[THIN] Re: Deleting Ex2k BadMail directory

• From: "Ryan Lambert" <rlambert@xxxxxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Fri, 3 Oct 2003 08:06:58 -0400

Turns out there's a program going around that is brute force cracking
Exchange passwords, if your setting is to "Allow users who successfully
authenticate to relay, regardless..." This happened to two of our
customers.

 

So if you're running Exchange like that, watch your password policies
carefully. This program DID crack a hybrid password.

 

-----Original Message-----
From: Dave Arnold [mailto:darnold@xxxxxxxx] 
Sent: Thursday, October 02, 2003 6:08 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Deleting Ex2k BadMail directory

 

Another thought is to run something like AdAware on this system to help
identify all the running services. It makes a nice list for you and is
freeware. Careful though on letting it make any changes.

Dave Arnold 
Mercury Data Group, Inc. 
(907) 274-1510 x19 

-----Original Message-----
From: Dave Arnold 
Sent: Thursday, October 02, 2003 2:03 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Deleting Ex2k BadMail directory

Can you check the items in the queue directory to see the nature of the
messages? May be virus driven by one of your clients, or if it is
obviously spam, someone may have compromised your system.

 

 

Dave Arnold 
Mercury Data Group, Inc. 
(907) 274-1510 x19 

-----Original Message-----
From: Ryan Lambert [mailto:rlambert@xxxxxxxxxxxxxxx] 
Sent: Thursday, October 02, 2003 1:33 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Deleting Ex2k BadMail directory

I unchecked that setting.

 

-----Original Message-----
From: Dave Arnold [mailto:darnold@xxxxxxxx] 
Sent: Thursday, October 02, 2003 5:16 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Deleting Ex2k BadMail directory

 

You may have to change domain passwords since the typical setting is to
allow relay on authentication.

Dave Arnold 
Mercury Data Group, Inc. 
(907) 274-1510 x19 

-----Original Message-----
From: Ryan Lambert [mailto:rlambert@xxxxxxxxxxxxxxx] 
Sent: Thursday, October 02, 2003 12:29 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Deleting Ex2k BadMail directory

This seems to be a something else. I've taken relaying off of our
mailservers, all machines up to date with patches/AV... the mailserver
tries to make ~50 outbound connections per second. Bizarre.

 

-----Original Message-----
From: Ryan Lambert 
Sent: Wednesday, October 01, 2003 3:15 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Deleting Ex2k BadMail directory

 

I'm not sure it's doing anything though in this instance, since my drive
space has been 31.5gb free for about an hour and a half. :-)

 

-----Original Message-----
From: Dave Arnold [mailto:darnold@xxxxxxxx] 
Sent: Wednesday, October 01, 2003 2:58 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Deleting Ex2k BadMail directory

 

We run a batch file that changes to the badmail dir, then del *.* /q.
This is scheduled to run weekly from the AT scheduler. Works well. 

Dave Arnold 
Mercury Data Group, Inc. 
(907) 274-1510 x19 

-----Original Message-----
From: John Twilley [mailto:John.Twilley@xxxxxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, October 01, 2003 10:31 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Deleting Ex2k BadMail directory

We tried the del *.* but it freaked out.

We used the rm.exe command (ported from unix) and it worked FAST.
(Windows Resource Kit)

 

 

http://support.microsoft.com/default.aspx?scid=http://support.microsoft.
com:80/support/kb/articles/Q120/7/16.ASP
<http://support.microsoft.com/default.aspx?scid=http://support.microsoft
.com:80/support/kb/articles/Q120/7/16.ASP&NoWebContent=1>
&NoWebContent=1

 

 

 


  _____  


From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Jan Broucinek
Sent: Wednesday, October 01, 2003 2:22 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Deleting Ex2k BadMail directory

Go to the command line set your default into the directory and delete
the contents (del *.*) . If you try from explorer, it will crash. It
cannot handle the amount of messages that appear there.

 

----- Original Message ----- 

From: Ryan Lambert <mailto:rlambert@xxxxxxxxxxxxxxx>  

To: thin@xxxxxxxxxxxxx 

Sent: Wednesday, October 01, 2003 1:45 PM

Subject: [THIN] Deleting Ex2k BadMail directory

 

Anyone have a guide on flushing this? I got a customer with over 1
million items.

 

--

Ryan Lambert, MCP, CCA

Network Engineer

NetSource

1242 East 49th Street

Ste. 0503-B, Third Floor

Cleveland, OH 44114

Phone/Fax: 216-373-2757

http://www.netsourceit.com/

 

 

Other related posts:

• » [THIN] Deleting Ex2k BadMail directory
• » [THIN] Re: Deleting Ex2k BadMail directory
• » [THIN] Re: Deleting Ex2k BadMail directory
• » [THIN] Re: Deleting Ex2k BadMail directory
• » [THIN] Re: Deleting Ex2k BadMail directory
• » [THIN] Re: Deleting Ex2k BadMail directory
• » [THIN] Re: Deleting Ex2k BadMail directory
• » [THIN] Re: Deleting Ex2k BadMail directory
• » [THIN] Re: Deleting Ex2k BadMail directory
• » [THIN] Re: Deleting Ex2k BadMail directory
• » [THIN] Re: Deleting Ex2k BadMail directory
• » [THIN] Re: Deleting Ex2k BadMail directory
• » [THIN] Re: Deleting Ex2k BadMail directory
• » [THIN] Re: Deleting Ex2k BadMail directory
• » [THIN] Re: Deleting Ex2k BadMail directory

1. Home
2. thin
3. Archive
4. 10-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---