Rule out the virus first. Download some type of AV and scan. -----Original Message----- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 20, 2001 2:39 PM To: Exchange Discussions Subject: Re: IIS SMTP relay for Exchange - Is my relay being used by others?
Version 4.0 so the Q article doesn't apply.. Thanks anyway. Is there a comparable Q article for IIS4? Also, I should mention that on my IIS relay box, under the Remote Domain properties, the box labeled "Allow incoming mail to be relayed to this domain" *IS* checked. Not sure why. Would this be the cause? Or would it still be a virus as some are saying? Thanks > What version of IIS? the following article is for IIS 5 > http://support.microsoft.com/support/kb/articles/q310/3/56.asp > > > >From: "Jesse Rink" <[EMAIL PROTECTED]> > >Reply-To: "Exchange Discussions" <[EMAIL PROTECTED]> > >To: "Exchange Discussions" <[EMAIL PROTECTED]> > >Subject: IIS SMTP relay for Exchange - Is my relay being used by others? > >Date: Tue, 20 Nov 2001 14:23:00 -0600 > > > >Okay. Here's the low-down. > > > >I have an Exchange 5.5 server on the inside interface of our firewall and > >and IIS SMTP relay server on the DMZ interface of our firewall. This has > >been running for several months without any problems. > > > >Yesterday I reviewed the daily network bandwidth chart for our T1 line out > >the to internet and found the inbound traffic was WAY higher (my eyes > >almost popped out of my sockets) than usual. This was highly noticeable > >in that the inbound traffic continued into the late hours of the night. > >Normally, after 5pm, network inbound/outbound traffic is dead. > > > >I tried figuring out what all of a sudden is causing this increased > >traffic and am beginning to suspect the IIS SMTP relay box. Performance > >analysis on the box shows that the CPU utilization is much higher than > >usual (mainly from inetinfo.exe). After further investigating, I noticed > >that the c:\inetpub\mailroot\queue directory is suddenly full (1500 > >messages) of .rtr and .eml files (can someone explain the difference > >between these?). > > > >Not only are there 1500+ .rtr and .eml files in the queue, but the > >messages themselves are not originating from or destined to whitnall.com > >(my domain). > > > >I'm assuming someone (most of the messages are from hotmail.com accounts > >and contain PORN links) is using our smtp relay... > > > >Can someone please help me address this problem? Not sure how to proceed. > > Thanks > > > >reply here or via email > >[EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]