Heh... Right, now the question is, HOW do I fix it? It's what I'm trying to do as we speak but I'm not sure where to proceed.
> To answer the question in your subject line, yes. You are being used and > abused. Fix that relay, and feel free to delete all the messages you can > from the admin queue page before they go anywhere else. > > -----Original Message----- > From: Jesse Rink [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, November 20, 2001 4:08 PM > To: Exchange Discussions > Subject: RE: IIS SMTP relay for Exchange - Is my relay being used by > other s? > > > Doesn't seem to be a virus. I installed Norton AntiVirus Corporate > Edition on the IIS SMTP box and d/l the latest virus defs. Ran a scan of > the HD and only turned up 2 copies of the W32.MAGISTR.24876@MM virus on 2 > messages in the /BADMAIL subdirectory so it doesn't seem to be NIMBA. > > Also, I *thought* I had the MS01-044 cumulative patch installed but turns > out I didn't so I install that and rebooted. > > After the reboot, everything is the SAME. Still have loads of emails > filling my /queue directory and am stumped. > > Any other clues? Again, only thing I can think of is that I have the > "Allow Relay" checkbox enabled on the remote domain (whitnall.com) and the > outbound security button is set for No Authentication. This is how it's > always been. > > Thanks for additional help! > > > > As the rest have stated... first rule out a virus. If a virus is not the > > cause > > This article has a section about relay restrictions, it might help you > > decide what restrictions you need: > > http://support.microsoft.com/support/kb/articles/q230/2/35.asp > > > > > > >From: "Murphy, Brian" <[EMAIL PROTECTED]> > > >Reply-To: "Exchange Discussions" <[EMAIL PROTECTED]> > > >To: "Exchange Discussions" <[EMAIL PROTECTED]> > > >Subject: RE: IIS SMTP relay for Exchange - Is my relay being used by > other > > > s? > > >Date: Tue, 20 Nov 2001 14:49:25 -0600 > > > > > >Rule out the virus first. Download some type of AV and scan. > > > > > >-----Original Message----- > > >From: Jesse Rink [mailto:[EMAIL PROTECTED]] > > >Sent: Tuesday, November 20, 2001 2:39 PM > > >To: Exchange Discussions > > >Subject: Re: IIS SMTP relay for Exchange - Is my relay being used by > > >others? > > > > > > > > >Version 4.0 so the Q article doesn't apply.. Thanks anyway. Is there a > > >comparable Q article for IIS4? > > > > > >Also, I should mention that on my IIS relay box, under the Remote Domain > > >properties, the box labeled "Allow incoming mail to be relayed to this > > >domain" *IS* checked. Not sure why. Would this be the cause? Or would > > >it still be a virus as some are saying? > > > > > >Thanks > > > > > > > > > > What version of IIS? the following article is for IIS 5 > > > > http://support.microsoft.com/support/kb/articles/q310/3/56.asp > > > > > > > > > > > > >From: "Jesse Rink" <[EMAIL PROTECTED]> > > > > >Reply-To: "Exchange Discussions" <[EMAIL PROTECTED]> > > > > >To: "Exchange Discussions" <[EMAIL PROTECTED]> > > > > >Subject: IIS SMTP relay for Exchange - Is my relay being used by > > >others? > > > > >Date: Tue, 20 Nov 2001 14:23:00 -0600 > > > > > > > > > >Okay. Here's the low-down. > > > > > > > > > >I have an Exchange 5.5 server on the inside interface of our firewall > > >and > > > > >and IIS SMTP relay server on the DMZ interface of our firewall. This > > >has > > > > >been running for several months without any problems. > > > > > > > > > >Yesterday I reviewed the daily network bandwidth chart for our T1 > line > > >out > > > > >the to internet and found the inbound traffic was WAY higher (my eyes > > > > >almost popped out of my sockets) than usual. This was highly > > >noticeable > > > > >in that the inbound traffic continued into the late hours of the > night. > > > > >Normally, after 5pm, network inbound/outbound traffic is dead. > > > > > > > > > >I tried figuring out what all of a sudden is causing this increased > > > > >traffic and am beginning to suspect the IIS SMTP relay box. > > >Performance > > > > >analysis on the box shows that the CPU utilization is much higher > than > > > > >usual (mainly from inetinfo.exe). After further investigating, I > > >noticed > > > > >that the c:\inetpub\mailroot\queue directory is suddenly full (1500 > > > > >messages) of .rtr and .eml files (can someone explain the difference > > > > >between these?). > > > > > > > > > >Not only are there 1500+ .rtr and .eml files in the queue, but the > > > > >messages themselves are not originating from or destined to > > >whitnall.com > > > > >(my domain). > > > > > > > > > >I'm assuming someone (most of the messages are from hotmail.com > > >accounts > > > > >and contain PORN links) is using our smtp relay... > > > > > > > > > >Can someone please help me address this problem? Not sure how to > > >proceed. > > > > > Thanks > > > > > > > > > >reply here or via email > > > > >[EMAIL PROTECTED] > > > > > >_________________________________________________________________ > > >List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > >Archives: http://www.swynk.com/sitesearch/search.asp > > >To unsubscribe: mailto:[EMAIL PROTECTED] > > >Exchange List admin: [EMAIL PROTECTED] > > > > > >_________________________________________________________________ > > >List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > >Archives: http://www.swynk.com/sitesearch/search.asp > > >To unsubscribe: mailto:[EMAIL PROTECTED] > > >Exchange List admin: [EMAIL PROTECTED] > > > > > > _________________________________________________________________ > > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]