Solved

Exchange 2007 SMTP abused overnight - Message queue's FILLED - how to safely clear?

Posted on 2009-04-04
3
599 Views
Last Modified: 2013-11-30
Stupid mistake, we power cycled the router on Friday night because it was acting up and lost a recent firewall change. Overnight our SMTP port was open and definitely got abused some. I fixed the firewall error but now I see in our Exchange queue there is TONS of email trying to still go out. I have 8500 queues and 200k+ messages. How can I clear this out safely without breaking anything? I see my edge transport service is going crazy on the RAM for the first time ever.
0
Comment
Question by:danielevans83
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 49

Accepted Solution

by:
Akhater earned 250 total points
ID: 24071250
if you don't mind loosing all emails, including legitimate ones, you can setup your smtp connector to use a fictitious relay host (say 10.10.10.10 or any non existing IP)  and restart you transport service

then in your queues you will see one HUGE queue right click and delete with NO NDR all of it
 
0
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 250 total points
ID: 24071860
If you don't mind dropping everything then this command will clear it:

remove-message -server "servername" -filter {FromAddress -like "*"} -withNDR $false

However I would ensure that external traffic is blocked so nothing new comes in.

The SMTP port being open shouldn't be a problem, it would be the configuration that is the issue. I presume that you have tightened the settings?

Simon.
0
 

Author Comment

by:danielevans83
ID: 24071960
Yeah, our SMTP was basically open relay when it needed to have only the IP of Google Message Security servers in there. That is fixed.
Unfortunately since I saw 200k+ emails in the queue, I just kept selecting 10k at a time and clicking "delete with no NDR".  It took about 4 hours but I didn't want our server to sit there retrying those all night. Thanks for the methods, I'll have to test them if we get abused again. :)
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
Suggested Courses
Course of the Month3 days, 21 hours left to enroll

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question