Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Exchange 2000 SMTP queues filling up

Posted on 2009-05-14
3
480 Views
Last Modified: 2013-12-05
I have a exchange 2000 server that is getting ready to be migrated to 2007. Unfortunatley I am having a queue problem. The queue is showing thousands of emails pending to addresses at yahoo.com.tw. I delete the queues using aqadmcli.exe and the queue starts filling up again to thousands of addresses at yahoo.com.tw I have logging turned on and am currently scanning all the systems for viruses. Is there any way to find where these emails are comming from? I have checked relay and it is tuned off. I have the relay tab set to all except thre list below and allow all computers that authenticate checked. Any help would be apreciated.
0
Comment
Question by:joshrosen
  • 2
3 Comments
 
LVL 65

Expert Comment

by:Mestha
ID: 24390235
It will not be an internal system so do not waste your time with that. The server is being directly attacked - most likely an authenticated user attack.

ESM is also notorious for not showing the true extent of the queues. If you are cleaning the server up then cut it off from the internet so that no new email comes in.

http://www.amset.info/exchange/spam-cleanup.asp

Simon.
0
 

Author Comment

by:joshrosen
ID: 24390413
Simon I have discovered that all the emails are being sent from hinet.net. I have unchecked authenticated users on the relay tab and restarted all services but it is still hppening. I am not sure how to proceed. I am changing all user passwords right now.
0
 
LVL 65

Accepted Solution

by:
Mestha earned 500 total points
ID: 24394439
There are only three ways an Exchange server can be abused:

- open relay
- authenticated relay
- NDR spam.

The first two are easily dealt with by shutting off all relay settings and then restarting the SMTP Server service.

NDR spam (which would appear as postmaster@ emails in the queues) are impossible to stop with Exchange 2000 and it requires a third party tool to deal with them.

Simon.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
In-place Upgrading Dirsync to Azure AD Connect
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question