Error - View Single Post - Exchange 2003 SMTP Queue filling with thousands of spam emails even when not on netwo

**Iphone** · 28-Mar-2007, 01:45 AM

I have got one of my customers' servers here as it has gone crazy. It is running SBS 2003. It is generating an enormous amount of SPAM messages and from reading through many questions here is sounds exactly like a dictionary attack. All except for the fact that I have configured (and quadruple checked the set up of) recipient filtering.

I run Symantec Antivirus on it, I have just installed a trial version of Symantec Antivirus for Microsoft Exchange and another malware scanning app that I can't remember the name of right now. They have all come up with nothing on full scans.

I am having to constantly use the aqadmcli delmsg flags=all tool to empty the smtp queues, but I think the mail is generating at least as fast as the tool deletes it.

About half of the messages when I check them in the queue are from postmaster@domainname.co.uk which points towards an NDR attack, but I am sure that I have switched off NDRs.

The messages are mainly going to msa.hinet.net, yahoo.com.tw, etc.

So to recap, no relaying, tarpit setup (regisrty entry checked), recipient filtering set up, up to date antivirus but smtp queue filling rapidly with spam even when unplugged from the network.

Please help, I am going out of my mind here and have been working till 4am for the last couple of days trying to sort this out!!!

28-Mar-2007, 01:45 AM	#1 (permalink)
Iphone Fixed Error! Posts: 4,202 Join Date: Mar 2007 Rep Power: 6 IM:	Exchange 2003 SMTP Queue filling with thousands of spam emails even when not on netwo I have got one of my customers' servers here as it has gone crazy. It is running SBS 2003. It is generating an enormous amount of SPAM messages and from reading through many questions here is sounds exactly like a dictionary attack. All except for the fact that I have configured (and quadruple checked the set up of) recipient filtering. I run Symantec Antivirus on it, I have just installed a trial version of Symantec Antivirus for Microsoft Exchange and another malware scanning app that I can't remember the name of right now. They have all come up with nothing on full scans. I am having to constantly use the aqadmcli delmsg flags=all tool to empty the smtp queues, but I think the mail is generating at least as fast as the tool deletes it. About half of the messages when I check them in the queue are from postmaster@domainname.co.uk which points towards an NDR attack, but I am sure that I have switched off NDRs. The messages are mainly going to msa.hinet.net, yahoo.com.tw, etc. So to recap, no relaying, tarpit setup (regisrty entry checked), recipient filtering set up, up to date antivirus but smtp queue filling rapidly with spam even when unplugged from the network. Please help, I am going out of my mind here and have been working till 4am for the last couple of days trying to sort this out!!!