I have a server that is collecting hundreds of messages (that appear like SPAM) in the Exchange "Queue" directory, which is also viewable un the SERVER -> QUEUES MMC console item. I have over 600 messages contained within, and cannot manually delete the messages. Exchange 2000 allows deletion from the Exchange Manager MMC, but I see no options in Exch 2003. Why would these messages be accumlating every day? All mail is working fine, incoming/outgoing. Any help would be appreciated.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Large SMTP Queue 2
- Thread starter russrtw
- Start date
Excalibur1701
MIS
Have you had any luck on this? I am also being flooded with these non-deliverable spam e-mails. I can delete them one at a time in the Exchange 2003 manager, but that is a worthless cause.
It may be because you have one message with a corrupt Header in your SMTP queue. In some circustances, when that happens, Exchange SMTP queue may start to be very slow and because of that your queue may be filling up.
In System Manager, go to your exchange SMTP queue folder and activate the Find Messages, you will see a list with a lot of messages in your queue. Check if there are one or more messages marked with a prohibition sign and an old date, if so, that could be the message that is causing you the problem. Deleted it (Right click and click "Delete and Send NDR"), and your SMTP will start working OK.
Luís Rato
MCP;MCSA;MCSA Messaging;MCSE;CIWA;CIWP;CIWSA;MCIWA
In System Manager, go to your exchange SMTP queue folder and activate the Find Messages, you will see a list with a lot of messages in your queue. Check if there are one or more messages marked with a prohibition sign and an old date, if so, that could be the message that is causing you the problem. Deleted it (Right click and click "Delete and Send NDR"), and your SMTP will start working OK.
Luís Rato
MCP;MCSA;MCSA Messaging;MCSE;CIWA;CIWP;CIWSA;MCIWA
I'm having the same problem but I think my domain name is being attacked. I have about around 2 to 5 NDR generated per minute since yesterday afternoon. I have well over 1400 NDR within the last few hours. It seems a lot of servers on the Internet are trying strings of words (alphabethically) and attaching my @domain to the email. My poor exch 2003 is trying to reply that these recepients don't exist... I'm thinking of stopping Exch from sending back NDR for a while... I'm looking how to do that right now.
-
2
- #5
You're getting dictionary attacked. Here's an excellent (and yet overlooked) way to get around that, and ease the burden on your poor exch 2003 box:
Forbes
Forbes
Thanks Forbsy, I'll check it out. Unfortunately this adds another level of complication : Everytime I create a new email account for a new user, I must add him to the "Whitelist" of allowed receipients... I'm very lucky my mailserver and my email anti-viral software are very very solid. I barely notice a slow down.
akwong, you don't need to create a 'whitelist'. As long as you select 'Filter recipients who are not in the directory' under Recipient Filtering you'll be ok. During the initial smtp connection your exchange box will querry active directory to see if the intended recipient exists within your AD domain. If they don't the smtp connection will be dropped.
forbsy, I tried activating the "Filter recipients who are not in the directory' option which indeed greatly reduced the number of retry connections to the other bogus smtp servers on the net... However, emails will not come in or get out of my server. All my inbound and outbound messages (the good ones) get stuck in either Message pending submission or Message awaiting directory lookup... Any ideas why ?
Ok as I said earlier, I use Antigen for my anti-virus mail scanner (this one comes with 4 or 5 scanners). I also have anti-viruse software on each server and workstations. I have done online anti-virus scans with Symantec... I have done relay tests... I also ran adaware and will be running spybot. How else would I know if my server is infected with some kind of worm/virus ? My firewall logs don't show a lot of connections to my port 25 that's why I'm wondering if it's something internal. I'm generating at least 5 NDR per minute and my mail anti-virus is actually intercepting a lot of spam... Can I be generating my own spam without being a relay ? The contents of the emails doesn't contain data for my servers or workstations so it's coming from somewhere !
WhatComputer
MIS
There is no more use of "Whitelist" and or "Blacklist" with any email or well known Spam products and the terms are just simply "Blocked Sender" 'Approved Sender" FYI to just note...
- Thread starter
- #13
Yeah I don't have NDR's but my anti-virus software is still working in OVERTIME. I'm starting to have all the password changed. I know my server is not relaying but I have a feeling it's accepting spam and then the anti-virus software is destroying them. Since the SMTP connections initiated by the spammers are not rejected, the spammer dumps a S**t load of spam onto my server and hoping it's gets forwarded. I'm looking for a way to stop that. I see in my Event logs that it's refusing relaying and all sorts of malformed connections but I'm still getting bombarded. Some SMTP servers connect to mines and stay connected over 600 seconds (and those are the one that I notice)... From time to time, my disk space drops below 1 meg even thought I normally have 600 megs to 1.4 gigs free. What's weird is that my EXCH logs and DB aren't even on my C:. The only thing that's on my C is EXCH itself, file anti-virus and email anti-virus. I'm doing some cleanup and will be able to free up another 20 gigs from my C: once I get my replacement for a defective drive (that's another story)...
- Status
