SPAMBOT Symptoms?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Bilbo <wlp<faux>fake<at>rubbish.domain.org>
Date: Wed, 22 Oct 2008 20:27:41 -0500

A 2-NIC SBS2003 (SP2), (3GB), has over 80 SMTP Queue entries and
I'm getting email alerts from SBS/Exchange.

Most of these entries seem to be from the same sender.

One queued message in one Queue had a TO:/CC: list of 174 entries --
seems extremely improbable.

I found 3 SMTP Virtual Server Sessions that were Swedish (.SE)
domains. Again, extremely improbable for this company unless this is
where the SPAM senders appear.

This server has been getting hit by significant amounts (~31%) of SPAM
on a daily basis.

This seems to me like a case of a client workstation with a SPAMBOT
running but I'm no expert. Does anyone see it differently?

We're having foul weather here in Houston so I won't be able to be on
site for another 12 hours or so.

The LAN is protected (if that's the word) by Trend Micro CSM 3.6 and I
was planning to evaluate their new product before upgrading this
server and its clients.

Advice gratefully accepted,

-Bilbo
--
BilBo
.

Follow-Ups:
- Re: SPAMBOT Symptoms?
  - From: Michael Jenkin [SBS-MVP]

Prev by Date: Re: Error code: 0x8000ffff - Installing Windows Live Messenger
Next by Date: Re: Move WSUS Update Folder
Previous by thread: Move WSUS Update Folder
Next by thread: Re: SPAMBOT Symptoms?
Index(es):
- Date
- Thread

Relevant Pages

Re: HELP! SMTP Outbound queue generating thousands of messages!!!
... In the global settings for your server there are some check boxes to ... > System Manager sender filtering, which stopped the messages from being ... The suspect messages in the queue were then deleted, ... and outbound mail was re-enabled. ...
(microsoft.public.windows.server.sbs)
Re: Do p. Kusnierza
... "The sender of this message, zalekbloom@xxxxxxxxxxx, could not be ... Z tym ze celem tego przedsiezwiecia bylo nie to, by sie pod Pana podszyc ale to zeby udowodnic, ze falszowanie SMTP ) jest mozliwe, bo SMTP nie jest 'point to point' typem komunikacji - podobnie zreszta jak NNTP. ... the address of the server that sent the mail against a registered list ...
(soc.culture.polish)
Re: Access DB question
... address, the SMTP client, something in the message content, or something ... Say I am a backup MX for example.com. ... My server starts sending them their mail. ... My server does not send a bounce to the sender. ...
(comp.mail.sendmail)
RE: MTA report error 5.1.1
... Thank you for posting in the SBS newsgroup. ... sender cannot send email to users in your SBS Server. ... Microsoft CSS Online Newsgroup Support ...
(microsoft.public.windows.server.sbs)
Re: SMTP logging
... the headers from the monitoring ones sent internally do have the IP of the sending server in the headers. ... The various list combinations make my head hurt, but originally I didn't even have the Connection Filter (or Sender ID) enabled so had nothing in General, which only applies to those two. ... So then I investigated the problem and through that article found that it was the Accept List in Connection Filtering that allows you to make IMF host exceptions. ...
(microsoft.public.windows.server.sbs)