1000 messages in my outgoing smtp queue

Ok, so my Windows 2003 server/exchange 2003 has been running without issue for a few weeks now since i put it in. However, last night i noticed a lot of messages from a particular user who accesses his mail via OWA and pop3.....they all seemed to be copies of the same messages. It meant that mailflow stopped unitil i deleted them. I also disabled the user account in question and
have not seen a re-occurence of the problem.

I have asked the user to scan their machine for virus/spyware.....

Any more ideas as to what to do with this?

Who is Participating?
I don't have an answer for that, I'm afraid, but this MS SMTP mailflow troubleshooting article may help:


May be the server is performing too many DNS queries, and having to wait for the results?
It sounds like the user has somehow activated a mass-mailing trojan.  See what the virus scan reveals.
dlloyd37Author Commented:
Exactly what i thought....

However, this user who is in the US (our server is in the UK)has responded with:

I tried to send 2 messages to the whole of my contacts list approx 750 addresses.
I'm sorry its intentional spam but i need to send it. I will expect some of the
addresses will be out of date so i'm expecting some junk back.

These out of date ones i guess bounce back to my server and gets rety status
causing my mail to back up....is this the case and what is the best way to handle
this? Sorry if this is so basic but your thoughts on how to handle this would be great.

I guess the guy is just doing his job as he work in the publishing/marketing section.

How do you think i should handle this anyway?

Wouldn't it be better anyway to have his outgoing mail server set to his own
ISP which is more local anyway? He can then just have his incoming one set to
download from our server..

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Well, if it's intentional, I wouldn't worry about it.  1000 ~intentional messages isn't a huge amount, but the presence of only 1 unintentional messages would be a cause for concern.  If you want to save bandwidth, he could try relaying through his ISP, but it's very likely that they wouldn't allow it.  No ISP would want to risk being tagged as a source of spam.  The out-of-date addressed ones will disappear in a few days, because the server will eventually give up on them, and return them to the sender.
dlloyd37Author Commented:
Ok i understand....

But....when he sends these 2 messages to all these people my external email grinds to
a halt...which then affects all the office users, 30 or so, because i have like a 1000+ retries
in the queue and all the legimate mail backs up behind it.

U think i may have an incorrectly configured SMTP connector?


You may want to make your life real easy...


Get in to the above link and download the tool AQADMCLI.

Create a batch file and add "aqadmcli delmsg flags=SENDER,sender=foo@bar.com".

Here foo@bar.com should be replaced with sender@yourdomain.com.

Run this every time you have an issue with messages stuck in queue, if the sender is postmaster then they are nothing but NDR that are trying to get out of your system. The tool can be configured to delete any or all messages in exchange system manager queue viewer.

Also try and implement sender, recipient and IMF filtering to avoid being hit by spam in future.

It shouldn't be grinding to a halt.  It will try each message once every fifteen minutes, then each will go to the back of the queue.  New mail should go straight to the front, and shouldn't be held up by old messages.  Do you see heavy CPU utilization, or disk activity, with these messages in the queue?
I should agree to Lee's point to an extent, but if you have 1000 messages how can one guess that the messge would go in to freez mode and allow the rest to pass through.

What i have seen is these messages take a lot of your bandwidth and hence choke up the queue.. If these messages need to be sent i would want the user to send in batches depending upon the bandwith and ofcourse how good the server can process.

If you look at the messages in the queues, each should show a time when the server is next going to try to deliver it, this suggests to me that the server is not continually trying each one as soon as it has failed.  I don't think the queues are strictly FIFO - the ones that failed should make way for the new ones, until it is time for them to be retried once more.  I'm just guessing here, though.  You will get more accurate statistics from the SMTP performance objects in perfmon.
dlloyd37Author Commented:
Sorry, been away for a couple of days.....

Ok, i understand what you mean and yes they should make way for new mail but what i'm
seeing is a not what you say should happen. Ok, so they are in a retry state and should make
way for new mail. If i send a message while the queue is in this state it doesn't arrive for a long
time, if at all.....i only waited 20 mins or so. There is no hint of processing/memory usage spikes

When i deleted these messages using system manager, mail flow returned to normal..

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.