<div>
PID. 0 normally represent system idle process that never ends, you can see it in process explorer or task mgr...strange though as mailenable has anti spam capability <br />
<a href="http://www.mailenable.com/features/anti-spam.asp" rel="ugc">http://www.mailenable.com/features/anti-spam.asp</a><br />
<br />
There are log to check<br />
<a href="http://www.mailenable.com/kb/content/view.asp?ID=ME020280" rel="ugc">http://www.mailenable.com/kb/content/view.asp?ID=ME020280</a><br />
<br />
Some useful tools to trace down further, pls see this <a href="http://www.mailenable.com/kb/Content/Article.asp?ID=me020168" rel="ugc">http://www.mailenable.com/kb/Content/Article.asp?ID=me020168</a><br />
<br />
Probably also check AV log and event viewer for any errors.
</div>


PID. 0 normally represent system idle process that never ends, you can see it in process explorer or task mgr...strange though as mailenable has anti spam capability
http://www.mailenable.com/features/anti-spam.asp [http://www.mailenable.com/features/anti-spam.asp]

There are log to check
http://www.mailenable.com/kb/content/view.asp?ID=ME020280 [http://www.mailenable.com/kb/content/view.asp?ID=ME020280]

Some useful tools to trace down further, pls see this http://www.mailenable.com/kb/Content/Article.asp?ID=me020168 [http://www.mailenable.com/kb/Content/Article.asp?ID=me020168]

Probably also check AV log and event viewer for any errors.

<div>
Hello, thanks for your answer.<br />
<br />
If I do a netstat -n -p tcp -o during the spam event I can see the PID 0 connecting a lot of times to the port 25 (smtp), I knew the PID 0 is the IDLE process... I just want to know how to trace the process behind PID 0, maybe svchost or something else.<br />
<br />
Martín
</div>


Hello, thanks for your answer.

If I do a netstat -n -p tcp -o during the spam event I can see the PID 0 connecting a lot of times to the port 25 (smtp), I knew the PID 0 is the IDLE process... I just want to know how to trace the process behind PID 0, maybe svchost or something else.

Martín

<div>
<div class="content wysiwyg-content">
Hi,<br />
<br />
I´ve a spam problem on one Windows 2008 server using plesk and mailenable, a huge amount of e-mails are being sent from localhost, localhost is allowed to relay.<br />
<br />
The spamming proccess connecting to mailenable have PID 0, how should I do to find which scripts are the responsible for sending these e-mails?<br />
<br />
I hope you could shed some light on this.<br />
<br />
Thanks<br />
Martín
</div>
</div>


Hi,

I´ve a spam problem on one Windows 2008 server using plesk and mailenable, a huge amount of e-mails are being sent from localhost, localhost is allowed to relay.

The spamming proccess connecting to mailenable have PID 0, how should I do to find which scripts are the responsible for sending these e-mails?

I hope you could shed some light on this.

Thanks
Martín

Spam from Windows 2008, MailEnable and Plesk 10.4

The Microsoft Legacy Operating System topic includes legacy versions of Microsoft operating systems prior to Windows 2000: All versions of MS-DOS and other versions developed for specific manufacturers and Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions, and Windows Mobile.

Microsoft Legacy OS

Within Internet message handling services (MHS), a message transfer agent or mail transfer agent (MTA) or mail relay is software that transfers electronic mail messages from one computer to another using a client–server application architecture. A MTA implements both the client (sending) and server (receiving) portions of the Simple Mail Transfer Protocol (SMTP). The terms mail server, mail exchanger, and MX host may also refer to a computer performing the MTA function. The Domain Name System (DNS) associates a mail server to a domain with mail exchanger (MX) resource records containing the domain name of a host providing MTA services.

Email Servers

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.