-
March 2nd, 2004, 09:38 PM
#1
Exchange: mass-email infection
Today I found that our Exchange 5.5 server, which was long ago closed to open-relay, was trying relay 10,000 junk emails in the IMC queue. So I'm trying to hunt down the culprit:
Even though we're closed off to open relay, I completely shut down port 25 to the outside world. So no inbound SMTP connections are coming in. Problem still persists, so I deduced that the problem was internal.
I updated definitions and ran a virus sweep with Symantec AV. Everyone came up clean (about 30 PCs).
I am using a packet capturing utility, but I am not finding any internal sessions being created to port 25. The only traffic seems to my my Exchange trying to send out all the junk email. Does Exchange/Outlook use ports other than 25 to queue up mail in the server?
I have turned off all inbound and outbound routing in Exchange and deleted all 10,000 messages. I then restarted the IMC services. However, no matter how many times I try to delete all the junk, they keep coming back. And Exchange keeps trying to send it out, even though I have turned off routing. What the heck?
I'm using Exch 5.5 SP4. Anyone got any ideas? Hoping to have this server up by tomorrow morning (Wednesday).
Similar Threads
-
By kinesi in forum Windows NT/2000
Replies: 1
Last Post: August 8th, 2003, 06:23 PM
-
By tk421 in forum Tech-To-Tech
Replies: 6
Last Post: April 10th, 2002, 06:26 PM
-
By ephmynus in forum Tech Lounge & Tales
Replies: 15
Last Post: March 8th, 2002, 09:46 AM
-
By pesler in forum Windows NT/2000
Replies: 3
Last Post: June 15th, 2001, 08:21 AM
-
By goldmeier in forum Networking
Replies: 6
Last Post: January 30th, 2001, 10:33 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks