Exchange queue is filling with spam

Posted on 2003-12-09
Last Modified: 2012-06-27
I have Exchange Server 2000 sp3 loaded. I have the latest Norton AV software updated. Currently the email server is throwing out thousands of spam mail messages. I have verified I am not an open relay. I have checked the server for a virus and can not find one. If I stop the SMTP service everything goes back to normal. I can unplug all network connections and the SMTP queues still fill up with spam. Any ideas?

Question by:itheadaches
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 24

Expert Comment

by:David Wilhoit
ID: 9905491
give us your network layout, firewall and such. When you say unplug network connections, are you unplugging the cable from the exchagne server? Did you change the default settings of the SMTP virtual server at all? If so, what changes did you make?


Author Comment

ID: 9905747
I have a Win2K Server running E2K with SP3. There is no firewall between the server and the outside world. The server plugs directly into switch and the switch connections to the T1. One of my goals this month was to move the server behind the DMZ, but they must have hacked it before I could make the move. I have checked the processes in the server, and nothing is really running hard. Only the hard drive spamming messages is making the machine basically unusable. If I unplug the network connection to the outside world the server continues to spam messages. If I stop the SMTP service then all messages in the queue are wiped out and everything on the server is quiet. I also noticed I was able to receive messages when the service was stopped because the computer could respond. If the SMTP service is launched it takes so much on the hard drive almost nothing can come or go.
LVL 26

Expert Comment

ID: 9905779
U unplug all network connection and ur queue gets filled up with tons af messages?
When u do this is ur queue is emty or is already filled up and queue just keeps trying to send them out?If ur answer is that ue queue is empty when u bring smtp online(disonnected)then problem is on exchange server.DO u have outlook installed on exchange?Did u check for spyware and addware on ur exchange.It may be that ur exchange data is corrupted.If So use EXMERGE yes EXMERGE (this will take out all corrupted emails out) to pst all the info cleanout ur MDBDATA folder start ur exchange inorder to have a clean database then use exmerge to import ur data back if u need more help.
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.


Author Comment

ID: 9906052
Yes when I unplug all network connection my queue gets filled up. It has to be something running on the computer, but I can not find out what. I thought for sure it was the mail virus, but I checked and that does not exist on the server.

I do have outlook express installed, but no one uses it. I only use it to check to make sure a new mail account works. I ran SpyBot to check for any spyware. No spyware running on server. If my exchange data was corrupt nothing would get in or out. I can actually email in and out if I could get the server to quit sending spam messages. When I look in the queue there are 0 messages. Start SMTP and it just keeps climbing at an incredible rate. All the messages are destined to different locations. hotmail, yahoo, aol, excite, etc etc.
LVL 26

Accepted Solution

Vahik earned 500 total points
ID: 9906354
If ur exchange is started(smtp)and quese is emtpy before u restart it and it is completely disconnected from everything(ur local network and internet)and then ur smtp gets filled up then there must be somthing
on ur exchange server(i know u said u checked it)that u did not find or the outlook express is the culprit that is what my common sense is telling me.Now if u want a quick solution just make sure u have a good backup format ur exchange then install win2000 join it to the domain(make sure to reset the account in active directory first)run exchange setup disasterrecovery and import ur data back.Use exmerge to take out all ur corrupted emais also.Now this is ur last resort if noone else was able to help u out.

Author Comment

ID: 9906702
If the SMTP service is stopped is the queues empty? If not how do I go about empting them to make sure no data is in the queues.
LVL 26

Expert Comment

ID: 9907629
No the queue  does not get   emty and u have to emty it manually.Start ur server
freeze the queues then delete them without creating NDR's.After u clean out ur queue and u unfreeze  them and u still get  new messages accumulating in them(with no connection to anywhere) then u have to either format ur server or call MS.

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses
Course of the Month9 days, 13 hours left to enroll

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question