Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2000 SMTP queues filling up

Posted on 2009-05-14
3
Medium Priority
?
484 Views
Last Modified: 2013-12-05
I have a exchange 2000 server that is getting ready to be migrated to 2007. Unfortunatley I am having a queue problem. The queue is showing thousands of emails pending to addresses at yahoo.com.tw. I delete the queues using aqadmcli.exe and the queue starts filling up again to thousands of addresses at yahoo.com.tw I have logging turned on and am currently scanning all the systems for viruses. Is there any way to find where these emails are comming from? I have checked relay and it is tuned off. I have the relay tab set to all except thre list below and allow all computers that authenticate checked. Any help would be apreciated.
0
Comment
Question by:joshrosen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 65

Expert Comment

by:Mestha
ID: 24390235
It will not be an internal system so do not waste your time with that. The server is being directly attacked - most likely an authenticated user attack.

ESM is also notorious for not showing the true extent of the queues. If you are cleaning the server up then cut it off from the internet so that no new email comes in.

http://www.amset.info/exchange/spam-cleanup.asp

Simon.
0
 

Author Comment

by:joshrosen
ID: 24390413
Simon I have discovered that all the emails are being sent from hinet.net. I have unchecked authenticated users on the relay tab and restarted all services but it is still hppening. I am not sure how to proceed. I am changing all user passwords right now.
0
 
LVL 65

Accepted Solution

by:
Mestha earned 2000 total points
ID: 24394439
There are only three ways an Exchange server can be abused:

- open relay
- authenticated relay
- NDR spam.

The first two are easily dealt with by shutting off all relay settings and then restarting the SMTP Server service.

NDR spam (which would appear as postmaster@ emails in the queues) are impossible to stop with Exchange 2000 and it requires a third party tool to deal with them.

Simon.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question