RE: OK to run Ad-Aware on Domino Server? Gavin Bollard 29.Apr.08 12:43 AM a Web browser Domino Server All ReleasesWindows 2003
While it's very unlikely that mail would be sent through some "rogue" process on your notes server it is certainly not impossible.
Loading something like Adaware isn't likely to find the problem unless it's something very obvious.
I'd suggest that you consider some downtime on that server and remove it from the network. (Disconnect the network cable but leave the server running).
Watch Mail.box to see if any NEW spam messages hit it.
There's a few other things you could do to test the systems, like reconnect and leave the router running but stop the SMTP task. You should still be able to send internal mail but should not receive any spam.
Finally, consider shutting down the Notes server and running a full anti-virus scan across the server.
Malware usually won't make it onto a device without a process to load it - either an unpatched exploit.
1. You have a hardware firewall right? Is it configured to block all but Notes, SMTP, HTTP and HTTPS to that server - unless you need other services?
2. Do you have a software firewall on the server - even the Windows one will do - which is monitoring which applications can send and receive from the internet and local network?
3. It's a given that nobody EVER surfs the net on the server - right??
4. No files are transferred to the server except from scanned media - right?
The other thing to try - just to isolate whether the spam is coming from inside or outside - is to disconnect the internet at your workplace temporarily and watch mail.box - I know this is a little drastic but it will give you your answer.
If the spam is coming from outside, consider directing your SMTP through an external managed filtering service first.