Solved

Exchange 2003 sending massive amounts of SPAM

Posted on 2011-09-20
3
281 Views
Last Modified: 2012-05-12
I have a client with an old SBS 03 box. They are the type that only calls when something is totally broken. So they call and cant login. When I go onsite I kind the server mostly locked up and stating it cant write to a log file. I tried to login at the console but it fails to create the profile files and goes back to CTRL+alt+delete. So I had to hard power it. RAID looks healthy, etc. I noticed it drills the scsi drives constantly even after a reboot. It only has about 1.4GB free on C because the partition is only 12GB. I noticed in Exchange Queues there are over 5000+ messages waiting to send to all different domains. The from is listed as some yahoo.hk account and the to is to semi legit looking domains and sites. The outbound queue gets bigger hundreds per minute even with it off the network. So far a viru scan is comming back clean, what might be happening? I turned on authentication logging in case an account was compromised, and I dont get any new event in the application log. I also told it to only accept mail from their spam filtering appliance, and turned the sender filter on. I also turned on logging for the whole exchange system and its log file grows insanely fast showing all of the outbound crap. I have an image based backup and a virus scan, whats the next step?
0
Comment
Question by:borgmember
3 Comments
 
LVL 4

Expert Comment

by:ctc1900
ID: 36569607
Check your SMTP logs and see if there is a client somwhere around there SPAMING through that Exchange system
0
 
LVL 34

Accepted Solution

by:
Shreedhar Ette earned 500 total points
ID: 36570668
0
 

Author Closing Comment

by:borgmember
ID: 36575135
I enabled the suggestions. I think it was a one time attack over 2 days. There was close to 100K messages in the outbound queue and I think that was too much for the old 1GB of RAM server to handle. Once I deleted all of that messages it has been fine since.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now