?
Solved

Exchange Server 2003 connections

Posted on 2007-03-31
4
Medium Priority
?
187 Views
Last Modified: 2010-04-18
Here's the environ:

Small LAN, one Server 2003 Enterprise running Exchange 2003 Enterprise.  It supports less than 5 users, 4 of whom connect directly to exchange and one remote user who gets mail via POP3.

The other day I got an e-mail from Time Warner telling me that Spamcop got a complaint about some spam that originated from my IP.  Of course I began the search.

I "think" what happened was that something I downloaded from a newsgroup was infected and started some trouble.  I have scanned my primary server and my backup member server and both are clean.  The data from the newsgroup is stored in an encrypted folder and is now closed so I'm thinking that "maybe" the virus can only run when the encrypted folder is open.  I only reced one e-mail from Time Warner and it only documented on problem e-mail.  Both servers look clean so far as I can tell, but I have several questions.

1.  Under my mail server in system manager, I have a queue.  What is that queue for and what is it's purpose?  Of course I understand that it handles outbound e-mail, but I am under the impression that no one can use it unless the user is authenticated.  I saw 35 queues in there and with only 5 users I didn't expect to see anything in the queue.  

2.  Under my SMTP virtual server, I see Current Sessions.  Why do I see connected sessions in there from places I don't expect to see connected sessions from?  Again, I am thinking that my Exchange server is set up so that only authenticated users can connect, yet I'm seeing some sessions I do not expect to see.

3.  Can I lock down my Exchange server so that ONLY authenticated users can connect and everyone else is blocked?  I thought I had it setup that way already but it seems not.

Anyway, I'm looking for some direction, pointers, etc on this issue.

Thanks

Cliff
0
Comment
Question by:crp0499
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 32

Assisted Solution

by:r-k
r-k earned 800 total points
ID: 18831234
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18831724
You can't stop all connections to the server, only the relaying attempts. If you block anyone who doesn't authenticate then you will stop inbound email.

If you think you have an infection somewhere, then you need to find it. The quickest way to do that is to block port 25 on the firewall and stop the SMTP traffic on the Exchange server. If a machine on your network is sending messages out it will soon show in the firewall logs.

Simon.
0
 

Author Comment

by:crp0499
ID: 18840757
ok, fine.  I already knew i waasn't an open relay.  I've scanned both servers and no virus.  that leaves the pc in the office as the possible source of the infection but i havent checked it yet.

my question is WHAT are the messages in the queue?

I'm thinking that I have my server set to authenticated users only so the only thing I expect to see in the queue is mail my users have sent, all the same, I have the following in my queue:

erols.com - 10,000+ messages
charter.net - 11,000+
bellsouth.net - 26,000+

what are all these messages in my queue?
0
 
LVL 104

Accepted Solution

by:
Sembee earned 1200 total points
ID: 18844165
If you have those sorts of numbers of messages then you are looking at one of three problems

- open relay
- NDR
- authenticated relaying.

Have you changed your administrator password recently? If not, then you should.

For cleaning up the queues, take a look at my spam cleanup article: http://www.amset.info/exchange/spam-cleanup.asp

Simon.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses
Course of the Month9 days, 22 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question