Solved

Smtp queue full again, can't stop the crap from pouring in....HELP !

Posted on 2004-10-27
1,233 Views
Last Modified: 2012-06-27
My previous posted question - thought the problem was solved...
http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21180509.html

I turned on logging for msexchangetransport, smpt, to max...
here is a copy of the ndr report...does this mean an authenticated user is causing these problems ?
My queue is FULL again !!!  AHHHHHHH!!

Ex 1.
This is an SMTP protocol error log for virtual server ID 1, connection #78. The remote host "207.115.57.17", responded to the SMTP command "rcpt" with "553 5.3.0 <tmcfarland@pacbell.net>... Addressee unknown, relay=[66.151.184.131]  ". The full command sent was "RCPT TO:<tmcfarland@pacbell.net>  ".  This will probably cause the connection to fail.

Ex 2.
This is an SMTP protocol warning log for virtual server ID 1, connection #77. The remote host "151.164.30.65", responded to the SMTP command "mail" with "451 4.7.7 Excessive userid unknowns from 66.151.184.131  ". The full command sent was "MAIL FROM:<messmerited@bigpond.com>  ".  This may cause the connection to fail.

Ex 3.
This is an SMTP protocol error log for virtual server ID 1, connection #76. The remote host "208.45.133.107", responded to the SMTP command "rcpt" with "550 <tmcgrath2@excite.com>: Recipient address rejected: User unknown in virtual alias table  ". The full command sent was "RCPT TO:<tmcgrath2@excite.com>  ".  This will probably cause the connection to fail.

Any new ideas ?
Thx.
0
Question by:flyfreak
    4 Comments
     
    LVL 104

    Accepted Solution

    by:
    Did you enable unknown user filtering?

    http://www.amset.info/exchange/filterunknown.asp

    You may have to go through the queue cleaning procedure once again.
    http://www.amset.info/exchange/spam-cleanup.asp

    Simon.
    0
     
    LVL 1

    Author Comment

    by:flyfreak
    Unknown user filtering is enabled.
    allow auth users to relay regardless of the list above is checked.
    queues were clean, but they fill up again and again.
    I also added another domain to Internet Message Formats, one as *, which allows NDR's, and one for my actual domain, which is set to not send NDR's.

    here is what my event log is full of...
    A non-delivery report with a status code of 5.3.0 was generated for recipient rfc822;beaulah83@tampabay.rr.com (Message-ID <EGEXCH01tDAFQSu0bO40001f811@medford-mail.elizabethgrady.com>).  
    Causes: Exchange mistakenly attempted mail delivery to an incorrect MTA route.  
    For more information, click http://www.microsoft.com/contentredirect.asp.    
    Solution: Check your route and topology; use the winroute tool to ensure the routes are properly replicated between servers and routing groups.

    AND
    A non-delivery report with a status code of 5.4.0 was generated for recipient rfc822;dova@gainv.mindspring.com (Message-ID <EGEXCH01R24FCObwJiH0001f6db@medford-mail.elizabethgrady.com>).  
    Causes: This message indicates a DNS problem or an IP address configuration problem  
    Solution: Check the DNS using nslookup or dnsq. Verify the IP address is in IPv4 literal format.
    For more information, click http://www.microsoft.com/contentredirect.asp.
    ***these errors are only for mindspring.com addresses***

    What is letting these messages into my Exchange server ?????
    0
     
    LVL 104

    Expert Comment

    by:Sembee
    Do you have people sending email through your Exchange server using SMTP? I don't mean receiving email, but staff or others with Outlook Express etc? If so then you can disable the option about authenticated users.

    Otherwise you are continue to get NDRs. Personally I would delete the other Internet Message Format configuration and disable NDRs on the * - at least for a little while. See if the messages continue to build.

    Simon.
    0
     
    LVL 1

    Author Comment

    by:flyfreak
    Finally, its fixed.
    I turned off allow auth. users to relay regardless of list above.
    I created the bogus connector, dumped all the crap into one queue, deleted everything.
    I waited for no more mail to come in, deleted the connector, restarted SMTP virtual service.
    Queues stayed empty.
    This morning, as a test I turned allow auth users to relay on again.
    Queues did NOT fill up !!!
    So could it just have been an overload of retries that cause all the NDR's ?
    Anyway, its fixed !!!
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
    Create high volume marketing opportunities using email signatures with these top 10 DOs and DON'Ts of email signature marketing.
    In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
    In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

    911 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now