Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


repeated administrator emails and smtp queue filling up.

Posted on 2004-10-28
Medium Priority
Last Modified: 2012-05-05
ok, i have a bit of a situation here.

my exchange server is continually sending mesages from administrator to adminstrative account (mine) saying your message could not be delivered. i have scanned my pc for viruses and it comes up clean. the smtp queues is filling up with iundeliverable mail, i have had up to 1200 queues. I have no idea how to fix this. At first i thought the emails were coming externally so i turned on recipient filtering as i saw it fixed this problem for someone else but it made no difference.

i have trendmicro scan mail on the server and it constantly show message found from administrator at smtp mailbox, about 5 oer second. these are the non delivery recipts by the look of it.

any ideas? its exchange 20003 running on server 2000.
Question by:simon2323
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 10

Expert Comment

ID: 12441655
It sounds as if your exchange server is open relay.

Use Telnet to go to port 25 of your Exchange server and try and send a mail from daffy@loonytoons.com to micky@disney.com
If you are able to successfully send mail from loonytoons to an external domain (try your hotmail or isp account) then your Exchange Server could very well be open to relay.

Please review this article and make sure that your smtp virtual server is locked down.


The following article is about Exchange 2000 but applies to 2003 as well

LVL 104

Expert Comment

ID: 12443536
If the messages are NDRs then you could be subject to an NDR attack. This is where messages are sent to non-valid email addresses on purpose. They then bounce to the "sender". Except the sender is also spoofed and is the real person that the spammer wants to send to.
There are some options in Exchange 2003 which will stop those from even being delivered.

If the emails are going in to the administrator account, then it may also be the administrator account has been compromised. As a precaution I would consider changing the administrator account password as well.
As for clearing the queues there are a number of processes that you can use. These could catch valid emails as well, so you may have to wait until they have been delivered. I have outlined them on my web site:


Expert Comment

ID: 12449825
If it is NDR Attack ... and as you running E2k3, you can very well prevent that happening next time.

On the Property of "Message Delivery" go to "Recipient Filtering" and enable the Check box ""Filter Recipients who are not in the Directory"
Apply this Filter on "Default SMTP Virtual Server"
Restart SMTP

and you wont be target of NDR Spam
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why


Author Comment

ID: 12450096
I have checked the filter recipients who are not in the directory. Have read about the open relay and have checked and from what i can tell im not open. have unplugged the server from the lan and the emails are still being generated,. trend micro server protect has detected viruses in the queues but can't remove them? have obviously updated the definitions etc. Administrator account password has been changed. have also installed the microsoft exchange 2003 message filter.

the queues keep  filling up even when im not on the net so i can't clear them fast enough, can i rename the folder and replace it with an empty one?

my server is now shutting down intermittently.

this sucks!

Author Comment

ID: 12450115
also if i delete the administrators mailbox the come from the "first administrative group"
LVL 104

Accepted Solution

Sembee earned 2000 total points
ID: 12452006
ESM is not capable of showing all the messages that are in the queue. Therefore if you have been the victim of an authenticated user or NDR attack, then the queues will appear to continue to increase while Exhcnage processes teh messages.
You need to get those queues cleared - there are a couple of techniques, which I have outlined in the second page I linked to above. Once the queues are clear then you can put the machine back on the Internet.


Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question