Solved

Exchange 2000 SMTP queues filling up

Posted on 2009-05-14
3
472 Views
Last Modified: 2013-12-05
I have a exchange 2000 server that is getting ready to be migrated to 2007. Unfortunatley I am having a queue problem. The queue is showing thousands of emails pending to addresses at yahoo.com.tw. I delete the queues using aqadmcli.exe and the queue starts filling up again to thousands of addresses at yahoo.com.tw I have logging turned on and am currently scanning all the systems for viruses. Is there any way to find where these emails are comming from? I have checked relay and it is tuned off. I have the relay tab set to all except thre list below and allow all computers that authenticate checked. Any help would be apreciated.
0
Comment
Question by:joshrosen
  • 2
3 Comments
 
LVL 65

Expert Comment

by:Mestha
Comment Utility
It will not be an internal system so do not waste your time with that. The server is being directly attacked - most likely an authenticated user attack.

ESM is also notorious for not showing the true extent of the queues. If you are cleaning the server up then cut it off from the internet so that no new email comes in.

http://www.amset.info/exchange/spam-cleanup.asp

Simon.
0
 

Author Comment

by:joshrosen
Comment Utility
Simon I have discovered that all the emails are being sent from hinet.net. I have unchecked authenticated users on the relay tab and restarted all services but it is still hppening. I am not sure how to proceed. I am changing all user passwords right now.
0
 
LVL 65

Accepted Solution

by:
Mestha earned 500 total points
Comment Utility
There are only three ways an Exchange server can be abused:

- open relay
- authenticated relay
- NDR spam.

The first two are easily dealt with by shutting off all relay settings and then restarting the SMTP Server service.

NDR spam (which would appear as postmaster@ emails in the queues) are impossible to stop with Exchange 2000 and it requires a third party tool to deal with them.

Simon.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now