Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

1000 messages in my outgoing smtp queue

Posted on 2006-06-02
10
Medium Priority
?
669 Views
Last Modified: 2012-05-05
Hi,
Ok, so my Windows 2003 server/exchange 2003 has been running without issue for a few weeks now since i put it in. However, last night i noticed a lot of messages from a particular user who accesses his mail via OWA and pop3.....they all seemed to be copies of the same messages. It meant that mailflow stopped unitil i deleted them. I also disabled the user account in question and
have not seen a re-occurence of the problem.

I have asked the user to scan their machine for virus/spyware.....

Any more ideas as to what to do with this?

David
0
Comment
Question by:dlloyd37
  • 5
  • 3
  • 2
10 Comments
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 16815498
It sounds like the user has somehow activated a mass-mailing trojan.  See what the virus scan reveals.
0
 

Author Comment

by:dlloyd37
ID: 16819041
Exactly what i thought....

However, this user who is in the US (our server is in the UK)has responded with:

I tried to send 2 messages to the whole of my contacts list approx 750 addresses.
I'm sorry its intentional spam but i need to send it. I will expect some of the
addresses will be out of date so i'm expecting some junk back.

These out of date ones i guess bounce back to my server and gets rety status
causing my mail to back up....is this the case and what is the best way to handle
this? Sorry if this is so basic but your thoughts on how to handle this would be great.

I guess the guy is just doing his job as he work in the publishing/marketing section.

How do you think i should handle this anyway?

Wouldn't it be better anyway to have his outgoing mail server set to his own
ISP which is more local anyway? He can then just have his incoming one set to
download from our server..

0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 16819105
Well, if it's intentional, I wouldn't worry about it.  1000 ~intentional messages isn't a huge amount, but the presence of only 1 unintentional messages would be a cause for concern.  If you want to save bandwidth, he could try relaying through his ISP, but it's very likely that they wouldn't allow it.  No ISP would want to risk being tagged as a source of spam.  The out-of-date addressed ones will disappear in a few days, because the server will eventually give up on them, and return them to the sender.
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 

Author Comment

by:dlloyd37
ID: 16819251
Ok i understand....

But....when he sends these 2 messages to all these people my external email grinds to
a halt...which then affects all the office users, 30 or so, because i have like a 1000+ retries
in the queue and all the legimate mail backs up behind it.

U think i may have an incorrectly configured SMTP connector?

thnx


0
 
LVL 9

Expert Comment

by:Exchgen
ID: 16819589
You may want to make your life real easy...

ftp://ftp.microsoft.com/pss/Tools/Exchange%20Support%20Tools/Aqadmcli/

Get in to the above link and download the tool AQADMCLI.

Create a batch file and add "aqadmcli delmsg flags=SENDER,sender=foo@bar.com".

Here foo@bar.com should be replaced with sender@yourdomain.com.

Run this every time you have an issue with messages stuck in queue, if the sender is postmaster then they are nothing but NDR that are trying to get out of your system. The tool can be configured to delete any or all messages in exchange system manager queue viewer.

Also try and implement sender, recipient and IMF filtering to avoid being hit by spam in future.

Raghu
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 16823095
It shouldn't be grinding to a halt.  It will try each message once every fifteen minutes, then each will go to the back of the queue.  New mail should go straight to the front, and shouldn't be held up by old messages.  Do you see heavy CPU utilization, or disk activity, with these messages in the queue?
0
 
LVL 9

Expert Comment

by:Exchgen
ID: 16824223
I should agree to Lee's point to an extent, but if you have 1000 messages how can one guess that the messge would go in to freez mode and allow the rest to pass through.

What i have seen is these messages take a lot of your bandwidth and hence choke up the queue.. If these messages need to be sent i would want the user to send in batches depending upon the bandwith and ofcourse how good the server can process.

Raghu
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 16824255
If you look at the messages in the queues, each should show a time when the server is next going to try to deliver it, this suggests to me that the server is not continually trying each one as soon as it has failed.  I don't think the queues are strictly FIFO - the ones that failed should make way for the new ones, until it is time for them to be retried once more.  I'm just guessing here, though.  You will get more accurate statistics from the SMTP performance objects in perfmon.
0
 

Author Comment

by:dlloyd37
ID: 16860656
Sorry, been away for a couple of days.....

Ok, i understand what you mean and yes they should make way for new mail but what i'm
seeing is a not what you say should happen. Ok, so they are in a retry state and should make
way for new mail. If i send a message while the queue is in this state it doesn't arrive for a long
time, if at all.....i only waited 20 mins or so. There is no hint of processing/memory usage spikes
either.

When i deleted these messages using system manager, mail flow returned to normal..


David
0
 
LVL 31

Accepted Solution

by:
LeeDerbyshire earned 1500 total points
ID: 16860765
I don't have an answer for that, I'm afraid, but this MS SMTP mailflow troubleshooting article may help:

http://www.microsoft.com/technet/prodtechnol/exchange/guides/E2k3TransnRouting/32e85e48-1a58-46c3-8f0d-f94df467ad41.mspx?mfr=true

May be the server is performing too many DNS queries, and having to wait for the results?
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
Among the most obnoxious of Exchange errors is error 1216 – Attached Database Mismatch error of the Jet Database Engine. When faced with this error, users may have to suffer from mailbox inaccessibility and in worst situations, permanent data loss.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question