Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Exchange Server 2003 connections

Posted on 2007-03-31
4
178 Views
Last Modified: 2010-04-18
Here's the environ:

Small LAN, one Server 2003 Enterprise running Exchange 2003 Enterprise.  It supports less than 5 users, 4 of whom connect directly to exchange and one remote user who gets mail via POP3.

The other day I got an e-mail from Time Warner telling me that Spamcop got a complaint about some spam that originated from my IP.  Of course I began the search.

I "think" what happened was that something I downloaded from a newsgroup was infected and started some trouble.  I have scanned my primary server and my backup member server and both are clean.  The data from the newsgroup is stored in an encrypted folder and is now closed so I'm thinking that "maybe" the virus can only run when the encrypted folder is open.  I only reced one e-mail from Time Warner and it only documented on problem e-mail.  Both servers look clean so far as I can tell, but I have several questions.

1.  Under my mail server in system manager, I have a queue.  What is that queue for and what is it's purpose?  Of course I understand that it handles outbound e-mail, but I am under the impression that no one can use it unless the user is authenticated.  I saw 35 queues in there and with only 5 users I didn't expect to see anything in the queue.  

2.  Under my SMTP virtual server, I see Current Sessions.  Why do I see connected sessions in there from places I don't expect to see connected sessions from?  Again, I am thinking that my Exchange server is set up so that only authenticated users can connect, yet I'm seeing some sessions I do not expect to see.

3.  Can I lock down my Exchange server so that ONLY authenticated users can connect and everyone else is blocked?  I thought I had it setup that way already but it seems not.

Anyway, I'm looking for some direction, pointers, etc on this issue.

Thanks

Cliff
0
Comment
Question by:crp0499
  • 2
4 Comments
 
LVL 32

Assisted Solution

by:r-k
r-k earned 200 total points
ID: 18831234
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18831724
You can't stop all connections to the server, only the relaying attempts. If you block anyone who doesn't authenticate then you will stop inbound email.

If you think you have an infection somewhere, then you need to find it. The quickest way to do that is to block port 25 on the firewall and stop the SMTP traffic on the Exchange server. If a machine on your network is sending messages out it will soon show in the firewall logs.

Simon.
0
 

Author Comment

by:crp0499
ID: 18840757
ok, fine.  I already knew i waasn't an open relay.  I've scanned both servers and no virus.  that leaves the pc in the office as the possible source of the infection but i havent checked it yet.

my question is WHAT are the messages in the queue?

I'm thinking that I have my server set to authenticated users only so the only thing I expect to see in the queue is mail my users have sent, all the same, I have the following in my queue:

erols.com - 10,000+ messages
charter.net - 11,000+
bellsouth.net - 26,000+

what are all these messages in my queue?
0
 
LVL 104

Accepted Solution

by:
Sembee earned 300 total points
ID: 18844165
If you have those sorts of numbers of messages then you are looking at one of three problems

- open relay
- NDR
- authenticated relaying.

Have you changed your administrator password recently? If not, then you should.

For cleaning up the queues, take a look at my spam cleanup article: http://www.amset.info/exchange/spam-cleanup.asp

Simon.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question