RE: IIS SMTP relay server - Is someone using my relay server?
I should think that you'll have many more complaints if you *DON'T* contain the spam spewing. Might find yourself black-listed, too. Mocked, at the very least. -Michèle Immigration site: http://LadySun1969.tripod.com The Miata is For Sale!!: http://cgi.ebay.com/ebaymotors/aw-cgi/eBayISAPI.dll?ViewItemitem=598226359 Tiggercam: http://www.tiggercam.co.uk - Why not just take scissors and cut out the parts of the tape you want to recover and then run them thru the Coke machine dollar-bill scanner which you've hot-wired into the USB port on your freakin' George Foreman No-Fat Grill and Edge Switch? Jeff Dillon, April 27, 2000 - -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 20, 2001 5:07 PM To: MS-Exchange Admin Issues Subject: RE: IIS SMTP relay server - Is someone using my relay server? Something tells me I tried that when originally setting up the IIS SMTP relay and when the relay box was unchecked, mail was never received in our inboxes. I'd like to try it again, but can't right now as I'm thinking it would cause interuption in our mail service and that would wind up with too many people complaining. Hopefully I can test this off hours soon, but unfortunately it will have to wait until tomorrow as I have to leave early today and can't stick around to try it. what happens if you uncheck that box? -Mich=E8le Immigration site: http://LadySun1969.tripod.com The Miata is For Sale!!: =20 http://cgi.ebay.com/ebaymotors/aw-cgi/eBayISAPI.dll?ViewItemitem=3D598= 226359 Tiggercam: http://www.tiggercam.co.uk - Women complain about premenstrual syndrome but I think of it as the = only time of the month that I can be myself. * Roseanne=20 - -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 20, 2001 5:01 PM To: MS-Exchange Admin Issues Subject: RE: IIS SMTP relay server - Is someone using my relay server? Okay. I installed Norton Anti Virus Corporate Edition on the server and got = the latest virus defs. The only thing turned up was on some files in the BADMAIL subdirectory and that was for the W32.MAGISTR.24876@MM virus. = I cleaned those out. Then, I checked to see if I had the MS01-044 Bulletin Patch on the = server. I did not... My mistake, I thought it was on there. Anyway, I = installed the patch and rebooted. The server came back online and is experiencing the same problem. The queue directory is still receiving tons of emails not originating from = my domain and site. Where to go next? The NIMBA virus doesn't seem to be = on the system, it has the latest bulletins (cumulative) and the problem = still seems to exist. As I mentioned earlier, on the remote domain properties for = whitnall.com, the checkbox for Allow Relay *IS* checked and Outbound Security box has = No Authentication selected. Any help? Thanks Are all the latest IIS patches on this box? =20 As I think others have said, it looks like NIMDA. There are several variants of it. I just cleaned one a couple of days ago. =20 William =20 -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 20, 2001 12:28 PM To: MS-Exchange Admin Issues Subject: IIS SMTP relay server - Is someone using my relay server? =20 =20 Okay. Here's the low-down. =20 I have an Exchange 5.5 server on the inside interface of our firewall = and and IIS SMTP relay server on the DMZ interface of our firewall. This = has been running for several months without any problems. =20 Yesterday I reviewed the daily network bandwidth chart for our T1 = line out the to internet and found the inbound traffic was WAY higher (my eyes almost popped out of my sockets) than usual. This was highly = noticeable in that the inbound traffic continued into the late hours of the = night. Normally, after 5pm, network inbound/outbound traffic is dead. =20 I tried figuring out what all of a sudden is causing this increased traffic and am beginning to suspect the IIS SMTP relay box. = Performance analysis on the box shows that the CPU utilization is much higher = than usual (mainly from inetinfo.exe). After further investigating, I = noticed that the c:\inetpub\mailroot\queue directory is suddenly full (1500 messages) of .rtr and .eml files (can someone explain the difference between these?). =20 Not only are there 1500+ .rtr and .eml files in the queue, but the messages themselves are not originating from or destined to = whitnall.com (my domain). =20 I'm assuming someone (most of the messages are from hotmail.com = accounts and contain PORN links) is using our smtp relay... =20 Can
RE: IIS SMTP relay server - Is someone using my relay server?
Are all the latest IIS patches on this box? As I think others have said, it looks like NIMDA. There are several variants of it. I just cleaned one a couple of days ago. William -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 20, 2001 12:28 PM To: MS-Exchange Admin Issues Subject: IIS SMTP relay server - Is someone using my relay server? Okay. Here's the low-down. I have an Exchange 5.5 server on the inside interface of our firewall and and IIS SMTP relay server on the DMZ interface of our firewall. This has been running for several months without any problems. Yesterday I reviewed the daily network bandwidth chart for our T1 line out the to internet and found the inbound traffic was WAY higher (my eyes almost popped out of my sockets) than usual. This was highly noticeable in that the inbound traffic continued into the late hours of the night. Normally, after 5pm, network inbound/outbound traffic is dead. I tried figuring out what all of a sudden is causing this increased traffic and am beginning to suspect the IIS SMTP relay box. Performance analysis on the box shows that the CPU utilization is much higher than usual (mainly from inetinfo.exe). After further investigating, I noticed that the c:\inetpub\mailroot\queue directory is suddenly full (1500 messages) of .rtr and .eml files (can someone explain the difference between these?). Not only are there 1500+ .rtr and .eml files in the queue, but the messages themselves are not originating from or destined to whitnall.com (my domain). I'm assuming someone (most of the messages are from hotmail.com accounts and contain PORN links) is using our smtp relay... Can someone please help me address this problem? Not sure how to proceed. Thanks reply here or via email [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: IIS SMTP relay server - Is someone using my relay server?
I just had the same situation yesterday. Someone was using my exchange server 5.5 as a relay point. There is a well-documented procedure to close this situation off. I carried out the procedure, and voila, no more backed up outgoing queue in IMS. Worked great! Here is the link. Print out this article, follow the steps, and your problem will be over. No reboot necessary. I did it during the day. http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 Bruce Harrison Information Technology Manager The Boudreaux Group -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 20, 2001 3:28 PM To: MS-Exchange Admin Issues Subject: IIS SMTP relay server - Is someone using my relay server? Okay. Here's the low-down. I have an Exchange 5.5 server on the inside interface of our firewall and and IIS SMTP relay server on the DMZ interface of our firewall. This has been running for several months without any problems. Yesterday I reviewed the daily network bandwidth chart for our T1 line out the to internet and found the inbound traffic was WAY higher (my eyes almost popped out of my sockets) than usual. This was highly noticeable in that the inbound traffic continued into the late hours of the night. Normally, after 5pm, network inbound/outbound traffic is dead. I tried figuring out what all of a sudden is causing this increased traffic and am beginning to suspect the IIS SMTP relay box. Performance analysis on the box shows that the CPU utilization is much higher than usual (mainly from inetinfo.exe). After further investigating, I noticed that the c:\inetpub\mailroot\queue directory is suddenly full (1500 messages) of .rtr and .eml files (can someone explain the difference between these?). Not only are there 1500+ .rtr and .eml files in the queue, but the messages themselves are not originating from or destined to whitnall.com (my domain). I'm assuming someone (most of the messages are from hotmail.com accounts and contain PORN links) is using our smtp relay... Can someone please help me address this problem? Not sure how to proceed. Thanks reply here or via email [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: IIS SMTP relay server - Is someone using my relay server?
Do you have one for IIS SMTP? -Original Message- From: Bruce Harrison [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 20, 2001 1:40 PM To: MS-Exchange Admin Issues Subject: RE: IIS SMTP relay server - Is someone using my relay server? I just had the same situation yesterday. Someone was using my exchange server 5.5 as a relay point. There is a well-documented procedure to close this situation off. I carried out the procedure, and voila, no more backed up outgoing queue in IMS. Worked great! Here is the link. Print out this article, follow the steps, and your problem will be over. No reboot necessary. I did it during the day. http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 Bruce Harrison Information Technology Manager The Boudreaux Group -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 20, 2001 3:28 PM To: MS-Exchange Admin Issues Subject: IIS SMTP relay server - Is someone using my relay server? Okay. Here's the low-down. I have an Exchange 5.5 server on the inside interface of our firewall and and IIS SMTP relay server on the DMZ interface of our firewall. This has been running for several months without any problems. Yesterday I reviewed the daily network bandwidth chart for our T1 line out the to internet and found the inbound traffic was WAY higher (my eyes almost popped out of my sockets) than usual. This was highly noticeable in that the inbound traffic continued into the late hours of the night. Normally, after 5pm, network inbound/outbound traffic is dead. I tried figuring out what all of a sudden is causing this increased traffic and am beginning to suspect the IIS SMTP relay box. Performance analysis on the box shows that the CPU utilization is much higher than usual (mainly from inetinfo.exe). After further investigating, I noticed that the c:\inetpub\mailroot\queue directory is suddenly full (1500 messages) of .rtr and .eml files (can someone explain the difference between these?). Not only are there 1500+ .rtr and .eml files in the queue, but the messages themselves are not originating from or destined to whitnall.com (my domain). I'm assuming someone (most of the messages are from hotmail.com accounts and contain PORN links) is using our smtp relay... Can someone please help me address this problem? Not sure how to proceed. Thanks reply here or via email [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: IIS SMTP relay server - Is someone using my relay server?
Okay. I installed Norton Anti Virus Corporate Edition on the server and got the latest virus defs. The only thing turned up was on some files in the BADMAIL subdirectory and that was for the W32.MAGISTR.24876@MM virus. I cleaned those out. Then, I checked to see if I had the MS01-044 Bulletin Patch on the server. I did not... My mistake, I thought it was on there. Anyway, I installed the patch and rebooted. The server came back online and is experiencing the same problem. The queue directory is still receiving tons of emails not originating from my domain and site. Where to go next? The NIMBA virus doesn't seem to be on the system, it has the latest bulletins (cumulative) and the problem still seems to exist. As I mentioned earlier, on the remote domain properties for whitnall.com, the checkbox for Allow Relay *IS* checked and Outbound Security box has No Authentication selected. Any help? Thanks Are all the latest IIS patches on this box? As I think others have said, it looks like NIMDA. There are several variants of it. I just cleaned one a couple of days ago. William -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 20, 2001 12:28 PM To: MS-Exchange Admin Issues Subject: IIS SMTP relay server - Is someone using my relay server? Okay. Here's the low-down. I have an Exchange 5.5 server on the inside interface of our firewall and and IIS SMTP relay server on the DMZ interface of our firewall. This has been running for several months without any problems. Yesterday I reviewed the daily network bandwidth chart for our T1 line out the to internet and found the inbound traffic was WAY higher (my eyes almost popped out of my sockets) than usual. This was highly noticeable in that the inbound traffic continued into the late hours of the night. Normally, after 5pm, network inbound/outbound traffic is dead. I tried figuring out what all of a sudden is causing this increased traffic and am beginning to suspect the IIS SMTP relay box. Performance analysis on the box shows that the CPU utilization is much higher than usual (mainly from inetinfo.exe). After further investigating, I noticed that the c:\inetpub\mailroot\queue directory is suddenly full (1500 messages) of .rtr and .eml files (can someone explain the difference between these?). Not only are there 1500+ .rtr and .eml files in the queue, but the messages themselves are not originating from or destined to whitnall.com (my domain). I'm assuming someone (most of the messages are from hotmail.com accounts and contain PORN links) is using our smtp relay... Can someone please help me address this problem? Not sure how to proceed. Thanks reply here or via email [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: IIS SMTP relay server - Is someone using my relay server?
what happens if you uncheck that box? -Michèle Immigration site: http://LadySun1969.tripod.com The Miata is For Sale!!: http://cgi.ebay.com/ebaymotors/aw-cgi/eBayISAPI.dll?ViewItemitem=598226359 Tiggercam: http://www.tiggercam.co.uk - Women complain about premenstrual syndrome but I think of it as the only time of the month that I can be myself. * Roseanne - -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 20, 2001 5:01 PM To: MS-Exchange Admin Issues Subject: RE: IIS SMTP relay server - Is someone using my relay server? Okay. I installed Norton Anti Virus Corporate Edition on the server and got the latest virus defs. The only thing turned up was on some files in the BADMAIL subdirectory and that was for the W32.MAGISTR.24876@MM virus. I cleaned those out. Then, I checked to see if I had the MS01-044 Bulletin Patch on the server. I did not... My mistake, I thought it was on there. Anyway, I installed the patch and rebooted. The server came back online and is experiencing the same problem. The queue directory is still receiving tons of emails not originating from my domain and site. Where to go next? The NIMBA virus doesn't seem to be on the system, it has the latest bulletins (cumulative) and the problem still seems to exist. As I mentioned earlier, on the remote domain properties for whitnall.com, the checkbox for Allow Relay *IS* checked and Outbound Security box has No Authentication selected. Any help? Thanks Are all the latest IIS patches on this box? As I think others have said, it looks like NIMDA. There are several variants of it. I just cleaned one a couple of days ago. William -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 20, 2001 12:28 PM To: MS-Exchange Admin Issues Subject: IIS SMTP relay server - Is someone using my relay server? Okay. Here's the low-down. I have an Exchange 5.5 server on the inside interface of our firewall and and IIS SMTP relay server on the DMZ interface of our firewall. This has been running for several months without any problems. Yesterday I reviewed the daily network bandwidth chart for our T1 line out the to internet and found the inbound traffic was WAY higher (my eyes almost popped out of my sockets) than usual. This was highly noticeable in that the inbound traffic continued into the late hours of the night. Normally, after 5pm, network inbound/outbound traffic is dead. I tried figuring out what all of a sudden is causing this increased traffic and am beginning to suspect the IIS SMTP relay box. Performance analysis on the box shows that the CPU utilization is much higher than usual (mainly from inetinfo.exe). After further investigating, I noticed that the c:\inetpub\mailroot\queue directory is suddenly full (1500 messages) of .rtr and .eml files (can someone explain the difference between these?). Not only are there 1500+ .rtr and .eml files in the queue, but the messages themselves are not originating from or destined to whitnall.com (my domain). I'm assuming someone (most of the messages are from hotmail.com accounts and contain PORN links) is using our smtp relay... Can someone please help me address this problem? Not sure how to proceed. Thanks reply here or via email [EMAIL PROTECTED] List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: IIS SMTP relay server - Is someone using my relay server?
Something tells me I tried that when originally setting up the IIS SMTP relay and when the relay box was unchecked, mail was never received in our inboxes. I'd like to try it again, but can't right now as I'm thinking it would cause interuption in our mail service and that would wind up with too many people complaining. Hopefully I can test this off hours soon, but unfortunately it will have to wait until tomorrow as I have to leave early today and can't stick around to try it. what happens if you uncheck that box? -Mich=E8le Immigration site: http://LadySun1969.tripod.com The Miata is For Sale!!: =20 http://cgi.ebay.com/ebaymotors/aw-cgi/eBayISAPI.dll?ViewItemitem=3D598= 226359 Tiggercam: http://www.tiggercam.co.uk - Women complain about premenstrual syndrome but I think of it as the = only time of the month that I can be myself. * Roseanne=20 - -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 20, 2001 5:01 PM To: MS-Exchange Admin Issues Subject: RE: IIS SMTP relay server - Is someone using my relay server? Okay. I installed Norton Anti Virus Corporate Edition on the server and got = the latest virus defs. The only thing turned up was on some files in the BADMAIL subdirectory and that was for the W32.MAGISTR.24876@MM virus. = I cleaned those out. Then, I checked to see if I had the MS01-044 Bulletin Patch on the = server. I did not... My mistake, I thought it was on there. Anyway, I = installed the patch and rebooted. The server came back online and is experiencing the same problem. The queue directory is still receiving tons of emails not originating from = my domain and site. Where to go next? The NIMBA virus doesn't seem to be = on the system, it has the latest bulletins (cumulative) and the problem = still seems to exist. As I mentioned earlier, on the remote domain properties for = whitnall.com, the checkbox for Allow Relay *IS* checked and Outbound Security box has = No Authentication selected. Any help? Thanks Are all the latest IIS patches on this box? =20 As I think others have said, it looks like NIMDA. There are several variants of it. I just cleaned one a couple of days ago. =20 William =20 -Original Message- From: Jesse Rink [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 20, 2001 12:28 PM To: MS-Exchange Admin Issues Subject: IIS SMTP relay server - Is someone using my relay server? =20 =20 Okay. Here's the low-down. =20 I have an Exchange 5.5 server on the inside interface of our firewall = and and IIS SMTP relay server on the DMZ interface of our firewall. This = has been running for several months without any problems. =20 Yesterday I reviewed the daily network bandwidth chart for our T1 = line out the to internet and found the inbound traffic was WAY higher (my eyes almost popped out of my sockets) than usual. This was highly = noticeable in that the inbound traffic continued into the late hours of the = night. Normally, after 5pm, network inbound/outbound traffic is dead. =20 I tried figuring out what all of a sudden is causing this increased traffic and am beginning to suspect the IIS SMTP relay box. = Performance analysis on the box shows that the CPU utilization is much higher = than usual (mainly from inetinfo.exe). After further investigating, I = noticed that the c:\inetpub\mailroot\queue directory is suddenly full (1500 messages) of .rtr and .eml files (can someone explain the difference between these?). =20 Not only are there 1500+ .rtr and .eml files in the queue, but the messages themselves are not originating from or destined to = whitnall.com (my domain). =20 I'm assuming someone (most of the messages are from hotmail.com = accounts and contain PORN links) is using our smtp relay... =20 Can someone please help me address this problem? Not sure how to = proceed. Thanks =20 reply here or via email [EMAIL PROTECTED] =20 List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
