Solved

Exchange queue is filling with spam

Posted on 2003-12-09
7
1,306 Views
Last Modified: 2012-06-27
I have Exchange Server 2000 sp3 loaded. I have the latest Norton AV software updated. Currently the email server is throwing out thousands of spam mail messages. I have verified I am not an open relay. I have checked the server for a virus and can not find one. If I stop the SMTP service everything goes back to normal. I can unplug all network connections and the SMTP queues still fill up with spam. Any ideas?

 
0
Comment
Question by:itheadaches
  • 3
  • 3
7 Comments
 
LVL 24

Expert Comment

by:David Wilhoit
ID: 9905491
give us your network layout, firewall and such. When you say unplug network connections, are you unplugging the cable from the exchagne server? Did you change the default settings of the SMTP virtual server at all? If so, what changes did you make?

D
0
 

Author Comment

by:itheadaches
ID: 9905747
I have a Win2K Server running E2K with SP3. There is no firewall between the server and the outside world. The server plugs directly into switch and the switch connections to the T1. One of my goals this month was to move the server behind the DMZ, but they must have hacked it before I could make the move. I have checked the processes in the server, and nothing is really running hard. Only the hard drive spamming messages is making the machine basically unusable. If I unplug the network connection to the outside world the server continues to spam messages. If I stop the SMTP service then all messages in the queue are wiped out and everything on the server is quiet. I also noticed I was able to receive messages when the service was stopped because the computer could respond. If the SMTP service is launched it takes so much on the hard drive almost nothing can come or go.
0
 
LVL 26

Expert Comment

by:Vahik
ID: 9905779
U unplug all network connection and ur queue gets filled up with tons af messages?
When u do this is ur queue is emty or is already filled up and queue just keeps trying to send them out?If ur answer is that ue queue is empty when u bring smtp online(disonnected)then problem is on exchange server.DO u have outlook installed on exchange?Did u check for spyware and addware on ur exchange.It may be that ur exchange data is corrupted.If So use EXMERGE yes EXMERGE (this will take out all corrupted emails out) to pst all the info cleanout ur MDBDATA folder start ur exchange inorder to have a clean database then use exmerge to import ur data back.call back if u need more help.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:itheadaches
ID: 9906052
Yes when I unplug all network connection my queue gets filled up. It has to be something running on the computer, but I can not find out what. I thought for sure it was the mail virus, but I checked and that does not exist on the server.

I do have outlook express installed, but no one uses it. I only use it to check to make sure a new mail account works. I ran SpyBot to check for any spyware. No spyware running on server. If my exchange data was corrupt nothing would get in or out. I can actually email in and out if I could get the server to quit sending spam messages. When I look in the queue there are 0 messages. Start SMTP and it just keeps climbing at an incredible rate. All the messages are destined to different locations. hotmail, yahoo, aol, excite, etc etc.
0
 
LVL 26

Accepted Solution

by:
Vahik earned 500 total points
ID: 9906354
If ur exchange is started(smtp)and quese is emtpy before u restart it and it is completely disconnected from everything(ur local network and internet)and then ur smtp gets filled up then there must be somthing
on ur exchange server(i know u said u checked it)that u did not find or the outlook express is the culprit that is what my common sense is telling me.Now if u want a quick solution just make sure u have a good backup format ur exchange then install win2000 join it to the domain(make sure to reset the account in active directory first)run exchange setup disasterrecovery and import ur data back.Use exmerge to take out all ur corrupted emais also.Now this is ur last resort if noone else was able to help u out.
0
 

Author Comment

by:itheadaches
ID: 9906702
If the SMTP service is stopped is the queues empty? If not how do I go about empting them to make sure no data is in the queues.
0
 
LVL 26

Expert Comment

by:Vahik
ID: 9907629
No the queue  does not get   emty and u have to emty it manually.Start ur server
freeze the queues then delete them without creating NDR's.After u clean out ur queue and u unfreeze  them and u still get  new messages accumulating in them(with no connection to anywhere) then u have to either format ur server or call MS.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question