what happens if you uncheck that box? -Michèle Immigration site: <http://LadySun1969.tripod.com> The Miata is For Sale!!: <http://cgi.ebay.com/ebaymotors/aw-cgi/eBayISAPI.dll?ViewItem&item=598226359 > Tiggercam: <http://www.tiggercam.co.uk> --------------------------------------------------------- Women complain about premenstrual syndrome but I think of it as the only time of the month that I can be myself. * Roseanne ---------------------------------------------------------
-----Original Message----- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 20, 2001 5:01 PM To: MS-Exchange Admin Issues Subject: RE: IIS SMTP relay server - Is someone using my relay server? Okay. I installed Norton Anti Virus Corporate Edition on the server and got the latest virus defs. The only thing turned up was on some files in the BADMAIL subdirectory and that was for the W32.MAGISTR.24876@MM virus. I cleaned those out. Then, I checked to see if I had the MS01-044 Bulletin Patch on the server. I did not... My mistake, I thought it was on there. Anyway, I installed the patch and rebooted. The server came back online and is experiencing the same problem. The queue directory is still receiving tons of emails not originating from my domain and site. Where to go next? The NIMBA virus doesn't seem to be on the system, it has the latest bulletins (cumulative) and the problem still seems to exist. As I mentioned earlier, on the remote domain properties for whitnall.com, the checkbox for Allow Relay *IS* checked and Outbound Security box has No Authentication selected. Any help? Thanks > Are all the latest IIS patches on this box? > > As I think others have said, it looks like NIMDA. There are several > variants of it. I just cleaned one a couple of days ago. > > William > > -----Original Message----- > From: Jesse Rink [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, November 20, 2001 12:28 PM > To: MS-Exchange Admin Issues > Subject: IIS SMTP relay server - Is someone using my relay server? > > > Okay. Here's the low-down. > > I have an Exchange 5.5 server on the inside interface of our firewall and > and IIS SMTP relay server on the DMZ interface of our firewall. This has > been running for several months without any problems. > > Yesterday I reviewed the daily network bandwidth chart for our T1 line out > the to internet and found the inbound traffic was WAY higher (my eyes > almost popped out of my sockets) than usual. This was highly noticeable > in that the inbound traffic continued into the late hours of the night. > Normally, after 5pm, network inbound/outbound traffic is dead. > > I tried figuring out what all of a sudden is causing this increased > traffic and am beginning to suspect the IIS SMTP relay box. Performance > analysis on the box shows that the CPU utilization is much higher than > usual (mainly from inetinfo.exe). After further investigating, I noticed > that the c:\inetpub\mailroot\queue directory is suddenly full (1500 > messages) of .rtr and .eml files (can someone explain the difference > between these?). > > Not only are there 1500+ .rtr and .eml files in the queue, but the > messages themselves are not originating from or destined to whitnall.com > (my domain). > > I'm assuming someone (most of the messages are from hotmail.com accounts > and contain PORN links) is using our smtp relay... > > Can someone please help me address this problem? Not sure how to proceed. > Thanks > > reply here or via email > [EMAIL PROTECTED] > > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
