Solved

Exchange 2007 SMTP abused overnight - Message queue's FILLED - how to safely clear?

Posted on 2009-04-04
3
580 Views
Last Modified: 2013-11-30
Stupid mistake, we power cycled the router on Friday night because it was acting up and lost a recent firewall change. Overnight our SMTP port was open and definitely got abused some. I fixed the firewall error but now I see in our Exchange queue there is TONS of email trying to still go out. I have 8500 queues and 200k+ messages. How can I clear this out safely without breaking anything? I see my edge transport service is going crazy on the RAM for the first time ever.
0
Comment
Question by:danielevans83
3 Comments
 
LVL 49

Accepted Solution

by:
Akhater earned 250 total points
ID: 24071250
if you don't mind loosing all emails, including legitimate ones, you can setup your smtp connector to use a fictitious relay host (say 10.10.10.10 or any non existing IP)  and restart you transport service

then in your queues you will see one HUGE queue right click and delete with NO NDR all of it
 
0
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 250 total points
ID: 24071860
If you don't mind dropping everything then this command will clear it:

remove-message -server "servername" -filter {FromAddress -like "*"} -withNDR $false

However I would ensure that external traffic is blocked so nothing new comes in.

The SMTP port being open shouldn't be a problem, it would be the configuration that is the issue. I presume that you have tightened the settings?

Simon.
0
 

Author Comment

by:danielevans83
ID: 24071960
Yeah, our SMTP was basically open relay when it needed to have only the IP of Google Message Security servers in there. That is fixed.
Unfortunately since I saw 200k+ emails in the queue, I just kept selecting 10k at a time and clicking "delete with no NDR".  It took about 4 hours but I didn't want our server to sit there retrying those all night. Thanks for the methods, I'll have to test them if we get abused again. :)
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
how to add IIS SMTP to handle application/Scanner relays into office 365.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question