Solved

Exchange 2003 Queues

Posted on 2006-07-17
6
225 Views
Last Modified: 2010-11-01
I have Exchange 2003 on Windows 2003 server. I am concerned about the number of Queues that I get on my Exchange server. Right now I have over 3600 queues with some of them containing as much as 150,000 messages. Most of the messages are in retry and are going to no existing internal accounts. My bad mail is averaging about 62,000 messages a day according to the MS Best Practice Tool. I have checked to make sure my exchange server is not set up for open rely and it is not according to MS article. If any one has any ideas as to what would be causing this.

Thanks
0
Comment
Question by:kcjstarling
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 17122225
You need to go and look at my spam cleanup article.
http://www.amset.info/exchange/spam-cleanup.asp

Those numbers are not normal and need to be investigated.
You are either an open relay, have a compromised account or under NDR attack.

First thing I would do is change your password to the administrator account. That is the account that is attacked most commonly for a compromised account attack.

Simon.
0
 

Author Comment

by:kcjstarling
ID: 17129530
I followed your artical and my server is not open relay. So i turned on the diognostic logging for smtp. And while i am not logging the 7008 event that your artical discribes but  i am logging alot of 7004, 7010, and 7002 events. Any ideas.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 17131772
The event codes on their own are close to useless.

You may not be an open relay, but you could be attacked in the other ways.
Have you make the change to filter unknown users?
Have you tightened the authenticated relay settings?

Don't expect it to make an immediate change though. ESM is notorious for not showing the true extent of the queues after an attack like this. If you are doing anything to clean the queues it can take three or four attempts before you will get the queues clear.

Simon.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:kcjstarling
ID: 17132303
Yes I added the unknown user to the recipient filter and added the Tar pit settings to AD. I am not sure if I understand all the authentification settings on the relay. All my users access exchange through one of the following ways, VPN, HTTPS/RPC, Mobile Services (PDAS), OWA, and LAN. But I am not sure how to lock down the relay for all these connections. I do not have POP or Mapi clients and all connect with outlook or OWA.

I did not flush the queues but they are reducing themselves as the NDRs clear out. The numbers of queues are down to under 1000 and none of them have any mail over 100 messages. So the changes have helped. But I would like it secure as I can get it without restricting my users.
0
 

Author Comment

by:kcjstarling
ID: 17132315
But the above comment, may be another issue and i will award you the points and ask another question about the relay settings. Thanks alot for your help.
0
 

Expert Comment

by:castian
ID: 34036014
Thanks, Sembee, your guide was spot on!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question