Link to home
Start Free TrialLog in
Avatar of Tyson0317
Tyson0317

asked on

postmaster@ jamming up the queue

Our Exchange 2003 server (SBS) sometimes gets flooded with postmaster@ourdomain.com emails being sent to all kinds of random domains. I have checked and verified that the server is not an open relay. A few months ago I decreased the ammount of time that an email will stay in the queue and fixed some NDR option that makes it so that the server no longer sends NDR's. This was a bandaid fix. Now the prolem is getting worse and when 100+ emails are stuck in the yahoo.com queue, nobody can mail yahoo.com email addresses.

What the heck is going on and how can I fix it?
SOLUTION
Avatar of SLafferty1983
SLafferty1983
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Tyson0317
Tyson0317

ASKER

Guys, I already had the above applied - just went through it again and verified that I didnt miss any steps... I still seem to be gettig lots of these postmaster@ emails jamming up my queue.

I do have an SMTP connector configured - does something need to be set up i there?
postmaster@ are NDRs. Have you recently set the recipient filtering? If so, did you restart the SMTP Server service?

Otherwise you will have to go through the spam cleanup article I posted above.

Simon.
We applied the above NDR fix about 5 months ago when we got hit with it real bad. At the time I did follow the article to clean out the 20,000+ emails that we had jammed up. Since then, the server has been rebooted 10+ times. The fix certainly made things better, but we still have 1000+ of these NDRs that get jammed up on weekdays and slow things down. I dont understand how...  

Can I just make the server not send NDRs, at all, EVER?
If you attempt to stop your server from sending NDRs then you will get blacklisted.
Have you looked at what the NDRs say? They could be bounces to legitimate email addresses on your domain - for example rejects to OOTO messages.
If they are bounces form illegitimate email addresses then I would have to suspect that recipient filtering is not working or something is bypassing it - a second SMTP server or service for example.

Simon.
I have an "SMTP connector" within exchange and I have ran into other issues before where "global" settings did not apply to connectors and I had to do something. Although, maybe that is not the case this time because when we applied the above fixes months ago, our NDRs significantly reduced....

1.  How can I see the content of a message stuck in queue?
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Ok, I looked in the queue - they are NDR's from email addresses that do not exist on the system. What gives?

Example:

From: postmaster@*OURDOMAIN*.com
To: KiethPost@cbs2.com
Date: Fri, 28 Dec 2007 01:30:06 -0800
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
      boundary="9B095B5ADSN=_01C843F037436F7C00005D65exchange.spectru"
X-DSNContext: 7ce717b1 - 1158 - 00000002 - 00000000
Message-ID: <jTXo1pTtS0000068f@exchange.*OURDOMAIN*.com>
Subject: Delivery Status Notification (Failure)

This is a MIME-formatted message.  
Portions of this message may be unreadable without a MIME-capable mail program.

--9B095B5ADSN=_01C843F037436F7C00005D65exchange.spectru
Content-Type: text/plain; charset=unicode-1-1-utf-7

This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

       Mail@*OURDOMAIN*.com




--9B095B5ADSN=_01C843F037436F7C00005D65exchange.spectru
Content-Type: message/delivery-status

Reporting-MTA: dns;exchange.*OURDOMAIN*.com
Received-From-MTA: dns;veilla
Arrival-Date: Fri, 28 Dec 2007 01:30:05 -0800

Final-Recipient: rfc822;Mail@*OURDOMAIN*.com
Action: failed
Status: 5.2.1
X-Display-Name: Mail


--9B095B5ADSN=_01C843F037436F7C00005D65exchange.spectru
Content-Type: message/rfc822

Received: from veilla ([10.0.0.1]) by exchange.*OURDOMAIN*.com with Microsoft SMTPSVC(6.0.3790.211);
       Fri, 28 Dec 2007 01:30:05 -0800
Message-ID: c3c4701c8226f$22766d80$0401a8c0@VEILLA
From: "Dr. Kieth Post" <KiethPost@cbs2.com>
To: <mail@*OURDOMAIN*.com>
Subject: Forget about the problem with your male device.
Date: Fri, 9 Nov 2007 01:22:48 +0000
MIME-Version: 1.0
Content-Type: text/plain;
      format=flowed;
      charset="iso-8859-1";
      reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Return-Path: KiethPost@cbs2.com
X-OriginalArrivalTime: 28 Dec 2007 09:30:06.0168 (UTC) FILETIME=[3B46C580:01C84934]

You Don't like your male instrument size.

Chicks joke at you.

Don't waste time you can solve this problem right now.

Use our male organ enlargemen:t and Girls will love you sure enough.
 
I used. My wife is really happy.

http://www.hodemtaix.com

--9B095B5ADSN=_01C843F037436F7C00005D65exchange.spectru--
By default the system is configured to send NDR's if it recieves a message from someone that is not in your system. Setting up Recipient filtering will fix that. It will drop the messages and not send an NDR.
I believe that recipient filtering is already enabled on this server, at least the OP has stated that it is.

The only thing I can suggest is to disable recipient filtering, restart the SMTP Server service and then enable it again, restarting the SMTP server service again afterwards.

Simon.
I think I figured out the problem here... I have another thread going about the fact that Exchange automatically mail-enables public folders and all subfolders within. Unknown to me, we have a few hundred mail accounts that belong to mail-enabled public folders - it is these accounts that are now "valid" and sending out a flood of NDR's.

For the future, Sembee and others have provided good info up above. To summerize:

#1 Enable Recipient Filtering per article posted above.
#2 Look in your exchsrvr\mailroot\vs 1\queue folder to verify that your emails are NDRs.
#3 Do a search in Active Directory Users and Computers for all mail recipients - this will show you ALL valid accounts on your domain. As in my case, you may find hundreds that you didnt know you had...