mzanlongo
asked on
Spam from Windows 2008, MailEnable and Plesk 10.4
Hi,
I´ve a spam problem on one Windows 2008 server using plesk and mailenable, a huge amount of e-mails are being sent from localhost, localhost is allowed to relay.
The spamming proccess connecting to mailenable have PID 0, how should I do to find which scripts are the responsible for sending these e-mails?
I hope you could shed some light on this.
Thanks
Martín
I´ve a spam problem on one Windows 2008 server using plesk and mailenable, a huge amount of e-mails are being sent from localhost, localhost is allowed to relay.
The spamming proccess connecting to mailenable have PID 0, how should I do to find which scripts are the responsible for sending these e-mails?
I hope you could shed some light on this.
Thanks
Martín
ASKER
Hello, thanks for your answer.
If I do a netstat -n -p tcp -o during the spam event I can see the PID 0 connecting a lot of times to the port 25 (smtp), I knew the PID 0 is the IDLE process... I just want to know how to trace the process behind PID 0, maybe svchost or something else.
Martín
If I do a netstat -n -p tcp -o during the spam event I can see the PID 0 connecting a lot of times to the port 25 (smtp), I knew the PID 0 is the IDLE process... I just want to know how to trace the process behind PID 0, maybe svchost or something else.
Martín
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.mailenable.com/features/anti-spam.asp
There are log to check
http://www.mailenable.com/kb/content/view.asp?ID=ME020280
Some useful tools to trace down further, pls see this http://www.mailenable.com/kb/Content/Article.asp?ID=me020168
Probably also check AV log and event viewer for any errors.