And I would do it NOW NOW NOW! OMG dude, you are leaving a highly exposed security hole on your network that may be sniffing passwords and confidential data. Backup the stores and flatten that baby.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, January 19, 2004 10:15 AM To: Exchange Discussions Subject: RE: Hijacked Server Looks like it's time to build a new server! I would AUDIT YOUR FIREWALL ,then build a new box. MO Matthew Chase -----Original Message----- From: David Goldstein [mailto:[EMAIL PROTECTED] Sent: Sunday, January 18, 2004 9:14 PM To: Exchange Discussions Subject: Hijacked Server Recently my Exchange 2000 sever was compromised and was being used as an open relay server. I have made every change I have read about to patch the server and that seems to have stopped most of my problems. I was relaying up to 100,000 emails a day with hundreds of unresolved SMTP queues - most of that has gone away. But, what still remain are around 20 SMTP queues and a very strange 27 min delay for all (legal) outgoing mail. I have checked for spyware and viruses possibly left behind by the hijacker. He did have a password sniffer runner, which I have deleted. There also was a service call mr2kserv.exe which when deleted removed all of the left over SMTP queues - but only for a day or two. They are back again. So my question is this: What so you think is causing the 27 min delay? Thanks, David Goldstein _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
