Solved

Exchange 2003 sending massive amounts of SPAM

Posted on 2011-09-20
3
289 Views
Last Modified: 2012-05-12
I have a client with an old SBS 03 box. They are the type that only calls when something is totally broken. So they call and cant login. When I go onsite I kind the server mostly locked up and stating it cant write to a log file. I tried to login at the console but it fails to create the profile files and goes back to CTRL+alt+delete. So I had to hard power it. RAID looks healthy, etc. I noticed it drills the scsi drives constantly even after a reboot. It only has about 1.4GB free on C because the partition is only 12GB. I noticed in Exchange Queues there are over 5000+ messages waiting to send to all different domains. The from is listed as some yahoo.hk account and the to is to semi legit looking domains and sites. The outbound queue gets bigger hundreds per minute even with it off the network. So far a viru scan is comming back clean, what might be happening? I turned on authentication logging in case an account was compromised, and I dont get any new event in the application log. I also told it to only accept mail from their spam filtering appliance, and turned the sender filter on. I also turned on logging for the whole exchange system and its log file grows insanely fast showing all of the outbound crap. I have an image based backup and a virus scan, whats the next step?
0
Comment
Question by:borgmember
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 4

Expert Comment

by:ctc1900
ID: 36569607
Check your SMTP logs and see if there is a client somwhere around there SPAMING through that Exchange system
0
 
LVL 34

Accepted Solution

by:
Shreedhar Ette earned 500 total points
ID: 36570668
0
 

Author Closing Comment

by:borgmember
ID: 36575135
I enabled the suggestions. I think it was a one time attack over 2 days. There was close to 100K messages in the outbound queue and I think that was too much for the old 1GB of RAM server to handle. Once I deleted all of that messages it has been fine since.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question