Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Exhcnage server SENDING unsolicited emails 1

Status
Not open for further replies.
ciscoric

ciscoric

IS-IT--Management
Jan 20, 2003
17
0
0
US
I have an exchange 2000 server that is sending constant emails outbound. Looking at the performance monitor I see there are about 40-200 emails going out at any given time. This is for a small network for about 20 users and there is no way they are sending that many emails.

I have checked to make sure we are not relaying and have confirmed, that is not the case.

Virus scans come up with nothing. And I am running redundant virus protection on the server. Using Trend Micro scan mail, and Symantec Antivirus.

Also, if I look at my firewall I see there is outbound SMTP traffic from only the IP Address of my exchange server, and there are really only a couple of domains they are all being sent to.

Any help would be greatly appreciated I have been working on this for weeks.
 
Sort by date Sort by votes
You've been working on this for weeks? Huh.

What address are they coming from? That's going to be your culprit. Look at your outbound queues and see who is sending them...odds are one of your 20 systems has a virus.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!
 
Upvote 0 Downvote
I know for weeks sounds bad but every time I think I have it it comes back. And I was not totally sure I was not relaying until today.

When I look at the Queues they are all Postmaster@domain.com non-deliverable.

I do not think I am looking at the outbound queue. I am obviously missing something.

 
Upvote 0 Downvote
It's possible that you're seeing NDR's being sent out to the Internet...turn them off to the Internet on your Exchange server and see if these mysterious emails go away.

Someone may have spoofed one or more of your email users addresses causing the flood of NDR's to your box.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!
 
Upvote 0 Downvote
Thank you for the help. I have unchecked Allow Delivery reports and also unchecked Allow non delivery reports in the advanced tab under Internet message formats.

I am going to clear the queues and I will let you know what I find.

Thanks again.
 
Upvote 0 Downvote
Davetoo

Over 12 hours later and all is well. Performance Monitor shows an average of 1-2 emails being sent, and the Firewall is showing no outbound SMTP traffic except legitimate emails.

Thank You for the help. I should have checked here a couple of weeks ago.
 
Upvote 0 Downvote
Now you have seen the light...don't forget to tip your waitress.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

IcarusHallsorts
  • Locked
  • Question
VBA to create output file of headers of selected emails
Replies
0
Views
1K
IcarusHallsorts
IcarusHallsorts
m245
  • Locked
  • Question
Adding a disclaimer for all outgoing emails in Exchange 2013 Standard Edition
Replies
0
Views
986
m245
m245
Edu001
  • Locked
  • Question
Exchange 2016 Installing a simple Second server
Replies
6
Views
706
Edu001
Edu001
bawalker
  • Locked
  • Question
Exchange 2010 Stops Sending/Recieving Mail every 4-6hrs
Replies
1
Views
91
DrB0b
DrB0b
hirussellsmith
  • Locked
  • Question
Unable to Backup data after Exchange Server Down
Replies
1
Views
185
ralphmiller
ralphmiller

Part and Inventory Search

Sponsor

Back
Top