Possible DoS attack on my server

[mjfeeney]

On 2/14, my exchange server crashed. The hard drive was completely full. The offending folder was exchsrvr/MDBDATA. It was full of E0000xxx.log files that are 5MB each. These files had dates which occurred once every 3-5 days, until 2/13, where they started ocuring once every 1-3 MINUTES. I deleted them, and the server came back up fine. The files continued to pour in until I unpluged the network from the server. Then the files stopped. Leaving it unplugged for a few hours, the files never appeared. Within a minute of plugging it back in, it started creating the .log files again.

Upon opening up one of the .log files in Word, they were full of messages sent to the postmaster on my domain, stating that the following message was unable to be sent, and attached was some kind of spam message. It appears that somebody is relaying spam through my server.

Everyone, please take a minute to look at this directory on your server. I am wondering if this could be part of some DoS attack, much like our little SQL problem Superbowl weekend.

 

[SkyHawkTech]

It means your server is an open relay. Close the relay or shut it off. The Internet is saturated with way too much spam and "bad sites" and those hackers will find 'any' email server available to relay there trash through.

~Rick

 

[Marcs41]

Don't jump to the DoS Attack conclusion to quickly, you'll just get paranoid.
Since you noticed youself they origin from spam, take some time to check where the message came from.
It could well be one on the LA workstation genrating this because of a virus or worm.
Also, disable your NDR to the internet while your are at it. If the answer is here, mark it, others can benefit from it too.
Free Tip: The F1 Key does NOT destroy your PC!