How many clients ? GuidoElia HELPPC _____
Da: Chyka, Robert [mailto:bch...@medaille.edu] Inviato: giovedì 9 aprile 2009 15.16 A: MS-Exchange Admin Issues Oggetto: Unreal...Mail Queue is filling up! Hello, I've been working on this issue since 2:00 yesterday. We have some machines on our network that are compromised and sending or trying to send hundreds of thousands of e-mail to domains overseas. I verified that we are not a open relay and that all of our authentication methods are set right. We are running Exchange 2003 Enterprise on a single server. Here is what I did so far: -Disabled port 25 on the firewall for our mail server to start queue cleanup. -Stopped SMTP on the mail server - set up a new connector called SPAM Cleanup and forwarded all mail going thru this SMTP connector to a fake ip address -I bound the sonnector to the SMTP virtual server -restarted SMTP -cleaned the queue (almost 350,000 messages) -turned logging on for smtp at highest level -found a machine that was compromised by looking at the application log of the mail server -turned it off -had to re-enable our mail server for people to work who are coming in -queues refilled back up Is there a easier way to find the compromised hosts on our internal network so I don't have to take e-mail down? I know taking the server down and doing it that way is the right way, but I will get my butt kicked today. We are currently on 3 Blacklists now Any suggestions are greatly appreciated. -BC ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
