Dear all, I have a server apparently spewing out a hoarde of SMTP messages, at least according to the Message Tracking system, which indicates the emails originate from a specific email address.
This is Exchange 2003 by the way: I have checked and the system is not a relay, and only authenticated users are allowed to send. I blocked access for this particular user account to the smtp connector, and changed the password on the user account. When looking in Message Tracking subsequent to making the changes above, the messages are noted, and the last action for each message is Submitted to Categorizer. According to the ISP mails are still coming out, and there is no record of an SMTP server on the packets. netstat outputs also seem like everything is normal, although the output is extensive. The box has been swept by it's local Trend SMEX, and Office Scan, plus two other online scanners. WireShark is not telling me anything exciting, and none of the processes running in task manager seem out of the norm. If this was another authenticated machine on the LAN I would have expected the password change to have put an end to that. Has anyone seen similar, and if so could you kindly point this already bald person in the right direction? Many thanks in advance -- Regards, Clayton [EMAIL PROTECTED] http://alsipius.com ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
