RE: BadMail Directory
- From: "steve alcock" <steve.alcock@xxxxxxxxxxxxxx>
- To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
- Date: Mon, 27 Jun 2005 14:50:19 +0100
Hi lee,
Having re read your first mail I think you have the sdbot virus ........
I took the server off the internet
Disconnected all clients
Cleared all unknown in the smtp
Deleted all the bad mail ( this will take ages and I do mean ages )
( windows would not catalogue so I removed files in command mode )
Ran Mcaffe ( anti virus people )stinger, it found sdbot
Checked all clients with stinger
Ran spybot an all systems
Ran spyhunter on all systems
Ran security task manager on all systems
( all the above found various on all systems )
put the server ONLY back on line and connected to the internet and
monitored for an hour or so to make sure nothing new was being setup /
relayed
( in my case it did and I had to restart the entire server process )
I copied Mcafee from my service, clean, laptop onto a cd and ran a
complete scan in command mode, this appeared to find more than the
stinger did off memory and once I was happy that sdbot had been trashed
I re connected the clients and monitored....... to this day all ok.....
This was on a win2000 server with 6 clients on the network.
I hope this is of some help, if indeed it is a sdbot virus, if I can
help further do not hesitate to mail........
Regards
Steve
Calderglen Computers Ltd
Calder House
Spring Lane
Colne
Lancs
BB8 9BD
www.calderglen.net
phone : +44 (0) 1282 871717
-----Original Message-----
From: Lee [mailto:swanson@xxxxxxxxxx]
Sent: 27 June 2005 13:15
To: [ExchangeList]
Subject: [exchangelist] RE: BadMail Directory
http://www.MSExchange.org/
The passwords could be an issue.... Will have everyone change and see
what
happens. Thanks.
-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Monday, June 27, 2005 2:32 AM
To: [ExchangeList]
Subject: [exchangelist] RE: BadMail Directory
http://www.MSExchange.org/
It sounds like you are relaying, either because of bad configuration or
passwords have been compromised.
John T
eServices For You
> -----Original Message-----
> From: Lee [mailto:swanson@xxxxxxxxxx]
> Sent: Saturday, June 25, 2005 9:48 PM
> To: [ExchangeList]
> Subject: [exchangelist] BadMail Directory
>
> http://www.MSExchange.org/
>
>
> I'm at my wits' end here and not sure what to do....
>
> Have an Exchange 2000 install w/ SP3 and security rollup installed. I
> believe relay is configured per MS instructions.
>
> What's happening is the badmail directory is filling up w/ a few
> thousand entries everyday. It appears that someone is sending spam to
> every name in the dictionary attached to @mycompany.com. When I look
> in the ESM, it
shows
> a couple dozen queues in the SMTP Protocol from domains that are
> basically "junk." Tried putting these to be filtered out, but they
> keep coming back
w/
> other domain names.
>
> Is there anyway of keeping this stuff out or is it something I need to
live
> w/ since this users are not getting this mail.
>
> Thanks.
>
> Lee Ann
> Lake Norden, SD
>
>
>
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading
> Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org Windows
> Security Resource Site: http://www.windowsecurity.com/ Network
> Security Library: http://www.secinf.net/ Windows 2000/NT Fax
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List
as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
swanson@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
steve.alcock@xxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
Other related posts:
