• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 235
  • Last Modified:

Exchange 2003 Queues

I have Exchange 2003 on Windows 2003 server. I am concerned about the number of Queues that I get on my Exchange server. Right now I have over 3600 queues with some of them containing as much as 150,000 messages. Most of the messages are in retry and are going to no existing internal accounts. My bad mail is averaging about 62,000 messages a day according to the MS Best Practice Tool. I have checked to make sure my exchange server is not set up for open rely and it is not according to MS article. If any one has any ideas as to what would be causing this.

Thanks
0
kcjstarling
Asked:
kcjstarling
  • 3
  • 2
1 Solution
 
SembeeCommented:
You need to go and look at my spam cleanup article.
http://www.amset.info/exchange/spam-cleanup.asp

Those numbers are not normal and need to be investigated.
You are either an open relay, have a compromised account or under NDR attack.

First thing I would do is change your password to the administrator account. That is the account that is attacked most commonly for a compromised account attack.

Simon.
0
 
kcjstarlingAuthor Commented:
I followed your artical and my server is not open relay. So i turned on the diognostic logging for smtp. And while i am not logging the 7008 event that your artical discribes but  i am logging alot of 7004, 7010, and 7002 events. Any ideas.
0
 
SembeeCommented:
The event codes on their own are close to useless.

You may not be an open relay, but you could be attacked in the other ways.
Have you make the change to filter unknown users?
Have you tightened the authenticated relay settings?

Don't expect it to make an immediate change though. ESM is notorious for not showing the true extent of the queues after an attack like this. If you are doing anything to clean the queues it can take three or four attempts before you will get the queues clear.

Simon.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
kcjstarlingAuthor Commented:
Yes I added the unknown user to the recipient filter and added the Tar pit settings to AD. I am not sure if I understand all the authentification settings on the relay. All my users access exchange through one of the following ways, VPN, HTTPS/RPC, Mobile Services (PDAS), OWA, and LAN. But I am not sure how to lock down the relay for all these connections. I do not have POP or Mapi clients and all connect with outlook or OWA.

I did not flush the queues but they are reducing themselves as the NDRs clear out. The numbers of queues are down to under 1000 and none of them have any mail over 100 messages. So the changes have helped. But I would like it secure as I can get it without restricting my users.
0
 
kcjstarlingAuthor Commented:
But the above comment, may be another issue and i will award you the points and ask another question about the relay settings. Thanks alot for your help.
0
 
castianCommented:
Thanks, Sembee, your guide was spot on!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now