The first thing to do would be to stop your SMTP service by going to the command prompt and running the following command:
Net stop smtpsvc
It might take a while but don't worry about it. Next, you need to locate the Exchange SMTP queue directories, typically located at "c:\program files\exchsrvr\mailroot\vsi 1". Use the command prompt to change to this directory and delete all files under the "badmail" and "queue" directories. You might lose one or two valid mails but in case of an attack you might have to.
Now go to Exchange System Manager, and locate the SMTP virtual server and view its property pages Relay options.
The following setting ensures that you server is not open to any relay, neither from inside nor from the outside. It will also disable SMTP authentication so if you have POP3/SMTP clients they will have to use a different outgoing SMTP server.
Disabling notifications to the sender is also useful in this scenario so that your SMTP queue is not jammed with non-delivery messages.
Remember to check this option again once the attack is over.
Once this is done you can start the SMTP service using the following command:
Net start smtpsvc
Having started the SMTP service, check to see whether the Queues are filling up again.
沒有留言:
張貼留言