I discovered that a spammer was using the client's server to relay spam. Although the server wasn't an open relay, the spammer was somehow authenticating to the server to send messages. My first concern was to prevent the spammer from sending more messages. I disconnected the firewall from the Internet and deleted all the sessions. I tried to use the Exchange System Manager (ESM) to delete the messages from the queues, but the process was taking a long time. I stopped all the Exchange services, opened a command prompt, and deleted the messages from the directory D:exchsrvrmailrootvsi 1queue. Stopping the Exchange services greatly improved the server performance, but more than 10,000 messages were waiting in various queues, so even using the command prompt to delete the messages took more than an hour.
Read Entire Paper
E-Mail Link
Your IP address will be sent with this e-mail
