Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Exchange 2003 Queues

Posted on 2006-07-17
6
Medium Priority
?
231 Views
Last Modified: 2010-11-01
I have Exchange 2003 on Windows 2003 server. I am concerned about the number of Queues that I get on my Exchange server. Right now I have over 3600 queues with some of them containing as much as 150,000 messages. Most of the messages are in retry and are going to no existing internal accounts. My bad mail is averaging about 62,000 messages a day according to the MS Best Practice Tool. I have checked to make sure my exchange server is not set up for open rely and it is not according to MS article. If any one has any ideas as to what would be causing this.

Thanks
0
Comment
Question by:kcjstarling
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 17122225
You need to go and look at my spam cleanup article.
http://www.amset.info/exchange/spam-cleanup.asp

Those numbers are not normal and need to be investigated.
You are either an open relay, have a compromised account or under NDR attack.

First thing I would do is change your password to the administrator account. That is the account that is attacked most commonly for a compromised account attack.

Simon.
0
 

Author Comment

by:kcjstarling
ID: 17129530
I followed your artical and my server is not open relay. So i turned on the diognostic logging for smtp. And while i am not logging the 7008 event that your artical discribes but  i am logging alot of 7004, 7010, and 7002 events. Any ideas.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17131772
The event codes on their own are close to useless.

You may not be an open relay, but you could be attacked in the other ways.
Have you make the change to filter unknown users?
Have you tightened the authenticated relay settings?

Don't expect it to make an immediate change though. ESM is notorious for not showing the true extent of the queues after an attack like this. If you are doing anything to clean the queues it can take three or four attempts before you will get the queues clear.

Simon.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:kcjstarling
ID: 17132303
Yes I added the unknown user to the recipient filter and added the Tar pit settings to AD. I am not sure if I understand all the authentification settings on the relay. All my users access exchange through one of the following ways, VPN, HTTPS/RPC, Mobile Services (PDAS), OWA, and LAN. But I am not sure how to lock down the relay for all these connections. I do not have POP or Mapi clients and all connect with outlook or OWA.

I did not flush the queues but they are reducing themselves as the NDRs clear out. The numbers of queues are down to under 1000 and none of them have any mail over 100 messages. So the changes have helped. But I would like it secure as I can get it without restricting my users.
0
 

Author Comment

by:kcjstarling
ID: 17132315
But the above comment, may be another issue and i will award you the points and ask another question about the relay settings. Thanks alot for your help.
0
 

Expert Comment

by:castian
ID: 34036014
Thanks, Sembee, your guide was spot on!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question