Hi lee, Having re read your first mail I think you have the sdbot virus ........ I took the server off the internet Disconnected all clients Cleared all unknown in the smtp Deleted all the bad mail ( this will take ages and I do mean ages ) ( windows would not catalogue so I removed files in command mode ) Ran Mcaffe ( anti virus people )stinger, it found sdbot Checked all clients with stinger Ran spybot an all systems Ran spyhunter on all systems Ran security task manager on all systems ( all the above found various on all systems ) put the server ONLY back on line and connected to the internet and monitored for an hour or so to make sure nothing new was being setup / relayed ( in my case it did and I had to restart the entire server process ) I copied Mcafee from my service, clean, laptop onto a cd and ran a complete scan in command mode, this appeared to find more than the stinger did off memory and once I was happy that sdbot had been trashed I re connected the clients and monitored....... to this day all ok..... This was on a win2000 server with 6 clients on the network. I hope this is of some help, if indeed it is a sdbot virus, if I can help further do not hesitate to mail........ Regards Steve Calderglen Computers Ltd Calder House Spring Lane Colne Lancs BB8 9BD www.calderglen.net phone : +44 (0) 1282 871717 -----Original Message----- From: Lee [mailto:swanson@xxxxxxxxxx] Sent: 27 June 2005 13:15 To: [ExchangeList] Subject: [exchangelist] RE: BadMail Directory http://www.MSExchange.org/ The passwords could be an issue.... Will have everyone change and see what happens. Thanks. -----Original Message----- From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] Sent: Monday, June 27, 2005 2:32 AM To: [ExchangeList] Subject: [exchangelist] RE: BadMail Directory http://www.MSExchange.org/ It sounds like you are relaying, either because of bad configuration or passwords have been compromised. John T eServices For You > -----Original Message----- > From: Lee [mailto:swanson@xxxxxxxxxx] > Sent: Saturday, June 25, 2005 9:48 PM > To: [ExchangeList] > Subject: [exchangelist] BadMail Directory > > http://www.MSExchange.org/ > > > I'm at my wits' end here and not sure what to do.... > > Have an Exchange 2000 install w/ SP3 and security rollup installed. I > believe relay is configured per MS instructions. > > What's happening is the badmail directory is filling up w/ a few > thousand entries everyday. It appears that someone is sending spam to > every name in the dictionary attached to @mycompany.com. When I look > in the ESM, it shows > a couple dozen queues in the SMTP Protocol from domains that are > basically "junk." Tried putting these to be filtered out, but they > keep coming back w/ > other domain names. > > Is there anyway of keeping this stuff out or is it something I need to live > w/ since this users are not getting this mail. > > Thanks. > > Lee Ann > Lake Norden, SD > > > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com Leading > Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org Windows > Security Resource Site: http://www.windowsecurity.com/ Network > Security Library: http://www.secinf.net/ Windows 2000/NT Fax > Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org Discussion List as: > johnlist@xxxxxxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: swanson@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: steve.alcock@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx