RE: SPAM!!! Just shut down Exchange 2000 Services
- From: "Clarke, Scott" <Scott.Clarke@xxxxxxxxxxxx>
- To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
- Date: Wed, 2 Nov 2005 11:53:49 -0330
Webmail logs are stored on our exchange server C: drive and taking up loads of
space. It is ok to move this to another partition?
-----Original Message-----
From: Simon Butler [mailto:simon@xxxxxxxxxxxx]
Sent: Tuesday, November 01, 2005 6:30 PM
To: [ExchangeList]
Subject: [exchangelist] RE: SPAM!!! Just shut down Exchange 2000
Services
http://www.MSExchange.org/
Sounds like you are under an NDR attack.
This is where email is sent to your server with an invalid email address
on purpose. Your server then attempts to bounce the email to the sender
- except the sender is spoofed and is the real target of the spam.
To clean up the queues look at my web site here:
http://www.amset.info/exchange/spam-cleanup.asp
I believe that in GFI Mail Essentials there is a feature for LDAP
lookups. This is where GFI checks the user is valid and only allows
message delivery if it is. Enabling this feature stops an NDR attack
immediately.
Exchange 2003 has this feature built in.
Retry time for 2 days is usual. Anything shorter than that could mean
email is bounced back because the remote site is just having short term
issues.
Simon.
--
Simon Butler
MCP, MCSA, MVP:Exchange
Amset IT Solutions Ltd.
e: simon@xxxxxxxxxxxx
w: www.amset-it.com
w: www.amset.info
-----Original Message-----
From: Scott Clarke [mailto:scott.clarke@xxxxxxxxxxxx]
Sent: 01 November 2005 21:45
To: [ExchangeList]
Subject: [exchangelist] SPAM!!! Just shut down Exchange 2000 Services
http://www.MSExchange.org/
Hi all,
Please help. We are getting a HUGE amount of spam. I suspect this shut
down our Exchange services. I have noticed a lot of messages from
postmaster@xxxxxxxxxxxx in the Queues folder...and I mean a lot. As a
result our outbound email was slow getting to its destination. I have
deleted the postmaster messages to the fictional/spoofed domains and
outbound email is now fine.
I have also noticed that the Queue is set to retry for 3 days...WOW this
is crazy...what are your recommendations, 12 hours? 24 hour? The people
that set this up must have kept the defaults. We run GFI v11 to block
spam...so it is catching a lot of it but not all.
This issue shut down all exchange services and I had to reboot and get
rid
of the messages in the queues.
Help!
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
exchange-list3@xxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
scott.clarke@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
Other related posts:
