Turns out there's a program going around that is brute force cracking Exchange passwords, if your setting is to "Allow users who successfully authenticate to relay, regardless..." This happened to two of our customers. So if you're running Exchange like that, watch your password policies carefully. This program DID crack a hybrid password. -----Original Message----- From: Dave Arnold [mailto:darnold@xxxxxxxx] Sent: Thursday, October 02, 2003 6:08 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Deleting Ex2k BadMail directory Another thought is to run something like AdAware on this system to help identify all the running services. It makes a nice list for you and is freeware. Careful though on letting it make any changes. Dave Arnold Mercury Data Group, Inc. (907) 274-1510 x19 -----Original Message----- From: Dave Arnold Sent: Thursday, October 02, 2003 2:03 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Deleting Ex2k BadMail directory Can you check the items in the queue directory to see the nature of the messages? May be virus driven by one of your clients, or if it is obviously spam, someone may have compromised your system. Dave Arnold Mercury Data Group, Inc. (907) 274-1510 x19 -----Original Message----- From: Ryan Lambert [mailto:rlambert@xxxxxxxxxxxxxxx] Sent: Thursday, October 02, 2003 1:33 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Deleting Ex2k BadMail directory I unchecked that setting. -----Original Message----- From: Dave Arnold [mailto:darnold@xxxxxxxx] Sent: Thursday, October 02, 2003 5:16 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Deleting Ex2k BadMail directory You may have to change domain passwords since the typical setting is to allow relay on authentication. Dave Arnold Mercury Data Group, Inc. (907) 274-1510 x19 -----Original Message----- From: Ryan Lambert [mailto:rlambert@xxxxxxxxxxxxxxx] Sent: Thursday, October 02, 2003 12:29 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Deleting Ex2k BadMail directory This seems to be a something else. I've taken relaying off of our mailservers, all machines up to date with patches/AV... the mailserver tries to make ~50 outbound connections per second. Bizarre. -----Original Message----- From: Ryan Lambert Sent: Wednesday, October 01, 2003 3:15 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Deleting Ex2k BadMail directory I'm not sure it's doing anything though in this instance, since my drive space has been 31.5gb free for about an hour and a half. :-) -----Original Message----- From: Dave Arnold [mailto:darnold@xxxxxxxx] Sent: Wednesday, October 01, 2003 2:58 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Deleting Ex2k BadMail directory We run a batch file that changes to the badmail dir, then del *.* /q. This is scheduled to run weekly from the AT scheduler. Works well. Dave Arnold Mercury Data Group, Inc. (907) 274-1510 x19 -----Original Message----- From: John Twilley [mailto:John.Twilley@xxxxxxxxxxxxxxxxxxxxx] Sent: Wednesday, October 01, 2003 10:31 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Deleting Ex2k BadMail directory We tried the del *.* but it freaked out. We used the rm.exe command (ported from unix) and it worked FAST. (Windows Resource Kit) http://support.microsoft.com/default.aspx?scid=http://support.microsoft. com:80/support/kb/articles/Q120/7/16.ASP <http://support.microsoft.com/default.aspx?scid=http://support.microsoft .com:80/support/kb/articles/Q120/7/16.ASP&NoWebContent=1> &NoWebContent=1 _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jan Broucinek Sent: Wednesday, October 01, 2003 2:22 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Deleting Ex2k BadMail directory Go to the command line set your default into the directory and delete the contents (del *.*) . If you try from explorer, it will crash. It cannot handle the amount of messages that appear there. ----- Original Message ----- From: Ryan Lambert <mailto:rlambert@xxxxxxxxxxxxxxx> To: thin@xxxxxxxxxxxxx Sent: Wednesday, October 01, 2003 1:45 PM Subject: [THIN] Deleting Ex2k BadMail directory Anyone have a guide on flushing this? I got a customer with over 1 million items. -- Ryan Lambert, MCP, CCA Network Engineer NetSource 1242 East 49th Street Ste. 0503-B, Third Floor Cleveland, OH 44114 Phone/Fax: 216-373-2757 http://www.netsourceit.com/