SPAM filling up the queue

[snootalope]

For a few months now, every now and then our Exchange queue fills up with junk messages addressed to users in our network from some external junk address.

Thing is, these messages keep an active connection open on the mail server and never get delivered so the connection never clears, and it eventually takes up all the available connections and legit email flow stops. I have to kill the smtp and inetinfo service, the queue clears itself, and everythings fine again.

These aren't NDR's, they're actual messages still trying to be delivered.....

Anyone seen this before?

Our exchange box is pretty well locked down and not open for relay, plus our smtp inbound is restricted to our ISP which also does SPAM scanning for us using Postini.

 

[snootalope]

Just an update in case anyone else out there is having this same issue. I found an article that explains this issue perfectly....however, I'm still searching for the solution.

here's the artcile:

http://searchexchange.techtarget.com/tip/0,289483,sid43_gci1227336,00.html

Here's a clip of exactly what's happening to me here:

"The MSGFILTER.DLL file is the component that allows Exchange Server 2003 to perform Sender ID filtering on incoming email. It performs a DNS lookup on servers that incoming email is allegedly being sent from to verify the SPF record.

MSGFILTER.DLL then uses that information to determine whether or not that server has the right to send on behalf of the organization in question.

Unfortunately, if the SPF DNS record returned is badly formatted and cannot be processed properly by MSGFILTER.DLL, the incoming email connection is never closed by Exchange Server -- not even if you have a timeout value configured for inbound connections.

In extreme cases, this can cause memory leaks. More immediately, it can use up all of the available inbound connections to Exchange Server, since they're never being closed.