Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 233
  • Last Modified:

Exchange 2003 Queues

I have Exchange 2003 on Windows 2003 server. I am concerned about the number of Queues that I get on my Exchange server. Right now I have over 3600 queues with some of them containing as much as 150,000 messages. Most of the messages are in retry and are going to no existing internal accounts. My bad mail is averaging about 62,000 messages a day according to the MS Best Practice Tool. I have checked to make sure my exchange server is not set up for open rely and it is not according to MS article. If any one has any ideas as to what would be causing this.

Thanks
0
kcjstarling
Asked:
kcjstarling
  • 3
  • 2
1 Solution
 
SembeeCommented:
You need to go and look at my spam cleanup article.
http://www.amset.info/exchange/spam-cleanup.asp

Those numbers are not normal and need to be investigated.
You are either an open relay, have a compromised account or under NDR attack.

First thing I would do is change your password to the administrator account. That is the account that is attacked most commonly for a compromised account attack.

Simon.
0
 
kcjstarlingAuthor Commented:
I followed your artical and my server is not open relay. So i turned on the diognostic logging for smtp. And while i am not logging the 7008 event that your artical discribes but  i am logging alot of 7004, 7010, and 7002 events. Any ideas.
0
 
SembeeCommented:
The event codes on their own are close to useless.

You may not be an open relay, but you could be attacked in the other ways.
Have you make the change to filter unknown users?
Have you tightened the authenticated relay settings?

Don't expect it to make an immediate change though. ESM is notorious for not showing the true extent of the queues after an attack like this. If you are doing anything to clean the queues it can take three or four attempts before you will get the queues clear.

Simon.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
kcjstarlingAuthor Commented:
Yes I added the unknown user to the recipient filter and added the Tar pit settings to AD. I am not sure if I understand all the authentification settings on the relay. All my users access exchange through one of the following ways, VPN, HTTPS/RPC, Mobile Services (PDAS), OWA, and LAN. But I am not sure how to lock down the relay for all these connections. I do not have POP or Mapi clients and all connect with outlook or OWA.

I did not flush the queues but they are reducing themselves as the NDRs clear out. The numbers of queues are down to under 1000 and none of them have any mail over 100 messages. So the changes have helped. But I would like it secure as I can get it without restricting my users.
0
 
kcjstarlingAuthor Commented:
But the above comment, may be another issue and i will award you the points and ask another question about the relay settings. Thanks alot for your help.
0
 
castianCommented:
Thanks, Sembee, your guide was spot on!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now