Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies. Only from Platform Scholar.
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Email queue full of junk
Posted on 2006-11-17
Hi,
We are using Exchange Server 2003.
Under the queue list found at Servers | OurServer | Queues in exchange system manager we constantly seem to have loads of (what appear) to be just destinations waiting to be sent.
Is this purely the outbound mail waiting to go and would you suggest (based on the info above) that we have an infected machine that is trying to send spam via our exchange server? If not what are all these messages doing there?
Many thanks.
James.
We are using Exchange Server 2003.
Under the queue list found at Servers | OurServer | Queues in exchange system manager we constantly seem to have loads of (what appear) to be just destinations waiting to be sent.
Is this purely the outbound mail waiting to go and would you suggest (based on the info above) that we have an infected machine that is trying to send spam via our exchange server? If not what are all these messages doing there?
Many thanks.
James.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
4
-
3
-
2
9 Comments
Dear JAMES,
If it is geniune domain then in that case you have issue in resolving MX Record using DNS. You need to check that. If it is not geniune domain you can just ignore. Sometimes if you have some spam filter which sends a mail after it detects a mail as spam to the sender then you might see mails like in the queue.
Cheers!
If it is geniune domain then in that case you have issue in resolving MX Record using DNS. You need to check that. If it is not geniune domain you can just ignore. Sometimes if you have some spam filter which sends a mail after it detects a mail as spam to the sender then you might see mails like in the queue.
Cheers!
Hi James,
An infected machine would not be using your exchange server to send mail, it would be using it's own smtp server, so you can stop worrying about that.
This is probably going to be the tail end of NDR spam. A spammer is sending mail to you from fake senders, and your server is trying to respond. What you would do to resolve this would be to implement Recipient Filtering and Tarpitting - which is explained here -> http://www.amset.info/exchange/filterunknown.asp
For the immediate problem of queues, you can use this guide to clear them out (and confirm you are not vulnerable) -> http://www.amset.info/exchange/spam-cleanup.asp
-red
An infected machine would not be using your exchange server to send mail, it would be using it's own smtp server, so you can stop worrying about that.
This is probably going to be the tail end of NDR spam. A spammer is sending mail to you from fake senders, and your server is trying to respond. What you would do to resolve this would be to implement Recipient Filtering and Tarpitting - which is explained here -> http://www.amset.info/exchange/filterunknown.asp
For the immediate problem of queues, you can use this guide to clear them out (and confirm you are not vulnerable) -> http://www.amset.info/exchange/spam-cleanup.asp
-red
Yes, they all appear to be "genuine" domains but not destinations we have sent mail to.
Sorry I dont understand your first point.
We are using anti-spam (brightmail / symantec) software but I it does not send anything back to the sender if it detects SPAM.
What about if a message has arrived into our exchange server with an invalid recipient then Exchange will send a message back saying recipient not found - could that also account for these messages?
Thanks.
Sorry I dont understand your first point.
We are using anti-spam (brightmail / symantec) software but I it does not send anything back to the sender if it detects SPAM.
What about if a message has arrived into our exchange server with an invalid recipient then Exchange will send a message back saying recipient not found - could that also account for these messages?
Thanks.
>>What about if a message has arrived into our exchange server with an invalid recipient then Exchange will send a message back saying recipient not found - could that also account for these messages?
That is what my post refers to, I assume by the time you posted you had not yet seen it
-red
That is what my post refers to, I assume by the time you posted you had not yet seen it
-red
Yes Red, you are correct.
I also reread my original question again and I didnt make it initially clear the destinations were not ones we have sent mail to. In any case you seem to have understood my ramblings and I much appreciate your help.
I have implemented the suggestions found as amset.info with thanks.
One last question though - if I drill down on the messages waiting to be sent they seem to be using "postmaster@ourdomain.com"
Thanks again.
I also reread my original question again and I didnt make it initially clear the destinations were not ones we have sent mail to. In any case you seem to have understood my ramblings and I much appreciate your help.
I have implemented the suggestions found as amset.info with thanks.
One last question though - if I drill down on the messages waiting to be sent they seem to be using "postmaster@ourdomain.com"
Thanks again.
>>if I drill down on the messages waiting to be sent they seem to be using "postmaster@ourdomain.com"
That confirms that it is NDR spam,
Postmaster@yourdomain.com is the exchange default from address for NDRs going out.
The above will work, recipient filtering is fantastic, but MAKE SURE that you enable tarpitting as well, otherwise you will be prone for another type of attack
-red
That confirms that it is NDR spam,
Postmaster@yourdomain.com is the exchange default from address for NDRs going out.
The above will work, recipient filtering is fantastic, but MAKE SURE that you enable tarpitting as well, otherwise you will be prone for another type of attack
-red
I have already enabled tarpitting following the instructions provided by you.
Again, many thanks for your help.
inbarasan - I hope you dont mind but I am going to award the points to Red for providing such detailed help but thanks for your input anyway.
James.
Again, many thanks for your help.
inbarasan - I hope you dont mind but I am going to award the points to Red for providing such detailed help but thanks for your input anyway.
James.
Featured Post
If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Find out what you should include to make the best professional email signature for your organization.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center.
Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center.
Navigate to the Recipients >> Contact ta…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online.
The email signature template has been downloaded from:
www.mail-signatures…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month6 days, 14 hours left to enroll
Earn Certification
MTA Networking Fundamentals Exam 98-366
$59.00$53.10
623 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.