Solved

Exchange 2000 SMTP queues filling up

Posted on 2009-05-14
3
483 Views
Last Modified: 2013-12-05
I have a exchange 2000 server that is getting ready to be migrated to 2007. Unfortunatley I am having a queue problem. The queue is showing thousands of emails pending to addresses at yahoo.com.tw. I delete the queues using aqadmcli.exe and the queue starts filling up again to thousands of addresses at yahoo.com.tw I have logging turned on and am currently scanning all the systems for viruses. Is there any way to find where these emails are comming from? I have checked relay and it is tuned off. I have the relay tab set to all except thre list below and allow all computers that authenticate checked. Any help would be apreciated.
0
Comment
Question by:joshrosen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 65

Expert Comment

by:Mestha
ID: 24390235
It will not be an internal system so do not waste your time with that. The server is being directly attacked - most likely an authenticated user attack.

ESM is also notorious for not showing the true extent of the queues. If you are cleaning the server up then cut it off from the internet so that no new email comes in.

http://www.amset.info/exchange/spam-cleanup.asp

Simon.
0
 

Author Comment

by:joshrosen
ID: 24390413
Simon I have discovered that all the emails are being sent from hinet.net. I have unchecked authenticated users on the relay tab and restarted all services but it is still hppening. I am not sure how to proceed. I am changing all user passwords right now.
0
 
LVL 65

Accepted Solution

by:
Mestha earned 500 total points
ID: 24394439
There are only three ways an Exchange server can be abused:

- open relay
- authenticated relay
- NDR spam.

The first two are easily dealt with by shutting off all relay settings and then restarting the SMTP Server service.

NDR spam (which would appear as postmaster@ emails in the queues) are impossible to stop with Exchange 2000 and it requires a third party tool to deal with them.

Simon.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
how to add IIS SMTP to handle application/Scanner relays into office 365.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question