• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 237
  • Last Modified:

Spambot Issue

Hello Experts,

I am currently facing a major issue with spam emails. My server/ users are sending out a great no of spam emails to other companies. This is causing a major issue as our domain is getting blocked by important clients.

I have done a through scan on all the computers and servers and found few Adwares on few computers. I am using sophos anti virus and dns exit to relay my smtp. Over the weekend this particular user sent out 750 emails and exceeded my relay limit. I went over the weekend to see what was going and found out that user's PC was shut down. Does this mean the Exchange is infected?

Please shed some light on this matter as I am running out of options.

Thank you in advance for your help.
Aswad Ghazi
Aswad Ghazi
  • 3
2 Solutions
Simon Butler (Sembee)ConsultantCommented:
The most likely cause is that one of the user accounts has been compromised and the server is being abused.
My article on this problem will help you clean up and secure the server:


I don't think IMF is going to help here, as the email is probably authenticated. While it should be enabled, it is close to useless in my opinion.

I QasmiCommented:
The very first thing you have to do is check whether IMF ( intelligent message filtering) is enabled on the server or not. If it is not enabled on the SMTP virtual server  then enable it there as well as on Global settings message delivery message delivery options add the spam senders email id and its domain name to the blocked list and then  stop the SMTP service rename the message delivery queue and then restart the SMTP service again.

the best thing i suggest is download the IMF Guide from microsoft and refer to the option

configuring IMF (intelligent message filtering) in detail


alternatively you can check these articles :


Nick RhodeIT DirectorCommented:
The most likely cause is that one of the user accounts has been compromised and the server is being abused.

User sent out a bunch of email and the system was down, I would definetly change the password of that specific user to see if the emails die down.  As stated by simon the account could be comprimised so that users account is being used as a relay.  This issue is common for users with weak passwords.
I QasmiCommented:
Yes the best thing you can do is change the password for that specific user also thoroughly check the system he is using for virus , spyware , adware, trojan etc and then also if the issue is not resolved and then disable the user and assign a new user account to the specific affected user.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now