Solved

Exchange Queues - Default SMTP Virtual Server creating SmallBusiness SMTP connector on the fly

Posted on 2008-09-29
7
1,391 Views
Last Modified: 2012-06-21
I've read some great info on NDR Attacks and SPF, and am following through by taking measures to  close the door on spammers. However, there's something unusual happening to the Exchange Server Queue.  Weird Default queues are appearing in the Exchange Server Queues view. I'm not sure what's causing them or how to delete them. My options are to right-click on the "Name", where the popup menu list is "Find messages...";  "Unfreeze", "Freeze", "Force Connection". I "Freeze" the newly created queue as soon as it appears, but how do I get rid of it? Better yet, how do I prevent it? Some of them are holding messages. So far today, 74 new Default queues have been created and I want to get rid of them.
Example:
Name: SmallBusiness SMTP connector - gmail.com (SMTP Connector)
Protocol: SMTP
Source: Default SMTP Virtual Server
State: Frozen (it's the only way I currently know of 'stopping' it)
 
Server platform is Small Business Server 2003 Std Ed. Exhange Server is v6.5.7638.1

Exchange System Manager > Server > Queues
0
Comment
Question by:gas_bugs
  • 4
  • 2
7 Comments
 
LVL 12

Expert Comment

by:bhnmi
Comment Utility
What are the names of the queues? Are they legit email domain names?
0
 
LVL 5

Assisted Solution

by:NutrientMS
NutrientMS earned 250 total points
Comment Utility
Queue viewer will show a queue for each domain name that it is sending to / has sent to recently and will on it's own, remove the queue names once empty after a short period of time.
If you double click on the queue it will show you the messages it contains and the user that sent the email or if it was administrator sending an NDR.
What you really need to check is do you have a SPAM filter that does sender address verification?  What i think will be going on here is:
Spammer  says his emai address is user@gmail.com
He sends an email to abcdefg@yourdomain.com
This doesn't exist so your exchange server sends an email to user@gmail.com saying "get your address right" or words similar to that effect ;)
Sender Address Verification check to make sure that he really IS user@gmail.com before letting his email through to your domain.
After our blacklist check which blocks 86% of all our inbound emails, SAV blocks and additional 1.86% which is a huge amount from about 1.5 million emails per month.
0
 

Author Comment

by:gas_bugs
Comment Utility
We don't have spam filtering software installed. Our ISP is providing some filtering capabilities, but not to the extent of GFI. GFI is on my "wish list." The Queueing issues we're experiencing may justify purchasing GFI.

Some of the queues are nonexistent domains, ie handfastdozen.net  This morning, all the queues I froze yesterday are gone. Some are re-appearing - handfastdozen.net, kamilafinancialbusinessinformation.com, laspalmaspublishing.com, tigeronline.com. I need to block these sites. When these self-created queues finish sending messages, their "State changes to "Ready". When they queue messages, their "State changes to "Retry" until the queue is cleared, but the self-created queue doesn't delete itself.  We're getting queue warnings:
Application Events:
Source: MSExchangeTransport
Category: SMTP Protocol
Event ID: 7002

One MSExchangeTransport - EventID 7002 - stated we've been blacklisted.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 12

Assisted Solution

by:bhnmi
bhnmi earned 250 total points
Comment Utility
Enter your mail servers hostname in here and paste the results.

http://www.mxtoolbox.com/diagnostic.aspx
0
 

Accepted Solution

by:
gas_bugs earned 0 total points
Comment Utility
bhnmi - nice tool, Thanks.
Results:
Blacklist Name   Status Reason TTL Response Time (ms)
AHBL  OK   0 47
BGISOCBL  OK   0 234
CASA-CBL  OK   0 94
CASA-CBL+  OK   0 94
CASA-CDL  OK   0 78
CBL  OK   0 78
CLUECENTRAL  OK   0 156
CYBERLOGIC  OK   0 188
DEADBEEF  OK   0 203
DNSBLINFO  OK   0 219
DNSBLNETAUOHPS  OK   0 328
DNSBLNETAUOMRS  OK   0 422
DNSBLNETAUOSPS  OK   0 422
DNSBLNETAUOSRS  OK   0 406
DNSBLNETAUOWFS  OK   0 406
DNSBLNETAUOWPS  OK   0 406
DNSBLNETAURDTS  OK   0 391
DNSBLNETAURICN  OK   0 391
DNSBLNETAURMST  OK   0 375
DNSBLNETAUT1  OK   0 375
DSBL  OK   0 4172
DSBLALL  OK   0 4156
DSBLMULTI  OK   0 1922
DUINV  OK   0 1906
DULRU  OK   0 1906
EMAILBASURA  OK   0 1891
FABELSOURCES  OK   0 1875
FIVETENFREE  OK   0 1875
FIVETENIGNORE  OK   0 1906
FIVETENKLEZ  OK   0 2000
FIVETENMULTI  OK   0 1969
FIVETENOPTIN  OK   0 1953
FIVETENOTHER  OK   0 1969
FIVETENSINGLE  OK   0 1953
FIVETENSRC  OK   0 1953
FIVETENTCPA  OK   0 1938
FIVETENWEBFORM  OK   0 1938
GIRL  OK   0 1922
GRIP  OK   0 1922
HIL  OK   0 1906
HIL  OK   0 1906
ICMFORBIDDEN  OK   0 2219
INTERSIL  OK   0 2703
ivmSIP  OK   0 2688
ivmSIP/24  OK   0 2688
JAMMDNSBL  OK   0 2672
KEMPTBL  OK   0 2672
KUNDENSERVER  OK   0 2656
LASHBACK  OK   0 2656
LNSGBLOCK  OK   0 2656
LNSGBULK  OK   0 2641
LNSGDUL  OK   0 2641
LNSGMULTI  OK   0 2609
LNSGOR  OK   0 2594
LNSGSRC  OK   0 2578
MSRBL-Combined  OK   0 2562
MSRBL-Images  OK   0 2562
MSRBL-Phising  OK   0 2547
MSRBL-Spam  OK   0 2547
MSRBL-Viruses  OK   0 2531
NERD  OK   0 4766
NETHERRELAYS  OK   0 2641
NETHERUNSURE  OK   0 2625
NJABL  OK   0 2641
NJABLDUL  OK   0 2625
NJABLFORMMAIL  OK   0 2984
NJABLMULTI  OK   0 2984
NJABLPROXIES  OK   0 2969
NJABLSOURCES  OK   0 2969
NLKUNBLACKLIST  OK   0 2953
NLKUNWHITELIST  OK   0 2953
NOFALSEPOSITIVE  OK   0 2938
NOMOREFUNN  OK   0 2938
ORID  OK   0 2922
ORVEDB  OK   0 2922
OSPAM  OK   0 2906
PDL  OK   0 2906
PSBL  OK   0 2891
RANGERSBL  OK   0 2875
RATS-Dyna  OK   0 2859
RATS-NoPtr  OK   0 2844
RATS-Spam  OK   0 2828
REDHAWK  OK   0 2828
RRBL  OK   0 2812
RSBL  OK   0 2797
SATOS  OK   0 2797
SCHULTE  OK   0 2781
SDERB  OK   0 2781
SENDERBASE  OK   0 2781
SERVICESNET  OK   0 2766
SNARK  OK   0 2766
SOLID  OK   0 2750
SORBS-BLOCK  OK   0 2750
SORBS-DUHL  OK   0 2734
SORBS-HTTP  OK   0 2734
SORBS-MISC  OK   0 2719
SORBS-SMTP  OK   0 2719
SORBS-SOCKS  OK   0 2703
SORBS-SPAM  OK   0 2703
SORBS-WEB  OK   0 2688
SORBS-ZOMBIE  OK   0 2688
SPAMBAG  OK   0 2672
SPAMCANNIBAL  OK   0 2672
SPAMCOP  OK   0 2672
Spamhaus-ZEN  OK   0 2656
SPAMRBL  OK   0 2641
SPAMSOURCES  OK   0 2641
SPEWS1  OK   0 2641
SPEWS2  OK   0 2625
TECHNOVISION  OK   0 2625
TRIUMF  OK   0 3109
UCEPROTECTL1  OK   0 3094
UCEPROTECTL2  OK   0 3094
UCEPROTECTL3  OK   0 3078
US  OK   0 3078
VIRBL  OK   0 3062
WPBL  OK   0 3062
WSFF  OK   0 3047
WYTNIJ  OK   0 3047
ZONEEDIT  OK   0 3031
CSMA  TIMEOUT Return codes were: ERROR, Reponse code=2  0 0
HILLI  TIMEOUT   0 0
INFORMATIONWAVE  TIMEOUT   0 0
NJABLDYNA  TIMEOUT   0 0
TQMCUBE  TIMEOUT   0 0
 
ALSO, I checked Application Log and found the following Events:

Event Type:      Information
Event Source:      MSExchangeIS Public Store
Event Category:      General
Event ID:      1216
Date:            10/1/2008
Time:            8:23:10 AM
User:            N/A
Computer:      SERVER
Description:
The Exchange store 'First Storage Group\Public Folder Store (SERVER)' is limited to 18 GB. The current physical size of this database (the .edb file and the .stm file) is 9 GB. If the physical size of this database minus its logical free space exceeds the limit of 18 GB, the database will be dismounted on a regular basis.
==================================================
Next Event:
Event Type:      Information
Event Source:      MSExchangeIS Mailbox Store
Event Category:      General
Event ID:      1216
Date:            10/1/2008
Time:            8:23:10 AM
User:            N/A
Computer:      SERVER
Description:
The Exchange store 'First Storage Group\Mailbox Store (SERVER)' is limited to 18 GB. The current physical size of this database (the .edb file and the .stm file) is 21 GB. If the physical size of this database minus its logical free space exceeds the limit of 18 GB, the database will be dismounted on a regular basis.
===============================================
Next Event:
Event Type:      Warning
Event Source:      MSExchangeIS Mailbox Store
Event Category:      General
Event ID:      9685
Date:            10/1/2008
Time:            8:23:10 AM
User:            N/A
Computer:      SERVER
Description:
Exchange store 'First Storage Group\Mailbox Store (SERVER)': The current physical size of this database (the .edb file and the .stm file) is 21 GB. This database has exceeded the size limit of 18 GB. However, the logical free space in this database has not yet been evaluated. Therefore, it is possible that this database contains enough free space to bring its logical size below the maximum size limit.

If the logical database size exceeds the maximum size limit, it will be dismounted on a regular basis.
=====================================================
SOLUTION: Emailed all users with instructions to
1. Archive all emails older than 90 days;
2. delete "Sent Items" that weren't needed for business purposes;
3. empty "Deleted Items" folder;
4. Reduce mailbox size to a total of 1,000 items.
5. Restarted "IIS Admin Services
Result: freed up 6GB+ on the Exchange Server. It seems to be running OK with just the normal queues showing up, nothing unusual.

If this doesn't solve the problem, I'll repost. Thanks for the help.



0
 

Author Comment

by:gas_bugs
Comment Utility
Issue seems to be resolved at this point
0
 

Author Comment

by:gas_bugs
Comment Utility
none
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now