Solved

Exchange 2007 SMTP abused overnight - Message queue's FILLED - how to safely clear?

Posted on 2009-04-04
3
575 Views
Last Modified: 2013-11-30
Stupid mistake, we power cycled the router on Friday night because it was acting up and lost a recent firewall change. Overnight our SMTP port was open and definitely got abused some. I fixed the firewall error but now I see in our Exchange queue there is TONS of email trying to still go out. I have 8500 queues and 200k+ messages. How can I clear this out safely without breaking anything? I see my edge transport service is going crazy on the RAM for the first time ever.
0
Comment
Question by:danielevans83
3 Comments
 
LVL 49

Accepted Solution

by:
Akhater earned 250 total points
ID: 24071250
if you don't mind loosing all emails, including legitimate ones, you can setup your smtp connector to use a fictitious relay host (say 10.10.10.10 or any non existing IP)  and restart you transport service

then in your queues you will see one HUGE queue right click and delete with NO NDR all of it
 
0
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 250 total points
ID: 24071860
If you don't mind dropping everything then this command will clear it:

remove-message -server "servername" -filter {FromAddress -like "*"} -withNDR $false

However I would ensure that external traffic is blocked so nothing new comes in.

The SMTP port being open shouldn't be a problem, it would be the configuration that is the issue. I presume that you have tightened the settings?

Simon.
0
 

Author Comment

by:danielevans83
ID: 24071960
Yeah, our SMTP was basically open relay when it needed to have only the IP of Google Message Security servers in there. That is fixed.
Unfortunately since I saw 200k+ emails in the queue, I just kept selecting 10k at a time and clicking "delete with no NDR".  It took about 4 hours but I didn't want our server to sit there retrying those all night. Thanks for the methods, I'll have to test them if we get abused again. :)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
how to add IIS SMTP to handle application/Scanner relays into office 365.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question