Re: SMTP Queue - Suspect virus/spam
- From: Toxic <Toxic@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 21 Jun 2007 03:33:01 -0700
Thanks Kieth, looked at all of these and still I get these emails.
What shoul I be using to stop this (anti-virus, spaming software ?)
I was told there is a hotfix for this in SBS 2003
"Keith Lawrence MCP" wrote:
It sounds like your smtp server has been hijacked, whether internally or.
externally.
If its an external machine that has initiated the spam attack, you can do
the following:
1) if the smtp queue is still filling up, use Aqadmcli.exe to flush all
messages. I think you need to contact PSS for this tool but it can be found
by googling.
2) Go to your Exchange system manager and open the SMTP virtual server
properties. Click the Access tab then Relay then make sure "only the list
below" is selected. Also tick the "Allow all computers which
successfully....."
3) Now check your smtp server is not an open relay by going to
http://www.abuse.net/relay.html and inputting the relevant details.
There is also an MS KB on this :
http://support.microsoft.com/kb/324958
Good Luck!
"Jane C" wrote:
http://www.wireshark.org/
--
Jane, not plain ;) 64 bit enabled :-)
Batteries not included. Braincell on vacation ;-)
MVP Windows Shell/User
"Toxic" <Toxic@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6AD30402-37F4-4DA5-A0E1-69A564DBDB8C@xxxxxxxxxxxxxxxx
Thanks for the quick responce. I found the pc it came from.
Where do I get wireshark
How do I check open relay
Which Malware
"Henry Craven {SBS-MVP}" wrote:
You can open the .eml file in notepad and check it out.
That will give you an idea of what you're dealing with.
Run a network sniffer ( wireshark ) and process monitor ( procmon ) and
see
what's going on on your network
Make sure you're not an open relay.
Malware scan your server and all workstations.
Make sure no one unauthorised is getting in via Wireless access, or wired
for that matter ( change all passwords )
If you've been compromised see if you can find out when and then roll
back
to a known good state.
Assess the consequences of the intrusion and possible data Loss and
tampering on the business / clients.
eg. tampered client records can be lethal ( e.g. allergic to antibiotics
yes/no )
Regulatory compliance / disclosure ?
that should do for a start.
--
Henry Craven {SBS-MVP}
"Toxic" <Toxic@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:89B5BD6C-58D3-4002-8E50-7B7F6B4287EB@xxxxxxxxxxxxxxxx
Help guys please, got a email from the server complaining about the
smtp
queue, went to go and look HUH 2gig of email waiting to go out. So I
started
deleteing the emails but when I had deleted all of them the emails
starting
appearing in the queue gain. So I looked in the vsi1 queue and moved
the
email out of there into another folder and then restartedc SMTP and it
was
fine.
My question is how do I solve this problem or find out how to stop it
or
am
I not protected enough.
I still have some of the emails in another folder the extention is
.eml, I
would post here but they are quite large.
SBS 2003 SP1
Exchange SP2
- Follow-Ups:
- Re: SMTP Queue - Suspect virus/spam
- From: Keith Lawrence MCP
- Re: SMTP Queue - Suspect virus/spam
- References:
- Re: SMTP Queue - Suspect virus/spam
- From: Henry Craven {SBS-MVP}
- Re: SMTP Queue - Suspect virus/spam
- From: Jane C
- Re: SMTP Queue - Suspect virus/spam
- From: Keith Lawrence MCP
- Re: SMTP Queue - Suspect virus/spam
- Prev by Date: RE: Can SBS do GAL Sync (IIFP)?
- Next by Date: Re: Installing McAfee Protection Pilot on SBS 2003
- Previous by thread: Re: SMTP Queue - Suspect virus/spam
- Next by thread: Re: SMTP Queue - Suspect virus/spam
- Index(es):
Relevant Pages
|
