• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 233
  • Last Modified:

Exchange 2003 Queues

I have Exchange 2003 on Windows 2003 server. I am concerned about the number of Queues that I get on my Exchange server. Right now I have over 3600 queues with some of them containing as much as 150,000 messages. Most of the messages are in retry and are going to no existing internal accounts. My bad mail is averaging about 62,000 messages a day according to the MS Best Practice Tool. I have checked to make sure my exchange server is not set up for open rely and it is not according to MS article. If any one has any ideas as to what would be causing this.

Thanks
0
kcjstarling
Asked:
kcjstarling
  • 3
  • 2
1 Solution
 
SembeeCommented:
You need to go and look at my spam cleanup article.
http://www.amset.info/exchange/spam-cleanup.asp

Those numbers are not normal and need to be investigated.
You are either an open relay, have a compromised account or under NDR attack.

First thing I would do is change your password to the administrator account. That is the account that is attacked most commonly for a compromised account attack.

Simon.
0
 
kcjstarlingAuthor Commented:
I followed your artical and my server is not open relay. So i turned on the diognostic logging for smtp. And while i am not logging the 7008 event that your artical discribes but  i am logging alot of 7004, 7010, and 7002 events. Any ideas.
0
 
SembeeCommented:
The event codes on their own are close to useless.

You may not be an open relay, but you could be attacked in the other ways.
Have you make the change to filter unknown users?
Have you tightened the authenticated relay settings?

Don't expect it to make an immediate change though. ESM is notorious for not showing the true extent of the queues after an attack like this. If you are doing anything to clean the queues it can take three or four attempts before you will get the queues clear.

Simon.
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
kcjstarlingAuthor Commented:
Yes I added the unknown user to the recipient filter and added the Tar pit settings to AD. I am not sure if I understand all the authentification settings on the relay. All my users access exchange through one of the following ways, VPN, HTTPS/RPC, Mobile Services (PDAS), OWA, and LAN. But I am not sure how to lock down the relay for all these connections. I do not have POP or Mapi clients and all connect with outlook or OWA.

I did not flush the queues but they are reducing themselves as the NDRs clear out. The numbers of queues are down to under 1000 and none of them have any mail over 100 messages. So the changes have helped. But I would like it secure as I can get it without restricting my users.
0
 
kcjstarlingAuthor Commented:
But the above comment, may be another issue and i will award you the points and ask another question about the relay settings. Thanks alot for your help.
0
 
castianCommented:
Thanks, Sembee, your guide was spot on!
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now