Exchange 5.5 Sp-4, NT 4.0 SP-6a w/Security Rollup, no SMTP routing enabled. Turned on IMS Message tracking:
Here's my most recent response to Microsoft.
"As luck would have it, the Exchange Server is continuing to try and send rogue e-mails, but there was a funny file is called "s100.4" and is exactly 1024 bytes. Strangely also is the Creation date was 12/19/01 and the modified date is in 2000...
Other files included are a "..\Exchsrvr\IMCData\queue.dat" and ..\Exchsrvr\IMCData\queue.bad" that I found and ran IMCDump.exe on. The queue.bad file will cause a Dr.Watson if you run "imcdump.exe queue.bad outbound". the two text files are IMCDump's of queue.dat and queue.bad.
I've investigated possible virus infection, but I cannot find any correlation. Keep in mind that when the server was the only host on the LAN and the Internet DSL was shut down, the queue continued to fill (Mass Mailing Worm?). I've tried to look for any common worm triggers in the registry under Run & Services, could not find any.
On Wednesday I replaced a failed SCSI HDU and found the IS-Priv @ 102Mb, after defrag it went down to 60Mb (approx 5 users) and ISINTEG found and fixed a few errors. My previous visit found the IS-Priv at around 630Mb and defragged to about 80Mb.
I'm well versed in the 3 suggested Q-articles from your response and only in two of many servers I have deployed do we allow SMTP routing, this server is Not one of them."
Text
Here's my most recent response to Microsoft.
"As luck would have it, the Exchange Server is continuing to try and send rogue e-mails, but there was a funny file is called "s100.4" and is exactly 1024 bytes. Strangely also is the Creation date was 12/19/01 and the modified date is in 2000...
Other files included are a "..\Exchsrvr\IMCData\queue.dat" and ..\Exchsrvr\IMCData\queue.bad" that I found and ran IMCDump.exe on. The queue.bad file will cause a Dr.Watson if you run "imcdump.exe queue.bad outbound". the two text files are IMCDump's of queue.dat and queue.bad.
I've investigated possible virus infection, but I cannot find any correlation. Keep in mind that when the server was the only host on the LAN and the Internet DSL was shut down, the queue continued to fill (Mass Mailing Worm?). I've tried to look for any common worm triggers in the registry under Run & Services, could not find any.
On Wednesday I replaced a failed SCSI HDU and found the IS-Priv @ 102Mb, after defrag it went down to 60Mb (approx 5 users) and ISINTEG found and fixed a few errors. My previous visit found the IS-Priv at around 630Mb and defragged to about 80Mb.
I'm well versed in the 3 suggested Q-articles from your response and only in two of many servers I have deployed do we allow SMTP routing, this server is Not one of them."
Text
