Clear the Queues in Exchange

I noticed our exchange 2003 server queue has over 2000 names built up.  I think we had a spam attack and possibly someone spoofing.  We got identified by Baracuda as a spammer.  I found the email address causing the problem and put a block on the address in Exchange.  I'd like to clear out our queue to see if that took care of the problem.  How do I clear the queue out?

Thanks.
AllanHaleAsked:
Who is Participating?
 
tigermattCommented:
virii contain their own SMTP engines and do not attempt to locate SMTP servers on the network which they can relay using. This is what makes spam-type virii more effective.

As a precautionary measure, block outbound port 25 in your firewall for all devices except the Exchange Server. Then observe the firewall logs to ensure direct connections from specific PCs outbound are not being made.

You also want to triple-check that you have Recipient Filtering enabled: http://www.amset.info/exchange/filter-unknown.asp. At the bottom of that article, there is also a 'tarpitting' section; enable that and set the tarpit time to 5 / 10 seconds. If the emails are from external sources, that will ensure the SMTP sessions are dropped without the mail being accepted and then queued/NDRed, and will also prevent a future problem whereby an attacker may launch a brute-force attack of addresses on your server.

-Matt
0
 
tigermattCommented:

Simon has a very comprehensive article at http://www.amset.info/exchange/spam-cleanup.asp regarding cleaning up after a spam attack. The clever part is using an SMTP connector to group messages into one location prior to deleting the queued email.

Let me know if you have any further questions,

-Matt
0
 
AllanHaleAuthor Commented:
Hi,
I followed that link and did the steps in there.  It cleared up the problem for a couple of days.  Now it's happening again.  I have 2975 Names in the Queue.  If I double click on one of the domain names I see Sender as HERINQUEZ <soussoj@gmail.com>

It seems to be happening again but this time with a different sender.  I double check the previous link to make I did everything, but I believe I have.

Allan
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
AllanHaleAuthor Commented:
I'm now wondering if I have a virus somewhere in my network.  If I look at one of the HERINQUEZ emails I see the sender is always soussoj@gmail.com.  The recipient is email addresses not assiciated with our domain.  

We Sophos Pure Message and Enterprise Console.
0
 
ljkalCommented:
try this fix from a related article:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Q_23342741.html?sfQueryTermInfo=1+2003+clear+exchang+how+queue

Also, try dropping the timeout allowed for sending messages in the default SMTP server.  I dropped mine to 10 mins then they started spitting them back to the senders inbox and cleariung from the queue.
0
 
ljkalCommented:
Go to the Exchange System Manager - you server (whatever that may be), Protocols - Default SMTP server then drop your message timeout to 1 minute which will have the result of sending the emails back to the postmaster or legitimate sender.  Just watch out for the high amount of NRD's doesn't over stretch your Exchange!!!  When the queu has cleared rise the timeout level again.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.