Hello,
We have ASG220 as firewall and smtp proxy, in our internal network i have Exchange2003 as email server and ~100 computers and they use exchange every day.
Few days ago i found huge cpu load on ASG and it was because of 20000 emails in spool(waiting for delivery). Webadmin is almost dead, connected to asg with ssh and opened one mail, discovered that all emails where sent from one pc from internal network, as you can imagine it was some spam virus/worm, disconnected that pc, cleaned, but DIDNT connet it back to network. Then i deleted all messages from astaro spool using ssh and all was ok for 1 day. My ASG smtp proxy config was almost fine, it have all anti spam features enabled, scan outgoing msg enabled,transparent mode, but mistake was with host based relay - allow relay from all internal network, I changed it to allow relay only from Exchange server, i hope it was right.
Today had huge load on ASG again, looks like same situation, emails waiting for delivery is growing and now have 45000 emails in spool, cheked from which ip, strange but its same internal ip of computer which is disconnected from network, how this can happen? How computer which is offline, can submit emails to astaro ? Cheked few times, but this internal ip is off. Maybe all these spam messages was submited few days ago and now its some sort of retry ? What to do in this situation ? I am trying to delete these emails using mail manager, but its really hard, disabled smtp proxy, but that not helps, spool is growing anyway...What to do in this situation ? Sorry for my english, i will accept any help.
Best Regards
J.
This thread was automatically locked due to age.
Quote