Are all the latest IIS patches on this box? As I think others have said, it looks like NIMDA. There are several variants of it. I just cleaned one a couple of days ago.
William -----Original Message----- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 20, 2001 12:28 PM To: MS-Exchange Admin Issues Subject: IIS SMTP relay server - Is someone using my relay server? Okay. Here's the low-down. I have an Exchange 5.5 server on the inside interface of our firewall and and IIS SMTP relay server on the DMZ interface of our firewall. This has been running for several months without any problems. Yesterday I reviewed the daily network bandwidth chart for our T1 line out the to internet and found the inbound traffic was WAY higher (my eyes almost popped out of my sockets) than usual. This was highly noticeable in that the inbound traffic continued into the late hours of the night. Normally, after 5pm, network inbound/outbound traffic is dead. I tried figuring out what all of a sudden is causing this increased traffic and am beginning to suspect the IIS SMTP relay box. Performance analysis on the box shows that the CPU utilization is much higher than usual (mainly from inetinfo.exe). After further investigating, I noticed that the c:\inetpub\mailroot\queue directory is suddenly full (1500 messages) of .rtr and .eml files (can someone explain the difference between these?). Not only are there 1500+ .rtr and .eml files in the queue, but the messages themselves are not originating from or destined to whitnall.com (my domain). I'm assuming someone (most of the messages are from hotmail.com accounts and contain PORN links) is using our smtp relay... Can someone please help me address this problem? Not sure how to proceed. Thanks reply here or via email [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
