Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Mailbox Migration

Status
Not open for further replies.
JeffITman

JeffITman

IS-IT--Management
Nov 20, 2005
164
US
My mail server has a bad spam virus and I need to wipe it clean. I was planning on taking the server down for a day this weekend and completing the task.

Can anyone offer me any help on how to move the mailboxes to an external harddrive so that we do not lose our mail? Is this even possible? I'm hoping that I do not have to build a dummy server to host the mailboxes.

I sincerely appreciate any help that is offered.
 
Sort by date Sort by votes
exmerge is the tool you need although wiping and starting again will mean you'll need to recreate all of the outlook profiles / will get errors.
 
Upvote 0 Downvote
Zel -

What is the best way to recreate the outlook profile? I was reading about exmerge earlier and I was assuming that was the tool that I would be using. I know how do delete/recreate with POP but have never had to do it with Exchange.

Do you have any other suggestions other than wiping it clean? I've ran Norton Antivirus, SMSMSE 6.0, and Windows Defender and can not find the bug/virus/whatever anywhere.

I'm backing up the files now but have not began to wipe. I just can think of anything else to do. It's completely put a halt to our email due to the problem utilizing ALL of my servers resources. I found out because I quit receiving emails then started to receive them 4 hours later. Whatever we were sending was never making it out of our box. I looked at the system manager and it had about 70k spam messages waiting to be sent. I almost died. I've never had this problem before.

Unfortunately I did not have SMSMSE on the system prior to having found this problem. I had Norton on all servers and workstations.

I'm just having a really bad time with this...
 
Upvote 0 Downvote
Open the queue folder and you'll find .eml files which you can open in outlook express. Look at the header and see which computer is sending them.

You probably don't have a virus, what you've probably got is an open relay (my article at is out of date but the principles are still right) or a machine on your network sending the spam out.

Find WHAT first then we can make a step towards fixing it. Exchange is a great tool and reloading the whole Exchange server shouldn't really be required.

Recreating the Outlook profile is just a case of deleting the existing one and creating a new one, exactly like on a POP account. The thing is that emails to Joe Bloggs are essentially emails to his mailbox. When you delete the mailbox by wiping the server, you can't email the old mailbox and all staff would get an error.
 
Upvote 0 Downvote
When I open the queue it gives me the open to search for pending emails. I don't see a .eml file that I can open in outlook express. When I search to see what emails are in queue it only shows me now "postmaster@mydomain.com" so I'm assuming it's trying to return whatever can not be sent. I've taken the mail server offline and it's currently not on my network but I keep getting about 40-50k of "postmaster" emails from GMail. I will look again in the morning. Since I've taken it offline it has not originated any new spam messages, only emails i'm assuming can not be sent.
 
Upvote 0 Downvote
Sorry for my lack of knowledge, but how do you do that?
 
Upvote 0 Downvote
I think I found it..

program files/exchsrvr/mailroot/vsi 1/queue?
 
Upvote 0 Downvote
I've done all the above and it's still creating new entries for spam. I've closed all the relay and not sure what to do next.
 
Upvote 0 Downvote
Ok. I just closed all ports on my firewall so that all incoming traffic is blocked and it's still generating new messages. If I look in the event viewer all it shows me are the emails that are bouncing back from having a bad email address. I've not found any entries that will tell me who is sending and under what account. I've tried to open the queue in the explorer but it just locks up when trying to open.

Any other thoughts? The Exmerge tool won't allow me to back up the mailboxes either. When I look at the machines when the server is offline most users can still see their email. If I were to wipe the server clean, would this still be the case?

 
Upvote 0 Downvote
Stop the SMTP service. Stop the IIS Admin service. Rename the queue folder queue 1 and create a new folder called queue. Start both services for a few seconds then stop them. Go into the queue folder and open an email with Outlook Express and check the header.

that should help you find out the source of the emails. Assuming you are not a relay, it could be a box on your LAN.
 
Upvote 0 Downvote
Could it be possible that to problem was in the mail queue folder? When I did what you said, I turned the SMTP Virtual Server back on and restarted IIS Admin and now it's not doing anything. The queues are completely empty and nothing is being generated...

I've switched everyone to POP mail currently through our webhosting so I could mess with this server and so I could distinguish traffic..

This may have solved it??
 
Upvote 0 Downvote
Zelandakh - It's been about 2 1/2 hours and still no activity. Do you think that it's ok for me to delete the old queue folder?
 
Upvote 0 Downvote
the old queue folder is realistically full of junk and maybe one or two legit inbound emails.

Bin it and set people back to Exchange email. First off though, do ensure you aren't relaying.
 
Upvote 0 Downvote
I can't see anything coming in or going out. I don't think that i'm relaying anything. I just can't believe that when I changed the queue folders that it quit creating new emails.

I'll put everyone back on exchange tonight.
 
Upvote 0 Downvote
Ok. The exchange is working fine locally, sending out mail, however, it is not working fine receiving mail. I switched the mx back to my server and tested it this morning and it's point directly to it... I've sent myself multiple test emails...

Is there a way to see incoming mail before its routed if there is anything in there?
 
Upvote 0 Downvote
No - if you changed MX record details it will take 48 hours for that effect to go live everywhere. Find a box outside the LAN and telnet to your MX record on port 25 and see if you get your Exchange server yet.
 
Upvote 0 Downvote
Ok. When I telnet it comes back with:

220 mailserver.com Micrsoft ESMTP Mail Service, Verison:6.0. ready

So then I Helo me@mydomain.com and it comes back with invalid address
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

BroBias
  • Locked
  • Question
mailbox databases dismounting frequently without followable reason
Replies
1
Views
2K
BroBias
BroBias
david jackson
  • Locked
  • Question
Extract only the subject and recipients from a mailbox
Replies
0
Views
2K
david jackson
david jackson
JimSills
  • Locked
  • Question
Migration Exchange 2003 to 2010 1
Replies
3
Views
298
ntinlin
ntinlin
DrB0b
  • Locked
  • Question
Exchange 2019 Full Access to all mailboxes
Replies
3
Views
451
DrB0b
DrB0b
WozzaJ
  • Locked
  • Question
Sent Items Issue With Shared Mailbox
Replies
0
Views
185
WozzaJ
WozzaJ

Part and Inventory Search

Sponsor

Back
Top