Solved

exchange not delivery all emails - MSExchangeTransport

Posted on 2009-04-14
14
324 Views
Last Modified: 2012-05-06
Hi
I am having a problem where some of my accounts are not reciving email,
and some are reviving email very sporadically.
I am getting a lot of MSExchangeTransport errors in event viewer.
event id 3018, 7004.
I saw a previus artivle about filtering but this seems to be setup fine.
I was getting mail fine myself, but now my account is getting none(however i have differnt domain for my mail, i.e second domain added to reciepeint poilicies).
Thanks
Stephen


Would this b
0
Comment
Question by:cstephen100
  • 7
  • 6
14 Comments
 
LVL 8

Assisted Solution

by:greesh_hem
greesh_hem earned 50 total points
Comment Utility
This is one of two things.

1. DNS problems.
2. Spam.

If the emails are not ones that you normally would expect to go through your server and you have significant amounts of messages in the queues then spam attack is the likely cause.

If your queues are clear or have very small numbers of messages then it could be DNS.
Verify that you have internal DNS servers listed in the DNS configuration on the Exchange server - they should be pointed at the domain controllers only.
You may then need to configure forwarders on your DNS Server configuration on the domain controllers to use your ISPs DNS servers.
0
 

Author Comment

by:cstephen100
Comment Utility

Hi,
  I looked at the queues in esm,  and there is literrally 2699 entries in here, most of these are for domains ending in .tw,
i.e  1111.com.tw,  123.job.tw etc... (i have attached image to show you what i mean)
this to me doesnt look to good :-(.,
Is this a spam attack or related?
how do i go about stopping this?
hope you can help here..
thanks
Stephen

queses.JPG
0
 
LVL 65

Accepted Solution

by:
Mestha earned 450 total points
Comment Utility
Your server is being abused.
You should not have those numbers of messages in there. You need to find out how and then close the hole.

Start with my spam cleanup article: http://www.amset.info/exchange/spam-cleanup.asp

Basically it is either an open relay, authenticated relay or NDR attack.

Simon.
0
 

Author Comment

by:cstephen100
Comment Utility

thanks for replies,
i followed guides above thanks,
however,
the smtp virtual connector is very slow starting, i mean esm is running but not responding for 4hrs approx, is this normal?
thanks
stephen
0
 
LVL 65

Expert Comment

by:Mestha
Comment Utility
If the server is being abused then that is not unusual.
ESM is notorious for struggling to show the true extent of the queues after the server has been abused.

Simon.
0
 

Author Comment

by:cstephen100
Comment Utility
cheers,
what i meant to ask you, is should i let it start normally, or is there other way?
if i have to wait thats fine.
thanks
stephen
0
 
LVL 65

Expert Comment

by:Mestha
Comment Utility
You will need to wait, things will be very sluggish as the server is probably trying to process many 1000s of messages.

Hopefully you have blocked port 25 on your firewall so that new messages do not continue to come in.

Simon.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:cstephen100
Comment Utility
hi guys,
i went though steps on above links, and everything seems to be set so server is not relay server,
however,
my server still seems to be targetted by the spammers, also when a delete queues i have loads of empty queses as shown in picture.
  Maybe i should open seperate question for this?  but bascially is there more i have to do to stop server been used for spam,
Also the no external domains are reciving emails even though it looks like there sent?
thanks
stephen

0
 

Author Comment

by:cstephen100
Comment Utility
i feel i should award points here and open new question for new issues?
0
 
LVL 65

Expert Comment

by:Mestha
Comment Utility
If the queues are empty, then that is fine. It takes Exchange a while to remove the empty queues from the list. What you need to watch for is messages in the queues.

Simon.
0
 

Author Comment

by:cstephen100
Comment Utility
there seems to be messages going into the queses again :-(,
and external domains dont seem to be recieving mails, plus I checked www.dnsstuff.com and it told me my domain is blacklisted,
doesnt sound good,
thanks for help Simon
Im under a bit of pressure with it,
cheers again
Stephen
0
 
LVL 65

Expert Comment

by:Mestha
Comment Utility
Domains do not get blacklisted, hosts do.
You now have two quesitons running, which means there will be some duplication. As I wrote in the other question - you need to close port 25 to ensure that no new emails are coming in.

Simon.
0
 

Author Comment

by:cstephen100
Comment Utility

Hi simon,
I woke this morning and was pleasently suprised to see that the queses had reduced,
and email seems to be working fine, i am being pestered a bit about missing mails from yesterday but ill get over that :-).
Thanks ever so much!
Stephen

P.s:  on a note, they need to get decent AV for sever and mail server, Is there any you would recommend? i noticed avast does 30 day trial.
thanks again
Stephen

0
 
LVL 65

Expert Comment

by:Mestha
Comment Utility
AV - you pays your money and takes your choice. I usually suggest either Forefront or GFI Mail Security. Both have multiple engines. You want something different to what is on your workstations.

The messages would go over time on their own, as they time out after 48 hours. However that wouldn't stop your server from being blacklisted.

Simon.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now