Solved

Exchange 2007 SMTP abused overnight - Message queue's FILLED - how to safely clear?

Posted on 2009-04-04
3
590 Views
Last Modified: 2013-11-30
Stupid mistake, we power cycled the router on Friday night because it was acting up and lost a recent firewall change. Overnight our SMTP port was open and definitely got abused some. I fixed the firewall error but now I see in our Exchange queue there is TONS of email trying to still go out. I have 8500 queues and 200k+ messages. How can I clear this out safely without breaking anything? I see my edge transport service is going crazy on the RAM for the first time ever.
0
Comment
Question by:danielevans83
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 49

Accepted Solution

by:
Akhater earned 250 total points
ID: 24071250
if you don't mind loosing all emails, including legitimate ones, you can setup your smtp connector to use a fictitious relay host (say 10.10.10.10 or any non existing IP)  and restart you transport service

then in your queues you will see one HUGE queue right click and delete with NO NDR all of it
 
0
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 250 total points
ID: 24071860
If you don't mind dropping everything then this command will clear it:

remove-message -server "servername" -filter {FromAddress -like "*"} -withNDR $false

However I would ensure that external traffic is blocked so nothing new comes in.

The SMTP port being open shouldn't be a problem, it would be the configuration that is the issue. I presume that you have tightened the settings?

Simon.
0
 

Author Comment

by:danielevans83
ID: 24071960
Yeah, our SMTP was basically open relay when it needed to have only the IP of Google Message Security servers in there. That is fixed.
Unfortunately since I saw 200k+ emails in the queue, I just kept selecting 10k at a time and clicking "delete with no NDR".  It took about 4 hours but I didn't want our server to sit there retrying those all night. Thanks for the methods, I'll have to test them if we get abused again. :)
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
When you’re making plans to join the modern business race, you should analyze various details that may affect your results. Nowadays, millions of businesses are trying to grow into established and appreciated professional enterprises.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question