Spambot Issue

Hello Experts,

I am currently facing a major issue with spam emails. My server/ users are sending out a great no of spam emails to other companies. This is causing a major issue as our domain is getting blocked by important clients.

I have done a through scan on all the computers and servers and found few Adwares on few computers. I am using sophos anti virus and dns exit to relay my smtp. Over the weekend this particular user sent out 750 emails and exceeded my relay limit. I went over the weekend to see what was going and found out that user's PC was shut down. Does this mean the Exchange is infected?

Please shed some light on this matter as I am running out of options.

Thank you in advance for your help.
Aswad GhaziAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Simon Butler (Sembee)ConsultantCommented:
The most likely cause is that one of the user accounts has been compromised and the server is being abused.
My article on this problem will help you clean up and secure the server:

I don't think IMF is going to help here, as the email is probably authenticated. While it should be enabled, it is close to useless in my opinion.

I QasmiTechnical LeadCommented:
The very first thing you have to do is check whether IMF ( intelligent message filtering) is enabled on the server or not. If it is not enabled on the SMTP virtual server  then enable it there as well as on Global settings message delivery message delivery options add the spam senders email id and its domain name to the blocked list and then  stop the SMTP service rename the message delivery queue and then restart the SMTP service again.

the best thing i suggest is download the IMF Guide from microsoft and refer to the option

configuring IMF (intelligent message filtering) in detail

alternatively you can check these articles :
Nick RhodeIT DirectorCommented:
The most likely cause is that one of the user accounts has been compromised and the server is being abused.

User sent out a bunch of email and the system was down, I would definetly change the password of that specific user to see if the emails die down.  As stated by simon the account could be comprimised so that users account is being used as a relay.  This issue is common for users with weak passwords.
I QasmiTechnical LeadCommented:
Yes the best thing you can do is change the password for that specific user also thoroughly check the system he is using for virus , spyware , adware, trojan etc and then also if the issue is not resolved and then disable the user and assign a new user account to the specific affected user.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.