Re: Is my server hijacked or is it spammed

Memory: Exchange will use all it has available, but can dynamically release
memory for other processes should these be running.
Queued mail: Open these messages and figure out where they're coming from.
Do they look like NDRs? If yes, enable Recipient Filtering - drop messages
for recipients not found in Directory (AD) from Global Settings - Message
Delivery properties | Recipient Filtering, and enable Recipient Filtering on
SMTP virtual server properties | General tab | Advanced | select IP address
| Edit.
If these appear to be originating from some internal host, check the host
for possible infection.

--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
www.exchangepedia.com/blog
----------------------------------------------


<tony.newsgrps@xxxxxxxxx> wrote in message
news:1153779975.250800.157220@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi there,

I have some strange emails queued on my exchange server and I can't
figure out if someone if using my server to send spam or if he/she is
doing some sort of spam attack.

I believed my smtp server is configured properly (ie users from the
internet must first authenticate before they want to send email through
my server)
Yet, when I look at the smtp queue, I see a lot of emails pending.

All emails originate from the same fake user:
fakeName@MyPublicIPAddress and are sent to what appear unlikely
recipients: vv ss@xxxxxxx, jqy@xxxxxxxxxxxxxxx ... (note that I
slightly changes the domain names in cases these are real addresses).

Where do you think these emails are coming from? Is some one using my
exchange server to send spam or is it some sort of
postmaster@xxxxxxxxxx variation to be able to send me spams?

Any feedback greatly appreciated.

Bonus question (might be related): My exchange server seems to be
leaking memory.... It grows to 1.1GB of memory usage quickly yet we're
a very small organization ( 20 pple). Is it what I should be expecting?

Thank you,
Tony.



.

Relevant Pages

  • Re: Email being received on my renamed admin account
    ... I'd still like to know how someone could have even guessed my admin name. ... > which you never use to send internet emails. ... > accounts that exists on your Exchange server, ...
    (microsoft.public.windows.server.sbs)
  • Re: Is my server hijacked or is it spammed
    ... About the memory: what bothers me is that I some times get error ... I have some strange emails queued on my exchange server and I can't ... doing some sort of spam attack. ... Yet, when I look at the smtp queue, I see a lot of emails pending. ...
    (microsoft.public.exchange.admin)
  • Re: Give more memory to Exchange
    ... I don't fully understand what your HP software is reporting but it basically ... the report from the Exchange database drive. ... Exchange is a very specific product and has specific needs from CPU, Memory, ... Run Microsoft Exchange Server Best Practices Analyzer Today ...
    (microsoft.public.exchange2000.information.store)
  • Re: SBS2008 / Exchange with POP3 Connector / Invalid Header Fields - problem
    ... Problem is that SBS2008 POP3 Connector is trying to deliver emails to ... Exchange Server, but fails because those emails are not "standard" ... Exchange server has some kind of "filter", ... When the SBS 2008 pop3connector downloads a message from a POP3 ...
    (microsoft.public.exchange.connectivity)
  • Email queuing up for only a few domains.
    ... I am having this problem of emails queuing up for some particular domains ... I am using Microsoft Exchange Server 2003 with Symantec Mail Security 4.6 ... Sysnet Pakistan Pvt. ...
    (microsoft.public.exchange.connectivity)
Loading