Doesn't seem to be a virus. I installed Norton AntiVirus Corporate Edition on the IIS SMTP box and d/l the latest virus defs. Ran a scan of the HD and only turned up 2 copies of the W32.MAGISTR.24876@MM virus on 2 messages in the /BADMAIL subdirectory so it doesn't seem to be NIMBA.
Also, I *thought* I had the MS01-044 cumulative patch installed but turns out I didn't so I install that and rebooted. After the reboot, everything is the SAME. Still have loads of emails filling my /queue directory and am stumped. Any other clues? Again, only thing I can think of is that I have the "Allow Relay" checkbox enabled on the remote domain (whitnall.com) and the outbound security button is set for No Authentication. This is how it's always been. Thanks for additional help! > As the rest have stated... first rule out a virus. If a virus is not the > cause > This article has a section about relay restrictions, it might help you > decide what restrictions you need: > http://support.microsoft.com/support/kb/articles/q230/2/35.asp > > > >From: "Murphy, Brian" <[EMAIL PROTECTED]> > >Reply-To: "Exchange Discussions" <[EMAIL PROTECTED]> > >To: "Exchange Discussions" <[EMAIL PROTECTED]> > >Subject: RE: IIS SMTP relay for Exchange - Is my relay being used by other > > s? > >Date: Tue, 20 Nov 2001 14:49:25 -0600 > > > >Rule out the virus first. Download some type of AV and scan. > > > >-----Original Message----- > >From: Jesse Rink [mailto:[EMAIL PROTECTED]] > >Sent: Tuesday, November 20, 2001 2:39 PM > >To: Exchange Discussions > >Subject: Re: IIS SMTP relay for Exchange - Is my relay being used by > >others? > > > > > >Version 4.0 so the Q article doesn't apply.. Thanks anyway. Is there a > >comparable Q article for IIS4? > > > >Also, I should mention that on my IIS relay box, under the Remote Domain > >properties, the box labeled "Allow incoming mail to be relayed to this > >domain" *IS* checked. Not sure why. Would this be the cause? Or would > >it still be a virus as some are saying? > > > >Thanks > > > > > > > What version of IIS? the following article is for IIS 5 > > > http://support.microsoft.com/support/kb/articles/q310/3/56.asp > > > > > > > > > >From: "Jesse Rink" <[EMAIL PROTECTED]> > > > >Reply-To: "Exchange Discussions" <[EMAIL PROTECTED]> > > > >To: "Exchange Discussions" <[EMAIL PROTECTED]> > > > >Subject: IIS SMTP relay for Exchange - Is my relay being used by > >others? > > > >Date: Tue, 20 Nov 2001 14:23:00 -0600 > > > > > > > >Okay. Here's the low-down. > > > > > > > >I have an Exchange 5.5 server on the inside interface of our firewall > >and > > > >and IIS SMTP relay server on the DMZ interface of our firewall. This > >has > > > >been running for several months without any problems. > > > > > > > >Yesterday I reviewed the daily network bandwidth chart for our T1 line > >out > > > >the to internet and found the inbound traffic was WAY higher (my eyes > > > >almost popped out of my sockets) than usual. This was highly > >noticeable > > > >in that the inbound traffic continued into the late hours of the night. > > > >Normally, after 5pm, network inbound/outbound traffic is dead. > > > > > > > >I tried figuring out what all of a sudden is causing this increased > > > >traffic and am beginning to suspect the IIS SMTP relay box. > >Performance > > > >analysis on the box shows that the CPU utilization is much higher than > > > >usual (mainly from inetinfo.exe). After further investigating, I > >noticed > > > >that the c:\inetpub\mailroot\queue directory is suddenly full (1500 > > > >messages) of .rtr and .eml files (can someone explain the difference > > > >between these?). > > > > > > > >Not only are there 1500+ .rtr and .eml files in the queue, but the > > > >messages themselves are not originating from or destined to > >whitnall.com > > > >(my domain). > > > > > > > >I'm assuming someone (most of the messages are from hotmail.com > >accounts > > > >and contain PORN links) is using our smtp relay... > > > > > > > >Can someone please help me address this problem? Not sure how to > >proceed. > > > > Thanks > > > > > > > >reply here or via email > > > >[EMAIL PROTECTED] > > > >_________________________________________________________________ > >List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > >Archives: http://www.swynk.com/sitesearch/search.asp > >To unsubscribe: mailto:[EMAIL PROTECTED] > >Exchange List admin: [EMAIL PROTECTED] > > > >_________________________________________________________________ > >List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > >Archives: http://www.swynk.com/sitesearch/search.asp > >To unsubscribe: mailto:[EMAIL PROTECTED] > >Exchange List admin: [EMAIL PROTECTED] > > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
