"Chanchel" <Chanc***@discussions.microsoft.com> wrote in message
news:C40B43D3-D81B-48C7-9157-480665AA51E1@microsoft.com...
> We have sbs 2k3.  I closed all open ports on the firewall, blocked all
> outbound traffic on port 25 and disabled outbound mail in ESM.  I have
> trendmicro scanmail for exchange 8.0 suite, mcafee enterprise av 8.5, both
> up
> to date.  The smtp queue just sits there and fills up with spam messages
> trying to go out, I mean thousands of messages.  I shut down every
> computer
> in the office except the server.  I ran full scans with the previously
> mentioned programs and malwarebytes and spybot search and destroy.  I
> cannot
> not find what is sending the messages or how to stop it.

"Ed Crowley [MVP]" wrote:

> Did you close inbound mail traffic?  It's likely that what you're seeing are
> NDRs to undeliverable spam you're receiving, and that doesn't really clog up
> your network much because they're just in retry mode for a long time.  You
> could inhibit the sending of NDRs, but that has its own disadvantages.
> Here's how to do it:  http://support.microsoft.com/kb/294757/en-us.
> --
> Ed Crowley MVP
> "There are seldom good technological solutions to behavioral problems."
> ..
>
> "Chanchel" <Chanc***@discussions.microsoft.com> wrote in message
> news:C40B43D3-D81B-48C7-9157-480665AA51E1@microsoft.com...
> > We have sbs 2k3.  I closed all open ports on the firewall, blocked all
> > outbound traffic on port 25 and disabled outbound mail in ESM.  I have
> > trendmicro scanmail for exchange 8.0 suite, mcafee enterprise av 8.5, both
> > up
> > to date.  The smtp queue just sits there and fills up with spam messages
> > trying to go out, I mean thousands of messages.  I shut down every
> > computer
> > in the office except the server.  I ran full scans with the previously
> > mentioned programs and malwarebytes and spybot search and destroy.  I
> > cannot
> > not find what is sending the messages or how to stop it.
>
>

"Chanchel" <Chanc***@discussions.microsoft.com> wrote in message
news:CDE95804-9CF7-4CBF-A3B6-6048AD91E3F3@microsoft.com...
>I closed all inbound and outbound traffic.  They aren't ndrs.  They are
>spam.
> One example says that it's from email address something.elect***@sify.com
> and is going to a**@yahoo.com.  They're messages being generated by
> something.  At first I thought it was a relay problem, but after closing
> all
> ports it should have stopped, but it didn't.
>
> "Ed Crowley [MVP]" wrote:
>
>> Did you close inbound mail traffic?  It's likely that what you're seeing
>> are
>> NDRs to undeliverable spam you're receiving, and that doesn't really clog
>> up
>> your network much because they're just in retry mode for a long time.
>> You
>> could inhibit the sending of NDRs, but that has its own disadvantages.
>> Here's how to do it:  http://support.microsoft.com/kb/294757/en-us.
>> --
>> Ed Crowley MVP
>> "There are seldom good technological solutions to behavioral problems."
>> ..
>>
>> "Chanchel" <Chanc***@discussions.microsoft.com> wrote in message
>> news:C40B43D3-D81B-48C7-9157-480665AA51E1@microsoft.com...
>> > We have sbs 2k3.  I closed all open ports on the firewall, blocked all
>> > outbound traffic on port 25 and disabled outbound mail in ESM.  I have
>> > trendmicro scanmail for exchange 8.0 suite, mcafee enterprise av 8.5,
>> > both
>> > up
>> > to date.  The smtp queue just sits there and fills up with spam
>> > messages
>> > trying to go out, I mean thousands of messages.  I shut down every
>> > computer
>> > in the office except the server.  I ran full scans with the previously
>> > mentioned programs and malwarebytes and spybot search and destroy.  I
>> > cannot
>> > not find what is sending the messages or how to stop it.
>>
>>

"Ed Crowley [MVP]" wrote:

> You must have infected computers on your network.
> --
> Ed Crowley MVP
> "There are seldom good technological solutions to behavioral problems."
> ..
>
> "Chanchel" <Chanc***@discussions.microsoft.com> wrote in message
> news:CDE95804-9CF7-4CBF-A3B6-6048AD91E3F3@microsoft.com...
> >I closed all inbound and outbound traffic.  They aren't ndrs.  They are
> >spam.
> > One example says that it's from email address something.elect***@sify.com
> > and is going to a**@yahoo.com.  They're messages being generated by
> > something.  At first I thought it was a relay problem, but after closing
> > all
> > ports it should have stopped, but it didn't.
> >
> > "Ed Crowley [MVP]" wrote:
> >
> >> Did you close inbound mail traffic?  It's likely that what you're seeing
> >> are
> >> NDRs to undeliverable spam you're receiving, and that doesn't really clog
> >> up
> >> your network much because they're just in retry mode for a long time.
> >> You
> >> could inhibit the sending of NDRs, but that has its own disadvantages.
> >> Here's how to do it:  http://support.microsoft.com/kb/294757/en-us.
> >> --
> >> Ed Crowley MVP
> >> "There are seldom good technological solutions to behavioral problems."
> >> ..
> >>
> >> "Chanchel" <Chanc***@discussions.microsoft.com> wrote in message
> >> news:C40B43D3-D81B-48C7-9157-480665AA51E1@microsoft.com...
> >> > We have sbs 2k3.  I closed all open ports on the firewall, blocked all
> >> > outbound traffic on port 25 and disabled outbound mail in ESM.  I have
> >> > trendmicro scanmail for exchange 8.0 suite, mcafee enterprise av 8.5,
> >> > both
> >> > up
> >> > to date.  The smtp queue just sits there and fills up with spam
> >> > messages
> >> > trying to go out, I mean thousands of messages.  I shut down every
> >> > computer
> >> > in the office except the server.  I ran full scans with the previously
> >> > mentioned programs and malwarebytes and spybot search and destroy.  I
> >> > cannot
> >> > not find what is sending the messages or how to stop it.
> >>
> >>
>
>

"Chanchel" <Chanc***@discussions.microsoft.com> wrote in message
news:701DC3BC-54B7-47AD-B09A-5FEE3DF4178A@microsoft.com...
> But I shut off all other computers.  The only computer running in the
> building was the server.
>
> "Ed Crowley [MVP]" wrote:
>
>> You must have infected computers on your network.
>> --
>> Ed Crowley MVP
>> "There are seldom good technological solutions to behavioral problems."
>> ..
>>
>> "Chanchel" <Chanc***@discussions.microsoft.com> wrote in message
>> news:CDE95804-9CF7-4CBF-A3B6-6048AD91E3F3@microsoft.com...
>> >I closed all inbound and outbound traffic.  They aren't ndrs.  They are
>> >spam.
>> > One example says that it's from email address
>> > something.elect***@sify.com
>> > and is going to a**@yahoo.com.  They're messages being generated by
>> > something.  At first I thought it was a relay problem, but after
>> > closing
>> > all
>> > ports it should have stopped, but it didn't.
>> >
>> > "Ed Crowley [MVP]" wrote:
>> >
>> >> Did you close inbound mail traffic?  It's likely that what you're
>> >> seeing
>> >> are
>> >> NDRs to undeliverable spam you're receiving, and that doesn't really
>> >> clog
>> >> up
>> >> your network much because they're just in retry mode for a long time.
>> >> You
>> >> could inhibit the sending of NDRs, but that has its own disadvantages.
>> >> Here's how to do it:  http://support.microsoft.com/kb/294757/en-us.
>> >> --
>> >> Ed Crowley MVP
>> >> "There are seldom good technological solutions to behavioral
>> >> problems."
>> >> ..
>> >>
>> >> "Chanchel" <Chanc***@discussions.microsoft.com> wrote in message
>> >> news:C40B43D3-D81B-48C7-9157-480665AA51E1@microsoft.com...
>> >> > We have sbs 2k3.  I closed all open ports on the firewall, blocked
>> >> > all
>> >> > outbound traffic on port 25 and disabled outbound mail in ESM.  I
>> >> > have
>> >> > trendmicro scanmail for exchange 8.0 suite, mcafee enterprise av
>> >> > 8.5,
>> >> > both
>> >> > up
>> >> > to date.  The smtp queue just sits there and fills up with spam
>> >> > messages
>> >> > trying to go out, I mean thousands of messages.  I shut down every
>> >> > computer
>> >> > in the office except the server.  I ran full scans with the
>> >> > previously
>> >> > mentioned programs and malwarebytes and spybot search and destroy.
>> >> > I
>> >> > cannot
>> >> > not find what is sending the messages or how to stop it.
>> >>
>> >>
>>
>>

"Ed Crowley [MVP]" <curspice@nospam.net> wrote in message
news:%233DQg0b2JHA.3780@TK2MSFTNGP04.phx.gbl...
> Maybe it's infected.
> --
> Ed Crowley MVP
> "There are seldom good technological solutions to behavioral problems."
> .
>
> "Chanchel" <Chanc***@discussions.microsoft.com> wrote in message
> news:701DC3BC-54B7-47AD-B09A-5FEE3DF4178A@microsoft.com...
>> But I shut off all other computers.  The only computer running in the
>> building was the server.
>>
>> "Ed Crowley [MVP]" wrote:
>>
>>> You must have infected computers on your network.
>>> --
>>> Ed Crowley MVP
>>> "There are seldom good technological solutions to behavioral problems."
>>> ..
>>>
>>> "Chanchel" <Chanc***@discussions.microsoft.com> wrote in message
>>> news:CDE95804-9CF7-4CBF-A3B6-6048AD91E3F3@microsoft.com...
>>> >I closed all inbound and outbound traffic.  They aren't ndrs.  They are
>>> >spam.
>>> > One example says that it's from email address
>>> > something.elect***@sify.com
>>> > and is going to a**@yahoo.com.  They're messages being generated by
>>> > something.  At first I thought it was a relay problem, but after
>>> > closing
>>> > all
>>> > ports it should have stopped, but it didn't.
>>> >
>>> > "Ed Crowley [MVP]" wrote:
>>> >
>>> >> Did you close inbound mail traffic?  It's likely that what you're
>>> >> seeing
>>> >> are
>>> >> NDRs to undeliverable spam you're receiving, and that doesn't really
>>> >> clog
>>> >> up
>>> >> your network much because they're just in retry mode for a long time.
>>> >> You
>>> >> could inhibit the sending of NDRs, but that has its own
>>> >> disadvantages.
>>> >> Here's how to do it:  http://support.microsoft.com/kb/294757/en-us.
>>> >> --
>>> >> Ed Crowley MVP
>>> >> "There are seldom good technological solutions to behavioral
>>> >> problems."
>>> >> ..
>>> >>
>>> >> "Chanchel" <Chanc***@discussions.microsoft.com> wrote in message
>>> >> news:C40B43D3-D81B-48C7-9157-480665AA51E1@microsoft.com...
>>> >> > We have sbs 2k3.  I closed all open ports on the firewall, blocked
>>> >> > all
>>> >> > outbound traffic on port 25 and disabled outbound mail in ESM.  I
>>> >> > have
>>> >> > trendmicro scanmail for exchange 8.0 suite, mcafee enterprise av
>>> >> > 8.5,
>>> >> > both
>>> >> > up
>>> >> > to date.  The smtp queue just sits there and fills up with spam
>>> >> > messages
>>> >> > trying to go out, I mean thousands of messages.  I shut down every
>>> >> > computer
>>> >> > in the office except the server.  I ran full scans with the
>>> >> > previously
>>> >> > mentioned programs and malwarebytes and spybot search and destroy.
>>> >> > I
>>> >> > cannot
>>> >> > not find what is sending the messages or how to stop it.
>>> >>
>>> >>
>>>
>>>
>

"Chanchel" <Chanc***@discussions.microsoft.com> wrote in message
news:701DC3BC-54B7-47AD-B09A-5FEE3DF4178A@microsoft.com...
> But I shut off all other computers.  The only computer running in the
> building was the server.
>
> "Ed Crowley [MVP]" wrote:
>
>> You must have infected computers on your network.
>> --
>> Ed Crowley MVP
>> "There are seldom good technological solutions to behavioral problems."
>> ..
>>
>> "Chanchel" <Chanc***@discussions.microsoft.com> wrote in message
>> news:CDE95804-9CF7-4CBF-A3B6-6048AD91E3F3@microsoft.com...
>> >I closed all inbound and outbound traffic.  They aren't ndrs.  They are
>> >spam.
>> > One example says that it's from email address
>> > something.elect***@sify.com
>> > and is going to a**@yahoo.com.  They're messages being generated by
>> > something.  At first I thought it was a relay problem, but after
>> > closing
>> > all
>> > ports it should have stopped, but it didn't.
>> >
>> > "Ed Crowley [MVP]" wrote:
>> >
>> >> Did you close inbound mail traffic?  It's likely that what you're
>> >> seeing
>> >> are
>> >> NDRs to undeliverable spam you're receiving, and that doesn't really
>> >> clog
>> >> up
>> >> your network much because they're just in retry mode for a long time.
>> >> You
>> >> could inhibit the sending of NDRs, but that has its own disadvantages.
>> >> Here's how to do it:  http://support.microsoft.com/kb/294757/en-us.
>> >> --
>> >> Ed Crowley MVP
>> >> "There are seldom good technological solutions to behavioral
>> >> problems."
>> >> ..
>> >>
>> >> "Chanchel" <Chanc***@discussions.microsoft.com> wrote in message
>> >> news:C40B43D3-D81B-48C7-9157-480665AA51E1@microsoft.com...
>> >> > We have sbs 2k3.  I closed all open ports on the firewall, blocked
>> >> > all
>> >> > outbound traffic on port 25 and disabled outbound mail in ESM.  I
>> >> > have
>> >> > trendmicro scanmail for exchange 8.0 suite, mcafee enterprise av
>> >> > 8.5,
>> >> > both
>> >> > up
>> >> > to date.  The smtp queue just sits there and fills up with spam
>> >> > messages
>> >> > trying to go out, I mean thousands of messages.  I shut down every
>> >> > computer
>> >> > in the office except the server.  I ran full scans with the
>> >> > previously
>> >> > mentioned programs and malwarebytes and spybot search and destroy.
>> >> > I
>> >> > cannot
>> >> > not find what is sending the messages or how to stop it.
>> >>
>> >>
>>
>>

"Ed Crowley [MVP]" wrote:

> Consider using message tracking to maybe see where the message is coming
> from.
> --
> Ed Crowley MVP
> "There are seldom good technological solutions to behavioral problems."
> ..
>
> "Chanchel" <Chanc***@discussions.microsoft.com> wrote in message
> news:701DC3BC-54B7-47AD-B09A-5FEE3DF4178A@microsoft.com...
> > But I shut off all other computers.  The only computer running in the
> > building was the server.
> >
> > "Ed Crowley [MVP]" wrote:
> >
> >> You must have infected computers on your network.
> >> --
> >> Ed Crowley MVP
> >> "There are seldom good technological solutions to behavioral problems."
> >> ..
> >>
> >> "Chanchel" <Chanc***@discussions.microsoft.com> wrote in message
> >> news:CDE95804-9CF7-4CBF-A3B6-6048AD91E3F3@microsoft.com...
> >> >I closed all inbound and outbound traffic.  They aren't ndrs.  They are
> >> >spam.
> >> > One example says that it's from email address
> >> > something.elect***@sify.com
> >> > and is going to a**@yahoo.com.  They're messages being generated by
> >> > something.  At first I thought it was a relay problem, but after
> >> > closing
> >> > all
> >> > ports it should have stopped, but it didn't.
> >> >
> >> > "Ed Crowley [MVP]" wrote:
> >> >
> >> >> Did you close inbound mail traffic?  It's likely that what you're
> >> >> seeing
> >> >> are
> >> >> NDRs to undeliverable spam you're receiving, and that doesn't really
> >> >> clog
> >> >> up
> >> >> your network much because they're just in retry mode for a long time.
> >> >> You
> >> >> could inhibit the sending of NDRs, but that has its own disadvantages.
> >> >> Here's how to do it:  http://support.microsoft.com/kb/294757/en-us.
> >> >> --
> >> >> Ed Crowley MVP
> >> >> "There are seldom good technological solutions to behavioral
> >> >> problems."
> >> >> ..
> >> >>
> >> >> "Chanchel" <Chanc***@discussions.microsoft.com> wrote in message
> >> >> news:C40B43D3-D81B-48C7-9157-480665AA51E1@microsoft.com...
> >> >> > We have sbs 2k3.  I closed all open ports on the firewall, blocked
> >> >> > all
> >> >> > outbound traffic on port 25 and disabled outbound mail in ESM.  I
> >> >> > have
> >> >> > trendmicro scanmail for exchange 8.0 suite, mcafee enterprise av
> >> >> > 8.5,
> >> >> > both
> >> >> > up
> >> >> > to date.  The smtp queue just sits there and fills up with spam
> >> >> > messages
> >> >> > trying to go out, I mean thousands of messages.  I shut down every
> >> >> > computer
> >> >> > in the office except the server.  I ran full scans with the
> >> >> > previously
> >> >> > mentioned programs and malwarebytes and spybot search and destroy.
> >> >> > I
> >> >> > cannot
> >> >> > not find what is sending the messages or how to stop it.
> >> >>
> >> >>
> >>
> >>
>
>