and sites. The outbound queue gets bigger hundreds per minute even with it off the network. So far a viru scan is comming back clean, what might be happening? I turned on authentication logging in case an account was compromised, and I dont get any new event in the application log. I also told it to only accept mail from their spam filtering appliance, and turned the sender filter on. I also turned on logging for the whole exchange system and its log file grows insanely fast showing all of the outbound crap. I have an image based backup and a virus scan, whats the next step?