Question : Crazy Exchange 2003 SPAM problem

ok this is the weirdest thing i have seen yet in my I.T career. Here is an outline of the network

1x SBS 2003 R2 server with Exchange 2003 <-- server with problems
1x Terminal Server (MS server 2003 x64)
1x Sharepoint server (MS Server 2003 x64)

Problem:

Our users were using pop3 email as there primary source of email, during this time the exchange services were stopped and disabled as well as the smtp service. We have decided to start utilising exchange as our email server and this is where the fun begins

Our current server and network is protected by Trend Micro Worry Free Business Advance, and part of this software includes the real time monitor, which gives you a glimps of what emails are being sent from your server. After i started the exchange services and the simple mail transfer protocol service, the real time monitor started getting flooded with outgoing spam emails.

What happened next:

Instantly my first thought was open relay on the exchange server, i did a test on open relay sites and it was reporting it as an open relay, after double checking everything on the server to ensure it was not an open relay the problem still existed. I unchecked the allow annoymous access under relay settings, i applied message filtering options, i followed microsoft's open relay guide, and all is sweet.

Next i closed down the smtp port on the firewall, but spam was still being sent, i closed off the internet connection, i turned off all other servers and computers, still sending spam.

After playing around i then identified it was the smtp service that was causing the problems, i closed down the exchange information store service, and all other exchange services and still trend real time monitor reported email being sent out. after stopping the smtp service it stopped. I uninstalled the smtp service, reinstalled, problem came back. i reinstalled trend software, did virus scans, still problem exists, i reintalled exchange 2003, problem still occurs. Im now running a packet capture program and its showing my server (192.168.0.5) as sending all email out to yahoo, gmail and other email address;s with absolute rubbish emails. what i have also noticed is the c: drive is slowly losing free disk space, even thou the exhange databases are not hosted on this drive. i cleared the message logs, and other logging but they werent large enough to be eating about 100MB every hour.

Anyone got any ideas at all, virus scanning found nothing, spyware scan found nothing, and the only way to stop is to remote the smtp service, could this be a new virus?

attached are the following files:
realtime.jpg <-- this is what shows up on the trend micro real time monitor after enabling the smtp service for roughly 30 seconds

Answer : Crazy Exchange 2003 SPAM problem

Quite an interesting case.

What does ExBPA report for this server?

Random Solutions

3Com NBX Active Directory Integration / LDAP connectivity?

Disconnect RAS connection

Computer cannot access 1 particular website even after ipconfig /flushdns

Can you create LAG groups accross Stacked Switches?

Who is the best enterprise level wireless router vendor ?

Unable to view web pages although broadband shows connected

Filter disabled users from LDAP search in Printer

Primary/secondary DNS order?

Final year project