Solved

Email queue full of junk

Posted on 2006-11-17
9
311 Views
Last Modified: 2010-03-06
Hi,

We are using Exchange Server 2003.

Under the queue list found at Servers | OurServer | Queues in exchange system manager we constantly seem to have loads of (what appear) to be just destinations waiting to be sent.

Is this purely the outbound mail waiting to go and would you suggest (based on the info above) that we have an infected machine that is trying to send spam via our exchange server?  If not what are all these messages doing there?

Many thanks.

James.
0
Comment
Question by:JAMES
  • 4
  • 3
  • 2
9 Comments
 
LVL 14

Expert Comment

by:inbarasan
ID: 17963635
Dear JAMES,
If it is geniune domain then in that case you have issue in resolving MX Record using DNS. You need to check that. If it is not geniune domain you can just ignore.  Sometimes if you have some spam filter which sends a mail after it detects a mail as spam to the sender then you might see mails like in the queue.

Cheers!
0
 
LVL 39

Accepted Solution

by:
redseatechnologies earned 500 total points
ID: 17963658
Hi James,

An infected machine would not be using your exchange server to send mail, it would be using it's own smtp server, so you can stop worrying about that.

This is probably going to be the tail end of NDR spam.  A spammer is sending mail to you from fake senders, and your server is trying to respond.  What you would do to resolve this would be to implement Recipient Filtering and Tarpitting - which is explained here -> http://www.amset.info/exchange/filterunknown.asp

For the immediate problem of queues, you can use this guide to clear them out (and confirm you are not vulnerable) -> http://www.amset.info/exchange/spam-cleanup.asp

-red
0
 

Author Comment

by:JAMES
ID: 17963664
Yes, they all appear to be "genuine" domains but not destinations we have sent mail to.  

Sorry I dont understand your first point.

We are using anti-spam (brightmail / symantec) software but I it does not send anything back to the sender if it detects SPAM.

What about if a message has arrived into our exchange server with an invalid recipient then Exchange will send a message back saying recipient not found - could that also account for these messages?

Thanks.
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17963711
>>What about if a message has arrived into our exchange server with an invalid recipient then Exchange will send a message back saying recipient not found - could that also account for these messages?

That is what my post refers to, I assume by the time you posted you had not yet seen it

-red
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:JAMES
ID: 17963719
Yes Red, you are correct.

I also reread my original question again and I didnt make it initially clear the destinations were not ones we have sent mail to.  In any case you seem to have understood my ramblings and I much appreciate your help.

I have implemented the suggestions found as amset.info with thanks.

One last question though - if I drill down on the messages waiting to be sent they seem to be using "postmaster@ourdomain.com" as the sender address.  Is this simply the default exchange "admin" address or are these messages being targeted at the mailbox of postmaster - in which case the above fix wont have any impact as this is a reall address.

Thanks again.
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17963731
>>if I drill down on the messages waiting to be sent they seem to be using "postmaster@ourdomain.com" as the sender address.

That confirms that it is NDR spam,

Postmaster@yourdomain.com is the exchange default from address for NDRs going out.

The above will work, recipient filtering is fantastic, but MAKE SURE that you enable tarpitting as well, otherwise you will be prone for another type of attack

-red
0
 

Author Comment

by:JAMES
ID: 17963742
I have already enabled tarpitting following the instructions provided by you.

Again, many thanks for your help.


inbarasan - I hope you dont mind but I am going to award the points to Red for providing such detailed help but thanks for your input anyway.

James.

 
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17963778
Thanks James, glad to be of assistance.

-red
0
 
LVL 14

Expert Comment

by:inbarasan
ID: 17964397
I have no issues. Glad that it resolved your issue and i also learnt something new :-)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now