Exchange 2000 SMTP queues filling up

I have a exchange 2000 server that is getting ready to be migrated to 2007. Unfortunatley I am having a queue problem. The queue is showing thousands of emails pending to addresses at yahoo.com.tw. I delete the queues using aqadmcli.exe and the queue starts filling up again to thousands of addresses at yahoo.com.tw I have logging turned on and am currently scanning all the systems for viruses. Is there any way to find where these emails are comming from? I have checked relay and it is tuned off. I have the relay tab set to all except thre list below and allow all computers that authenticate checked. Any help would be apreciated.
joshrosenAsked:
Who is Participating?
 
MesthaConnect With a Mentor Commented:
There are only three ways an Exchange server can be abused:

- open relay
- authenticated relay
- NDR spam.

The first two are easily dealt with by shutting off all relay settings and then restarting the SMTP Server service.

NDR spam (which would appear as postmaster@ emails in the queues) are impossible to stop with Exchange 2000 and it requires a third party tool to deal with them.

Simon.
0
 
MesthaCommented:
It will not be an internal system so do not waste your time with that. The server is being directly attacked - most likely an authenticated user attack.

ESM is also notorious for not showing the true extent of the queues. If you are cleaning the server up then cut it off from the internet so that no new email comes in.

http://www.amset.info/exchange/spam-cleanup.asp

Simon.
0
 
joshrosenAuthor Commented:
Simon I have discovered that all the emails are being sent from hinet.net. I have unchecked authenticated users on the relay tab and restarted all services but it is still hppening. I am not sure how to proceed. I am changing all user passwords right now.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.