Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

lots on email sitting in the queues

Status
Not open for further replies.
waely

waely

Programmer
Dec 7, 2003
227
US
Hi,
I noticed that our email has been slow sending emails. looked at the SMTP and I found lots of the queues that are waiting to be sent out. the status of these queues are Retry...

some of these queues have no emials in them but they're still there.

from looking at the queues I can tell that these emails are spam because they are not going to coming from anyone from our company plus I can pretty much tell from the subject line.

can someone help me determining whether someone is using our smtp server for spam?

we're using exchange server 2000

thanks
 
Sort by date Sort by votes
You've detailed that emails are going OUT but you didn't send them. Someone must be using your server to resend spam.

Search this forum for RELAY and follow the instructions.

<signature for rent>
 
Upvote 0 Downvote
I used few online tools to check for relay and most of them said that my STMP is maybe open for relay because one test out of seven succeeded to get through.

I checked my relay against MS documentation and my SMTP turned to be closed for relay. I still see lots of spam emails sitting in the queue. tried to delete most of them with NDR but they still arrive.

any ideas?

thanks
 
Upvote 0 Downvote
Turn OFF all NDRs to the internet.
What you did (enumerate) will give you the means to clear the queues, but it will not stop the spam of course.

To turn off NDR and others:
Open System Manager - Global Settings - Internet Message Formats - properties for the Default Recipient policy - Advanced.
Disable all 'Allow..' lines.

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!
How Do You Get Great Answers To my Tek-Tips Questions? [/sub]See faq222-2244
 
Upvote 0 Downvote
thanks mark but I already have the NDRs turned off.

waely
 
Upvote 0 Downvote
Oh, because you said: "tried to delete most of them with NDR but they still arrive"

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!
How Do You Get Great Answers To my Tek-Tips Questions? [/sub]See faq222-2244
 
Upvote 0 Downvote
my issue with spam emails is still outstanding. anyone has any different ideas??

thanks
 
Upvote 0 Downvote
I had this same problem and I turned off the ndr's and other notifications to the internet, restarted the services (most people forget to do this) and my problem was resolved this way.

 
Upvote 0 Downvote
I disabled the NDR long time ago and rebooted the system so many times. :-(
 
Upvote 0 Downvote
You better start checking WHERE those messages originate from, without that info you will get nowhere.

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!
How Do You Get Great Answers To my Tek-Tips Questions? [/sub]See faq222-2244
 
Upvote 0 Downvote
they're coming from different IP addresses. I don't recognize the senders or the recipients.

thanks
 
Upvote 0 Downvote
Hi Waely,

Could the spam mails coming from end-users? Check the email Internet headers.

If need be, perform anti-virus scans on the systems, and install ad-aware or spysweeper on the workstations to sweep the systems. You should be able to capture some trojans.

Remember to purge the Internet Explorer cached files.

U can use Outlook express at the Server to see the emails and to check the headers.

You need to perform some tracing there.

Good luck.

Rgds
libroos




 
Upvote 0 Downvote
those things were already checked above, please read the entire thread before posting identical steps.

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!
How Do You Get Great Answers To my Tek-Tips Questions? [/sub]See faq222-2244
 
Upvote 0 Downvote
thanks Libroos. the emails are going from unrecognized users to unrecognized recipients. I know it's spam...
I just ran adaware and spybot which cought lots of objects.
I'll monitor it and see that has any effect.

thanks
 
Upvote 0 Downvote
because they are not going to coming from anyone from our company
Click to expand...
and
they're coming from different IP addresses. I don't recognize the senders or the recipients
Click to expand...

But now you say you found traces with AdAware, that means it IS from your own domain!
Like I said before, you better check VERY good what is going on on your LAN, as I suspect you are looking in the wrong direction.

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!
How Do You Get Great Answers To my Tek-Tips Questions? [/sub]See faq222-2244
 
Upvote 0 Downvote
I ran the adaware and spysweeper on my ISA machine. found few objects, not sure if they're related to my spam problem since the names don't mean anything. I will monitor it.
thanks Marc and I'll let you know.


 
Upvote 0 Downvote
You have serious problems my friend, if you already have spyware on the ISA server, I dare not imagine what the rest will look like.
The ISA server is supposed to secure things like that, so you really have to start wondering how on earth that could even get on there.
From everything I read, your security settings sound very leaky, very!

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!
How Do You Get Great Answers To my Tek-Tips Questions? [/sub]See faq222-2244
 
Upvote 0 Downvote
I guess I have to reconfigure the ISA server. I just started in this company and still trying to clean things up.

where can I find the best settings for ISA server? is there any documentations regarding this?

thanks
 
Upvote 0 Downvote
Best place to start ...

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC!
How Do You Get Great Answers To my Tek-Tips Questions? [/sub]See faq222-2244
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
962
DrB0b
DrB0b
microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
1K
microsGuy16
microsGuy16
PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
1K
PatrickRoggers
PatrickRoggers
sreejay2211
  • Locked
  • Question
email issue
Replies
0
Views
1K
sreejay2211
sreejay2211
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove &quot;✉&quot; icon when it appears in a subject title from a supplier
Replies
0
Views
1K
Brent Fletcher
Brent Fletcher

Part and Inventory Search

Sponsor

Back
Top