Re: Possible worm...please help

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

John thanks for your response.

I had previously closed it using the method:

Click the Routing tab. The two radio buttons in this window provide two
different ways to help secure your server: . Reroute Incoming SMTP Mail
(required for Post Office Protocol version 3 (POP3)/Internet Message Access
Protocol, Version 4rev1 (IMAP4) support)

This method requires additional configuration. a. For each domain
that you want to be able to accept SMTP mail, click Add, type the domain
information, and then make sure that you have selected Should be accepted as
inbound.
b. Click Routing Restrictions.
c. To help secure the relay, click to select the Hosts and
Clients with these IP addresses check box


I thought unplugging the network cable would be a good way to isolated that
the issue was on the actual server.

Thank you,
Matthew


"John" <a> wrote in message news:u5OiddNEIHA.5208@xxxxxxxxxxxxxxxxxxxxxxx
Is your 5.5 an open relay? I guess spammers are using your server to relay
junk email or they're doing DHA attack on your machine.
To close relaying, take a look at: http://support.microsoft.com/?id=324059

"Matthew Laping" <mlaping@xxxxxxxxxxxxxxxxxx> wrote in message
news:%23m2hVWNEIHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
Not sure if this is the proper place for this, but since it is Exchange
related let's start here. I had started to notice that out bound emails
were not getting delivered. When I checked the Event Viewer I came across
the following message:

The inbound SMTP queue currently exceeds 4000 items. The Internet Mail
Service will not accept inbound connections until the inbound content
conversion queue has dropped below 3000 items


I also noticed that the Outbound Message Awaiting Delivery queue was
filled with emails awaiting delivery. For the most part the Originator is
the same. So I started to think my server was infected with a worm. I
disconnected the network cable and after deleting all the messages in the
queue, they kept coming back...about a thousand a minute! I have scanned
the server with Nortona Anti-Virus and with Spybot, neither found
anything. What else can I try? Is there a way to see the emails and see
where they are coming from?

Exchange Server 5.5 running on Windows NT 4.0 (Actually SBS 4.5)

Thank you,
Matthew





.

Relevant Pages

  • Re: How can i send and recieve email when not connecting to internet?
    ... > What is the benefit of using SMTP\POP3 server instead of r using my ISP ... the SMTP Service stores the emails waiting for delivery in queue (Queue ... Emails sent to the local domain are delivered to the Drop folder as ...
    (microsoft.public.inetserver.iis.smtp_nntp)
  • Re: Sending large emails
    ... usual routes and solutions just don't seem to be working on this one. ... like the queue is active but after 5 minutes it has the remote server dropped ... >>> smaller emails are being sent and received ok but anything larger is just ...
    (microsoft.public.exchange.connectivity)
  • Re: SMTP Queue - Suspect virus/spam
    ... There was no mail in the smtp queue. ... and 30 minutes later went to go and check the queues and hey hey 9000 emails. ... If your server has been sending out ...
    (microsoft.public.windows.server.sbs)
  • RE: Exchange Bandwidth
    ... queue on your exchange server. ... what kind of emails in your queue? ... Open Exchange System Manager and SMTP Queues to open the Properties of the ...
    (microsoft.public.windows.server.sbs)
  • RE: Pocket PC and Exchange Server
    ... route outgoing emails from my exchange server via my ISP. ... > Service Name: POP3 inbound ... >>I would like to be able send and retrieve emails between my Pocket PC ...
    (microsoft.public.windows.server.sbs)