Solved

Exchange Server 2003 connections

Posted on 2007-03-31
4
173 Views
Last Modified: 2010-04-18
Here's the environ:

Small LAN, one Server 2003 Enterprise running Exchange 2003 Enterprise.  It supports less than 5 users, 4 of whom connect directly to exchange and one remote user who gets mail via POP3.

The other day I got an e-mail from Time Warner telling me that Spamcop got a complaint about some spam that originated from my IP.  Of course I began the search.

I "think" what happened was that something I downloaded from a newsgroup was infected and started some trouble.  I have scanned my primary server and my backup member server and both are clean.  The data from the newsgroup is stored in an encrypted folder and is now closed so I'm thinking that "maybe" the virus can only run when the encrypted folder is open.  I only reced one e-mail from Time Warner and it only documented on problem e-mail.  Both servers look clean so far as I can tell, but I have several questions.

1.  Under my mail server in system manager, I have a queue.  What is that queue for and what is it's purpose?  Of course I understand that it handles outbound e-mail, but I am under the impression that no one can use it unless the user is authenticated.  I saw 35 queues in there and with only 5 users I didn't expect to see anything in the queue.  

2.  Under my SMTP virtual server, I see Current Sessions.  Why do I see connected sessions in there from places I don't expect to see connected sessions from?  Again, I am thinking that my Exchange server is set up so that only authenticated users can connect, yet I'm seeing some sessions I do not expect to see.

3.  Can I lock down my Exchange server so that ONLY authenticated users can connect and everyone else is blocked?  I thought I had it setup that way already but it seems not.

Anyway, I'm looking for some direction, pointers, etc on this issue.

Thanks

Cliff
0
Comment
Question by:crp0499
  • 2
4 Comments
 
LVL 32

Assisted Solution

by:r-k
r-k earned 200 total points
ID: 18831234
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18831724
You can't stop all connections to the server, only the relaying attempts. If you block anyone who doesn't authenticate then you will stop inbound email.

If you think you have an infection somewhere, then you need to find it. The quickest way to do that is to block port 25 on the firewall and stop the SMTP traffic on the Exchange server. If a machine on your network is sending messages out it will soon show in the firewall logs.

Simon.
0
 

Author Comment

by:crp0499
ID: 18840757
ok, fine.  I already knew i waasn't an open relay.  I've scanned both servers and no virus.  that leaves the pc in the office as the possible source of the infection but i havent checked it yet.

my question is WHAT are the messages in the queue?

I'm thinking that I have my server set to authenticated users only so the only thing I expect to see in the queue is mail my users have sent, all the same, I have the following in my queue:

erols.com - 10,000+ messages
charter.net - 11,000+
bellsouth.net - 26,000+

what are all these messages in my queue?
0
 
LVL 104

Accepted Solution

by:
Sembee earned 300 total points
ID: 18844165
If you have those sorts of numbers of messages then you are looking at one of three problems

- open relay
- NDR
- authenticated relaying.

Have you changed your administrator password recently? If not, then you should.

For cleaning up the queues, take a look at my spam cleanup article: http://www.amset.info/exchange/spam-cleanup.asp

Simon.
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
how to add IIS SMTP to handle application/Scanner relays into office 365.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now