Thanks Simon..got it fixed. ________________________________ From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Simon Butler Sent: Thursday, October 18, 2007 1:36 PM To: exchangelist@xxxxxxxxxxxxx Subject: [ExchangeList] Re: Spam Attack Depends what sort of attack it is. Sounds like an NDR attack. Therefore the first thing you should do is turn off the option on the SMTP virtual server to receive a copy of NDRs. That is usually a waste of time anyway. You haven't said which version of Exchange it is, if it is Exchange 2003 or higher you should enable recipient filtering. If there are messages in the queues, then you will need to clean them up. Take a look at my spam cleanup article: http://www.amset.info/exchange/spam-cleanup.asp -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: simon@xxxxxxxxxxx w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? Go to http://www.certificatesforexchange.com/ for certificates for just $20 a year. ________________________________ From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Dan Crain Sent: 18 October 2007 17:21 To: exchangelist@xxxxxxxxxxxxx Subject: [ExchangeList] Spam Attack Woke up today to find my phone downloading 5000 system administrator messages so I naturally assumed spam attack. Checked my isa logs to make sure it was coming from outside the company and sure enough they are from a range of ip addresses which appear to be 168.95.6.xxx and 168.95.4.xxx the whole range Right now I've been deleting the emails by stopping the smtp queue and deleting the emails from the folder. My question is, how do I stop this? This is the first time I've had this done to my server. Any help would be great...thanks, Dan Daniel A. Crain Systems Administrator Dean, Ringers, Morgan & Lawton, P.A. 201 East Pine Street, Suite 1200 Orlando, FL 32801 Phone: 407-422-4310 DanC@xxxxxxxxxxxx NOTE: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please notify Dan Crain at DanC@xxxxxxxxxxxx immediately by replying to the message and deleting it from your computer. Thank you.