Solved: Exchange 5.5 - thousands of unwanted messages in "Outbound messages awaiting delivery"

If you run netstat -an on the Exchange server, does it show tons of outbound port 25 connections?

D

ASKER

Yes, indeed more than normal.

here is a screen dump

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING
TCP 0.0.0.0:25 0.0.0.0:0 LISTENING
TCP 0.0.0.0:27 0.0.0.0:0 LISTENING
TCP 0.0.0.0:110 0.0.0.0:0 LISTENING
TCP 0.0.0.0:119 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:143 0.0.0.0:0 LISTENING
TCP 0.0.0.0:389 0.0.0.0:0 LISTENING
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING
TCP 0.0.0.0:593 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1030 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1033 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1037 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1039 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1040 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1041 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1042 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1050 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1051 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1052 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1054 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1055 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1056 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1057 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1060 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1061 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1062 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1063 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1064 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1067 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1068 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1073 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1074 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1082 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1083 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1160 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1161 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1223 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1224 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1225 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2061 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2062 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2967 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3962 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3963 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4008 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4009 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4010 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4011 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4083 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4309 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4739 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4741 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4783 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4790 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4791 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4792 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4794 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4796 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4799 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4807 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4809 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4812 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4813 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4814 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4816 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4817 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4827 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4828 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4829 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4832 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4834 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4838 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4841 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4842 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4846 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4848 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4849 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4850 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4851 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4854 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4856 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4859 0.0.0.0:0 LISTENING
TCP 0.0.0.0:4899 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5631 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5632 0.0.0.0:0 LISTENING
TCP 0.0.0.0:10000 0.0.0.0:0 LISTENING
TCP 0.0.0.0:12174 0.0.0.0:0 LISTENING
TCP 0.0.0.0:38037 0.0.0.0:0 LISTENING
TCP 0.0.0.0:38292 0.0.0.0:0 LISTENING
TCP 0.0.0.0:38293 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1026 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1026 127.0.0.1:1042 ESTABLISHED
TCP 127.0.0.1:1027 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1029 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1032 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1034 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1036 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1038 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1038 127.0.0.1:1040 ESTABLISHED
TCP 127.0.0.1:1040 127.0.0.1:1038 ESTABLISHED
TCP 127.0.0.1:1042 127.0.0.1:1026 ESTABLISHED
TCP 127.0.0.1:1049 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1049 127.0.0.1:1051 ESTABLISHED
TCP 127.0.0.1:1051 127.0.0.1:1049 ESTABLISHED
TCP 127.0.0.1:1053 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1053 127.0.0.1:1056 ESTABLISHED
TCP 127.0.0.1:1056 127.0.0.1:1053 ESTABLISHED
TCP 127.0.0.1:1059 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1059 127.0.0.1:1061 ESTABLISHED
TCP 127.0.0.1:1061 127.0.0.1:1059 ESTABLISHED
TCP 127.0.0.1:1830 0.0.0.0:0 LISTENING
TCP 127.0.0.1:4007 0.0.0.0:0 LISTENING
TCP 127.0.0.1:4007 127.0.0.1:4010 ESTABLISHED
TCP 127.0.0.1:4010 127.0.0.1:4007 ESTABLISHED
TCP 127.0.0.1:4524 127.0.0.1:25 TIME_WAIT
TCP 127.0.0.1:4562 127.0.0.1:25 TIME_WAIT
TCP 192.168.0.7:80 0.0.0.0:0 LISTENING
TCP 192.168.0.7:135 216.103.118.246:3322 ESTABLISHED
TCP 192.168.0.7:137 0.0.0.0:0 LISTENING
TCP 192.168.0.7:138 0.0.0.0:0 LISTENING
TCP 192.168.0.7:139 0.0.0.0:0 LISTENING
TCP 192.168.0.7:139 192.168.30.226:3792 ESTABLISHED
TCP 192.168.0.7:563 0.0.0.0:0 LISTENING
TCP 192.168.0.7:636 0.0.0.0:0 LISTENING
TCP 192.168.0.7:993 0.0.0.0:0 LISTENING
TCP 192.168.0.7:995 0.0.0.0:0 LISTENING
TCP 192.168.0.7:1223 192.168.0.11:1539 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.11:1549 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.18:2432 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.51:1932 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.51:1939 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.89:1031 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.89:1038 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.95:1031 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.95:1060 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.101:3594 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.105:2869 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.105:2876 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.115:1141 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.115:1163 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.135:1085 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.135:1160 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.150:1056 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.150:1063 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.156:1939 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.159:1043 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.159:1082 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.173:1163 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.173:1176 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.181:2433 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.181:2441 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.200:1267 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.200:1285 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.212:1072 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.212:1147 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.214:1032 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.214:1055 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.244:4602 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.249:2285 ESTABLISHED
TCP 192.168.0.7:1223 192.168.0.249:2292 ESTABLISHED
TCP 192.168.0.7:1223 192.168.1.43:1212 ESTABLISHED
TCP 192.168.0.7:1223 192.168.1.43:1219 ESTABLISHED
TCP 192.168.0.7:1223 192.168.1.95:1747 ESTABLISHED
TCP 192.168.0.7:1223 192.168.1.95:1754 ESTABLISHED
TCP 192.168.0.7:1223 192.168.1.98:1137 ESTABLISHED
TCP 192.168.0.7:1223 192.168.1.98:1145 ESTABLISHED
TCP 192.168.0.7:1223 192.168.3.32:1137 ESTABLISHED
TCP 192.168.0.7:1223 192.168.3.32:1149 ESTABLISHED
TCP 192.168.0.7:1223 192.168.3.97:1104 ESTABLISHED
TCP 192.168.0.7:1223 192.168.3.102:1037 ESTABLISHED
TCP 192.168.0.7:1223 192.168.7.12:1153 ESTABLISHED
TCP 192.168.0.7:1223 192.168.7.12:1160 ESTABLISHED
TCP 192.168.0.7:1223 192.168.7.20:1037 ESTABLISHED
TCP 192.168.0.7:1223 192.168.7.20:1044 ESTABLISHED
TCP 192.168.0.7:1223 192.168.7.21:1129 ESTABLISHED
TCP 192.168.0.7:1223 192.168.7.21:1138 ESTABLISHED
TCP 192.168.0.7:1223 192.168.10.198:1155 ESTABLISHED
TCP 192.168.0.7:1223 192.168.12.98:1074 ESTABLISHED
TCP 192.168.0.7:1223 192.168.12.98:1083 ESTABLISHED
TCP 192.168.0.7:1223 192.168.12.106:1815 ESTABLISHED
TCP 192.168.0.7:1223 192.168.12.108:1457 ESTABLISHED
TCP 192.168.0.7:1223 192.168.12.108:1469 ESTABLISHED
TCP 192.168.0.7:1223 192.168.30.194:1756 ESTABLISHED
TCP 192.168.0.7:1223 192.168.30.194:1763 ESTABLISHED
TCP 192.168.0.7:1223 192.168.30.215:2049 ESTABLISHED
TCP 192.168.0.7:1223 192.168.30.215:2056 ESTABLISHED
TCP 192.168.0.7:1223 192.168.30.221:3962 ESTABLISHED
TCP 192.168.0.7:1223 192.168.30.222:1032 ESTABLISHED
TCP 192.168.0.7:1223 192.168.30.222:1044 ESTABLISHED
TCP 192.168.0.7:1223 192.168.30.225:1178 ESTABLISHED
TCP 192.168.0.7:1223 192.168.30.225:1185 ESTABLISHED
TCP 192.168.0.7:1223 192.168.30.226:3784 ESTABLISHED
TCP 192.168.0.7:1223 192.168.30.226:3791 ESTABLISHED
TCP 192.168.0.7:1223 192.168.30.227:1883 ESTABLISHED
TCP 192.168.0.7:1223 192.168.30.227:1890 ESTABLISHED
TCP 192.168.0.7:1223 192.168.30.240:1038 ESTABLISHED
TCP 192.168.0.7:1223 192.168.30.240:1045 ESTABLISHED
TCP 192.168.0.7:1223 192.168.30.248:2392 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.98:3165 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.98:3172 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.111:1617 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.114:1030 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.114:1037 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.121:1522 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.121:1529 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.123:1668 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.123:1675 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.124:1034 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.126:1033 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.126:1040 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.195:1046 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.195:1058 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.196:1170 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.196:1176 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.199:1182 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.199:1189 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.213:1085 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.213:1092 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.214:1030 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.214:1037 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.216:1030 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.216:1037 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.222:1040 ESTABLISHED
TCP 192.168.0.7:1223 192.168.32.222:1047 ESTABLISHED
TCP 192.168.0.7:1223 192.168.53.97:1245 ESTABLISHED
TCP 192.168.0.7:1223 192.168.53.100:1031 ESTABLISHED
TCP 192.168.0.7:1223 192.168.53.107:1965 ESTABLISHED
TCP 192.168.0.7:1223 192.168.53.107:1977 ESTABLISHED
TCP 192.168.0.7:1223 192.168.56.59:3114 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.11:1543 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.11:1553 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.18:2386 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.18:2387 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.18:2428 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.51:1936 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.51:1943 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.89:1042 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.89:1112 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.95:1035 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.95:1069 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.101:3598 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.101:3620 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.105:2873 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.105:2880 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.115:1147 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.115:1167 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.135:1042 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.135:1089 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.150:1060 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.150:1067 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.156:1943 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.159:1037 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.159:1049 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.173:1167 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.173:1180 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.181:2438 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.181:2446 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.200:1272 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.200:1290 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.212:1077 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.212:1232 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.214:1052 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.214:1059 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.244:4611 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.249:1616 ESTABLISHED
TCP 192.168.0.7:1224 192.168.0.249:2289 ESTABLISHED
TCP 192.168.0.7:1224 192.168.1.43:1216 ESTABLISHED
TCP 192.168.0.7:1224 192.168.1.43:1223 ESTABLISHED
TCP 192.168.0.7:1224 192.168.1.95:1751 ESTABLISHED
TCP 192.168.0.7:1224 192.168.1.95:1758 ESTABLISHED
TCP 192.168.0.7:1224 192.168.1.98:1142 ESTABLISHED
TCP 192.168.0.7:1224 192.168.1.98:1150 ESTABLISHED
TCP 192.168.0.7:1224 192.168.3.32:1143 ESTABLISHED
TCP 192.168.0.7:1224 192.168.3.32:1155 ESTABLISHED
TCP 192.168.0.7:1224 192.168.3.97:1108 ESTABLISHED
TCP 192.168.0.7:1224 192.168.3.102:1041 ESTABLISHED
TCP 192.168.0.7:1224 192.168.7.12:1157 ESTABLISHED
TCP 192.168.0.7:1224 192.168.7.12:1164 ESTABLISHED
TCP 192.168.0.7:1224 192.168.7.20:1041 ESTABLISHED
TCP 192.168.0.7:1224 192.168.7.20:1049 ESTABLISHED
TCP 192.168.0.7:1224 192.168.7.21:1133 ESTABLISHED
TCP 192.168.0.7:1224 192.168.7.21:1142 ESTABLISHED
TCP 192.168.0.7:1224 192.168.10.198:1159 ESTABLISHED
TCP 192.168.0.7:1224 192.168.12.98:1078 ESTABLISHED
TCP 192.168.0.7:1224 192.168.12.98:1087 ESTABLISHED
TCP 192.168.0.7:1224 192.168.12.106:1819 ESTABLISHED
TCP 192.168.0.7:1224 192.168.12.108:1463 ESTABLISHED
TCP 192.168.0.7:1224 192.168.12.108:1475 ESTABLISHED
TCP 192.168.0.7:1224 192.168.30.194:1760 ESTABLISHED
TCP 192.168.0.7:1224 192.168.30.194:1767 ESTABLISHED
TCP 192.168.0.7:1224 192.168.30.215:2053 ESTABLISHED
TCP 192.168.0.7:1224 192.168.30.215:2060 ESTABLISHED
TCP 192.168.0.7:1224 192.168.30.221:3966 ESTABLISHED
TCP 192.168.0.7:1224 192.168.30.221:3973 ESTABLISHED
TCP 192.168.0.7:1224 192.168.30.222:1038 ESTABLISHED
TCP 192.168.0.7:1224 192.168.30.222:1050 ESTABLISHED
TCP 192.168.0.7:1224 192.168.30.225:1182 ESTABLISHED
TCP 192.168.0.7:1224 192.168.30.225:1189 ESTABLISHED
TCP 192.168.0.7:1224 192.168.30.226:3796 ESTABLISHED
TCP 192.168.0.7:1224 192.168.30.227:1887 ESTABLISHED
TCP 192.168.0.7:1224 192.168.30.227:1894 ESTABLISHED
TCP 192.168.0.7:1224 192.168.30.240:1042 ESTABLISHED
TCP 192.168.0.7:1224 192.168.30.240:1049 ESTABLISHED
TCP 192.168.0.7:1224 192.168.30.248:2377 ESTABLISHED
TCP 192.168.0.7:1224 192.168.30.248:2381 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.98:3169 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.98:3175 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.111:1610 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.111:1612 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.114:1034 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.114:1041 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.121:1526 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.121:1533 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.123:1672 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.123:1679 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.124:1038 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.126:1037 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.126:1044 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.195:1052 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.195:1064 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.196:1177 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.196:1181 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.199:1186 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.199:1193 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.213:1089 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.213:1096 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.214:1034 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.214:1041 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.216:1034 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.216:1041 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.222:1044 ESTABLISHED
TCP 192.168.0.7:1224 192.168.32.222:1051 ESTABLISHED
TCP 192.168.0.7:1224 192.168.53.97:1249 ESTABLISHED
TCP 192.168.0.7:1224 192.168.53.100:1036 ESTABLISHED
TCP 192.168.0.7:1224 192.168.53.107:1973 ESTABLISHED
TCP 192.168.0.7:1224 192.168.53.107:1985 ESTABLISHED
TCP 192.168.0.7:1224 192.168.56.57:3011 ESTABLISHED
TCP 192.168.0.7:1224 192.168.56.57:3014 ESTABLISHED
TCP 192.168.0.7:1224 192.168.56.59:3045 ESTABLISHED
TCP 192.168.0.7:1224 192.168.56.59:3113 ESTABLISHED
TCP 192.168.0.7:2000 0.0.0.0:0 LISTENING
TCP 192.168.0.7:2000 192.168.0.1:139 ESTABLISHED
TCP 192.168.0.7:2252 0.0.0.0:0 LISTENING
TCP 192.168.0.7:2252 192.168.0.1:139 ESTABLISHED
TCP 192.168.0.7:3045 0.0.0.0:0 LISTENING
TCP 192.168.0.7:4083 209.202.220.211:25 SYN_SENT
TCP 192.168.0.7:4309 204.127.134.23:25 FIN_WAIT_2
TCP 192.168.0.7:4329 216.127.172.130:25 TIME_WAIT
TCP 192.168.0.7:4455 65.115.91.100:25 TIME_WAIT
TCP 192.168.0.7:4675 216.217.192.161:25 TIME_WAIT
TCP 192.168.0.7:4739 199.227.101.133:25 SYN_SENT
TCP 192.168.0.7:4741 207.19.195.65:25 CLOSE_WAIT
TCP 192.168.0.7:4790 3.3.3.3:25 SYN_SENT
TCP 192.168.0.7:4899 192.168.0.101:3656 ESTABLISHED
TCP 192.168.0.7:8080 0.0.0.0:0 LISTENING
UDP 0.0.0.0:135 *:*
UDP 0.0.0.0:1041 *:*
UDP 0.0.0.0:1052 *:*
UDP 0.0.0.0:1057 *:*
UDP 0.0.0.0:1062 *:*
UDP 0.0.0.0:1063 *:*
UDP 0.0.0.0:1064 *:*
UDP 0.0.0.0:1067 *:*
UDP 0.0.0.0:1068 *:*
UDP 0.0.0.0:1073 *:*
UDP 0.0.0.0:1074 *:*
UDP 0.0.0.0:1082 *:*
UDP 0.0.0.0:1083 *:*
UDP 0.0.0.0:1160 *:*
UDP 0.0.0.0:1161 *:*
UDP 0.0.0.0:2061 *:*
UDP 0.0.0.0:2062 *:*
UDP 0.0.0.0:2967 *:*
UDP 0.0.0.0:3962 *:*
UDP 0.0.0.0:3963 *:*
UDP 0.0.0.0:4011 *:*
UDP 0.0.0.0:4817 *:*
UDP 0.0.0.0:4838 *:*
UDP 0.0.0.0:4848 *:*
UDP 0.0.0.0:5632 *:*
UDP 0.0.0.0:38037 *:*
UDP 0.0.0.0:38293 *:*
UDP 127.0.0.1:1830 *:*
UDP 192.168.0.7:137 *:*
UDP 192.168.0.7:138 *:*

jmakita

ASKER

Whoa! didnt know it would be so long. 192.168.X.X are internal machines that run Outlook clients.

When a run a netstat without switches, on the bottom of the output i see information I dont think is normal:

TCP hercules:1639 kcmsi1.att.com:smtp ESTABLISHED
TCP hercules:1819 siaag2ag.compuserve.com:smtp SYN_SENT
TCP hercules:1828 204.228.229.181:smtp ESTABLISHED
TCP hercules:1835 protez.ukr.net:smtp CLOSING
TCP hercules:1896 flmx01.mgw.rr.com:smtp SYN_SENT
TCP hercules:1904 192.168.0.1:nbsession ESTABLISHED
TCP hercules:1905 uu-3-130.buydomains.com:smtp SYN_SENT
TCP hercules:2252 192.168.0.1:nbsession ESTABLISHED
TCP hercules:4899 JMAKITA:3656 ESTABLISHED

Hope this helps.

David Wilhoit

send me an email with your mx record, let me see if I can find anything. Do you have the latest patches on the IMC? telnet to port 25 to see what version you're running. I'm actually thinking virus at this point. Theory only...

D

ahmedbahgat

possibly you have an open relay, what s your relay settings?

cheers

jmakita

ASKER

when i telnet to my exchange server, it reads

ESMTP Server (Microsoft Exchange Internet Mail Service 5.5.2653.13) ready

my routing information is the following:
hosts and clients that successfully authenticate
hosts and clients using 192.168.0.0 255.255.0.0
all remote facilities use their own 192.168.X.0 subnet, 10 in total (subnet mask of 255.255.255.0 for each)

ahmedbahgat

your relay settings should be:

1. hosts and clients that successfully authenticates "not really requeried unless you use pop"
2. hosts and clients using these ip addresses, ticked but leave the list empty and remove what you have now in this list

cheers

ahmedbahgat

do not for get to restart the ims after you do the changes

cheers

jmakita

ASKER

left check number one on

left check on using these ip addresses, but removed the ips i had listed. now is blank

restarted the service

doesnt appear to have made a difference, as new messages are appearing every minute

i seem to think along the lines of Kidego. sounds like virus

ahmedbahgat

but you need to clear the ims data folder as well I will try to find the ms article on doing so, I also agree with kidego, that it can be a virus but hey this is troubleshooting and you need to explor all possibilities

cheers

ahmedbahgat

hard to find but found these in the way

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-011.asp

http://www.tek-tips.com/gviewthread.cfm/lev2/3/lev3/15/pid/10/qid/655444

also I think the file you need to delete is called queue.dat under the imcdata folder, you have to stop the service before doing so and when starting a new file will be created

cheers

jmakita

ASKER

I believe I may have found the problem!

here is what I did

1) change IMC diagnostics logging of smtp events to maximum

2)filter event viewer\app log to filter source = msexchangeimc
this filters the events to only show authentication events on the IMC

3) while viewing these results i found the user "test" was authenticating.
i removed the account completely. you may find other similar weak password accounts

4) i changed the routing restrictions of the imc to each individual subnet.
before i had 192.168.0.0 255.255.0.0. i added an individual 192.168.X.0 255.255.255.0. i now have 11 in total instead of allowing all of the 192.168 addresses in.

perhaps someone else can confirm this would make a difference or not???

5)i took off the "hosts and clients that successfully authenticate" check mark.
i found an article that mentioned this would only apply to smtp users (i have none, all mine are IMAP4). i believe this is the singlemost important step.

6) restart IMC service
view the "outbound messages awaiting delivery" queue. I deleted the ones that had <> as the originator

i havent seen any messages in queue that arent authentic since

i do see event ID 2003 in my event log stating a new TCP connection has been made to host... i believe that to be normal?

i will leave this open for now. I am hoping someone with the same problem will try this and verify this works or doesnt work for them

mucho thanks to the several commentators that helped me!

jmakita

ASKER

I will make the change as you noted.
I believe the problem to be gone, so i will close this issue out.
Thanks for all your help Kidego.

David Wilhoit

congrats, post here if it comes back joe....

D

Exchange 5.5 - thousands of unwanted messages in &quot;Outbound messages awaiting delivery&quot;

Exchange 5.5 - thousands of unwanted messages in "Outbound messages awaiting delivery"