Depends what sort of attack it is.
Sounds like an NDR attack. Therefore the first thing you
should do is turn off the option on the SMTP virtual server to receive a copy of
NDRs. That is usually a waste of time anyway.
You haven't said which version of Exchange it is, if it is
Exchange 2003 or higher you should enable recipient filtering.
If there are messages in the queues, then you will need to
clean them up.
Take a look at my spam cleanup article: http://www.amset.info/exchange/spam-cleanup.asp -- From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Dan Crain Sent: 18 October 2007 17:21 To: exchangelist@xxxxxxxxxxxxx Subject: [ExchangeList] Spam Attack Woke up today to find my phone downloading 5000 system
administrator messages so I naturally assumed spam
attack.
Checked my isa logs to make sure it was coming from
outside the company and sure enough they are from a range of ip addresses which
appear to be 168.95.6.xxx and 168.95.4.xxx the whole
range
Right now I've been deleting the emails by stopping the
smtp queue and deleting the emails from the folder.
My question is, how do I stop this? This is the first
time I've had this done to my server.
Any help would be
great...thanks,
Dan
Daniel A.
Crain
Systems
Administrator
Dean, Ringers, Morgan
& Lawton, P.A.
201 East Pine Street,
Suite 1200
Orlando, FL
32801
Phone:
407-422-4310
NOTE: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please notify Dan Crain at DanC@xxxxxxxxxxxx immediately by replying to the message and deleting it from your computer. Thank you. |