Solved

Exchange Server 2003 connections

Posted on 2007-03-31
4
177 Views
Last Modified: 2010-04-18
Here's the environ:

Small LAN, one Server 2003 Enterprise running Exchange 2003 Enterprise.  It supports less than 5 users, 4 of whom connect directly to exchange and one remote user who gets mail via POP3.

The other day I got an e-mail from Time Warner telling me that Spamcop got a complaint about some spam that originated from my IP.  Of course I began the search.

I "think" what happened was that something I downloaded from a newsgroup was infected and started some trouble.  I have scanned my primary server and my backup member server and both are clean.  The data from the newsgroup is stored in an encrypted folder and is now closed so I'm thinking that "maybe" the virus can only run when the encrypted folder is open.  I only reced one e-mail from Time Warner and it only documented on problem e-mail.  Both servers look clean so far as I can tell, but I have several questions.

1.  Under my mail server in system manager, I have a queue.  What is that queue for and what is it's purpose?  Of course I understand that it handles outbound e-mail, but I am under the impression that no one can use it unless the user is authenticated.  I saw 35 queues in there and with only 5 users I didn't expect to see anything in the queue.  

2.  Under my SMTP virtual server, I see Current Sessions.  Why do I see connected sessions in there from places I don't expect to see connected sessions from?  Again, I am thinking that my Exchange server is set up so that only authenticated users can connect, yet I'm seeing some sessions I do not expect to see.

3.  Can I lock down my Exchange server so that ONLY authenticated users can connect and everyone else is blocked?  I thought I had it setup that way already but it seems not.

Anyway, I'm looking for some direction, pointers, etc on this issue.

Thanks

Cliff
0
Comment
Question by:crp0499
  • 2
4 Comments
 
LVL 32

Assisted Solution

by:r-k
r-k earned 200 total points
ID: 18831234
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18831724
You can't stop all connections to the server, only the relaying attempts. If you block anyone who doesn't authenticate then you will stop inbound email.

If you think you have an infection somewhere, then you need to find it. The quickest way to do that is to block port 25 on the firewall and stop the SMTP traffic on the Exchange server. If a machine on your network is sending messages out it will soon show in the firewall logs.

Simon.
0
 

Author Comment

by:crp0499
ID: 18840757
ok, fine.  I already knew i waasn't an open relay.  I've scanned both servers and no virus.  that leaves the pc in the office as the possible source of the infection but i havent checked it yet.

my question is WHAT are the messages in the queue?

I'm thinking that I have my server set to authenticated users only so the only thing I expect to see in the queue is mail my users have sent, all the same, I have the following in my queue:

erols.com - 10,000+ messages
charter.net - 11,000+
bellsouth.net - 26,000+

what are all these messages in my queue?
0
 
LVL 104

Accepted Solution

by:
Sembee earned 300 total points
ID: 18844165
If you have those sorts of numbers of messages then you are looking at one of three problems

- open relay
- NDR
- authenticated relaying.

Have you changed your administrator password recently? If not, then you should.

For cleaning up the queues, take a look at my spam cleanup article: http://www.amset.info/exchange/spam-cleanup.asp

Simon.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now