Spam SMTP connectors in Exchange Queues

I recently locked down our Exchange Server a bit using the methods outlined in Microsoft's "How to block open SMTP relaying and clean up Exchange Server SMTP queues in Windows Small Business Server" (we use Standard Edition, but the Exchange methods are the same).  Although this solved our problems and cleaned a lot up, I still see about 8 SMTP Connector's in the Queue which are obviously spam related.

For example, the listing will show

MYEMAILSERVER - casinosite.com (SMTP Connector)    SMTP    Default SMTP Virtual Server

I've frozen the obvious connectors, but they still show an unsent email in all of 'em.  I've checked our connectors and found that our one connector is configured properly.

How do I get rid of these open spam connectors?  Shouldn't the queue just show our one default connector instead of a connector for every domain an email is sent to?

Thanks!
Kevin
Kevin SmithAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rakeshmiglaniCommented:
are you able to delete the emails in these SPAM smtp connectors?
Kevin SmithAuthor Commented:
yes
rakeshmiglaniCommented:
once you delete the emails in these queues and the queues show as empty, you need to restart the smtp service and the queues are cleared out.
otherwise you can wait for some time and the empty queues will vanish

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
brakk0Commented:
They are most likely NDRs (Non Delivery Reports) for spam that was sent to non existent addresses in your domain. They can also be read receipts on spam sent to actual users. This happens when the return address on a message is a non existent domain (or a domain that can't receive email for whatever reason). The messages will sit in your queue until they time out.

This is pretty normal and it's normal to have an SMTP connector for each outgoing domain in your queue. If you right click on one and select "find messages" then "find now" it will most likely show the sender as postmaster@mydomain.com. You can clear the queues by deleting the messages, and after a while, the connectors will disappear, but more will just come back later.

You can limit this by enabling recipient filtering and rejecting email sent to non existent accounts, but I wouldn't do that without enabling SMTP tarpitting to prevent address book harvesting. http://www.msexchange.org/tutorials/Windows-based-SMTP-Tar-Pitting-Explained.html

Kevin SmithAuthor Commented:
Thanks guys...I'm giving 300 to rake 'cause he answered what appeared to be the main question, but brakk gave me some very useful information on the smtp connector's themselves, so I'm giving him 200 for answering the final question.

Thanks!
Kevin
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.