golovast
MIS
- Mar 18, 2002
- 2
Ok, this is the case that I have. One of my clients has contacted me a few weeks back and said that they got a notice for spamming. I checked it out and locked down their Virtual SMTP server per Microsoft specs, including SMTP Connector. I specified that the only people allowed to relay were the ones from the internal, private IP range. I UNchecked the box which would allow authenticated computers to relay regardless of the list above, since they don't have any remote users. The default domain under Connectors was also removed. I checked their server with mail-abuse checker and Sam Spade and everything was good. Now to the problem. They work ok for 2-3 weeks, today they call and not only do they get another notice for spamming, their server is unbelivably slow and pretty much crashes when you try to do something. With outside smtp relay checkers the server still seems closed. On the inside however, a process inetinfo.exe is gobbling up memory every second that it is running until it crashes the server. It is doing that because about 25 SMTP connections are being opened from the inside and are blasting mail. Get this: The account that is sending mail is NT Authority/System with about 25 instances As far as I know it isn't even supposed to have a mailbox, but I can't manage that account. I tried blocking everyone from sending, but server still goes down, because NT Authority still attempts the connections, which in turn kills inetinfo.exe. If I turn off SMTP service, everything is fine, but the second its back on, all of these connections generated by NT Authority/SYSTEM are right there. It almost seems as a script, but I think I've checked every place where it may be and nothing is there, including (HKEY_LOCAL_MACHINE/....../Run). Has anyone seen anything similar? Any suggestions or ideas? I'll appreciate all the help. Thank you.
P.S. All the service packs and patches have been installed and anti-virus run.
P.S. All the service packs and patches have been installed and anti-virus run.
