spam attack using windows smtp
I hope this is the right place for me to ask my question here.
We am using Windows 2003 Web ed. with IIS 6.0. We have a lot of websites hosted on our servers, and some of them may be using CDOSYS in their scripts to handle mails. We are not the website admins or the programmers, only hosting the sites.
Recently, we recieved report that our server has been used to spam, and the mail headers show this:
Quote:
X-Mailer: Microsoft CDO for Windows 2000
with our server's IP as the sender. My guess is that that shows that it was sent using CDOSYS scripts, am I right?
There are thousands (if not ten of thousands) of files in the server, so looking it up manually one by one isn't a very promising way of tracking down the spammer.
Is there anyway to track down which scripts (if it's done by script) that is sending the spam? I've tried to look at IIS's logs, Event Viewers, do search on web logs, but found nothing at all. IIS's SMTP logs only shows that there are some SMTP activity to send out e-mails by the spammer, but it doesn't lead to how it was done, or which scripts it was using.
Also, is there any logs or configuration settings specifically for CDOSYS? Like, so I can block certain headers/body/e-mail address in from/to of the mail?
Any helps/hints on how I can track the spammer would be greatly appreciated. Thank you in advance!
