Email are qeueing up in huge amount in my Exchange server 2003 Ent SP2 - Plz Helpppp!!!!!

Please have a read of my Article.  Sounds like you are either an open relay or an authenticated relay.

https://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/Why-are-my-outbound-queues-filling-up-with-mail-I-didn't-send.html

thanx for the link i am reading it still....but what about the legitimate user emails which are in qeue now? will they remain stuck there?

i, for now, have manually deleted hundereds of qeued email of "postmaster@mydomain.com" in the hope of releasing the already stuck emails while still reading the articles you mentioned above and trying to make sense out of the whole situation...

thanx...

did i do right ?

You may suffer some casulaties unless you create a new connector and set that to something like [99.99.99.99] as a smarthost and set the address space to include those random domains, which will be a pain to add all of them.
Also, if you are sending out spam, you are probably blacklisted, so legitimate mail may also get stopped because of that.
Have you got 127.0.0.1 allowed as a relay IP on the SMTP Virtual Server - if so delete it.

we had Antivirus server issue for last 6 months ...do u think exposure to viruses for this much time may also have caused spams to increase ?

smtp:mail.psu.edu.sa                smtp    
421 queue is full


 Not an open relay.
 0 seconds - Good on Connection time
 0 seconds - Good on Transaction time
 OK - 83.101.139.135 resolves to
 Warning - Reverse DNS does not match SMTP Banner

What about this Warning ...................Reverse DNS does not match SMTP Banner

I doubt your Anti-Virus issues would cause this problem, but it cannot be ruled out.  Most spam comes from either open relays, authenticated relays or a compromised machine, but compromised machines seldom use an Exchange server to send their payload as most viruses use their own SMTP engine.
The Reverse DNS is a problem, but not one causing your spam.
Call your ISP and ask them to set this up properly to match your mailserver name e.g., mail.yourdomain.com.

I have checked www.mxtoolbox.com for my smtp address and ran "diagnostics" as well as "blacklist" and the report is all ok  now......

how can i know if my domain is blacklisted ?

If you have run the Blacklist check on MXToolbox and it comes up blank, then that would be good enough for me.  It can take a while to hit the blacklists, but if you have left sufficient time and nothing is registered, then you should be fine.
Who is the sender of the mail that is queueing?

I have setup diagnostic logging ............... lets see the result .....

shall i add my smtp domain ip or FQDN in the "Sender Filtering" ... ?

The sender filtering will only stop inbound mail claiming to come from yourselves.  If that is where it is coming from, then that should help.

Hi,

What about "Block List Service Configuration"  inside "Messege Delivery Properties"  ?

I already have RBL ordb.org under the "rule" with "yes" ... is that of any help ?

One more thing ....

is the following because of too much spam?

Under "Administrative Groups" > "First Administrative Group" > "Servers" > "My Server" > Right Click > Properties > General > I have enabled the option "message tracking"  and it's making my Hdd run out of space very fast. Before it was not like this. shall i uncheck it ?  

ok So i put the delete tracking messeges older then 7 days and now my HDD is fine...

My Antispam brightmail gateway is filling up with mail from "Mailer-Daemon" and when i delete them all from my Symantec Brightmail Antispam Appliance then all my emails start moving again....

Why Mail-Daemon email is coming in huge numbers ?

Souds like you are being targetted by someone.

today i recieved 3000 spam mail in my antispam....

From "Mail-Daemon"
To     "starlightoD@pressdisplay.com"

So i put the "starlightoD@pressdisplay.com"  in "Recipient Sender" list

Download and install a trial of Vamsoft ORF - www.vamsoft.com and configure it to stop all spam, but then set it to trial mode - it won't filter anything and this should allow you to see where the mail from mailer-daemon is coming from and work out what to do next to stop it.
The trial for Vamsoft will work for 30 days.

I installed vamsoft ORF and checked and well there are lots and lots of spam coming to my exchange ...but then again how do i possibly stop so many numbers domains from where spam is coming ? it seems like a huge manual task ....

now that i can see so many domains ....what would be the most effective way to block it ?

The most efective way is to enable Vamsoft to block the spam. 92% of all email hitting my server is rejected as spam and I only get about 4 spam a month now compared to 4-5 a week with my previous software.
It is not necessarily the sending domains that are arriving (they are probably spoofed), but the IP addresses.  You can configure Vamsoft to check the Barracuda Block List which is very effective and this will kill a lot of spam.  Also configuring the Greylisting will knock most on its head.
For $239 - Vamsoft is an incredible product, worth much more than the asking price.

my company just now purchased Trend Micro Antivirus solution and along came with it Scanmail which also has lots of Antispam, content filtering, web reputation and other features..

So now i have Symantec Antispam hardware appliance, vamsoft trial version for now and scanmail from trendmicro to be deployed.

How should I go about this situation ?

I would finish the trial of Vamsoft and see how effective it is, then remove it and try out the Scanmail and see how effective that is, then make a decision on which one to keep.
Not having used Trend's Scanmail, I cannot comment on it's effectiveness, but all I use now is Vamsoft and I have only had 29 spam since the start of the year whereas I was receiving 5-6 spam a week before.

I'm recieving 500 spam a day

500 a day with the Symantec Appliance in place?
If that is the case, then I would ditch it competely in favour of a one off payment of $239 to Vamsoft and see your spam reduce to next to nothing.

does vamsoft do it all automatically or there is always checking and configuration changes as well as manual work ?

this symantec Anti spam was working fine for the first year with very less spam and then all of a sudden we had to manully delete spam from it's Delivery Qeues...why would this happen?

Vamsoft is totally automatic.  It either lets the mail through or it rejects it.  There is no quarantine area, or queue to sift through.  Once you set it up - it gets on with it.
You may have to tweak the settings from time to time to blacklists something or whitelist something (it can auto-whitelist email addresses that internal users have emailed) to allow it through, but it takes very little adjustment once it is configured and workng.
If it rejects mail, then the sender will get told why it got rejected and you can see in the logs why.  The logs are easy to use, easy to sort and filter and it is much better than Symantec (IMHO) as I used a Symantec Product before Vamsoft and although it was good, Vamsoft is better.
You will spend more time looking in the logs than you will tweaking it settings (at least I do), advising people that they are blacklisted or not configured properly!
Dont know why the Symantec Appliance worked and then needed manual intervention.  I don't have any experience of the appliances I'm afraid.
In terms of results, please have a read of this link:
http://blog.sembee.co.uk/post/Truly-Spectacular-Results-from-Vamsoft-ORF.aspx 

I just had a huge spam attack ......5000 emails from Mailer-Daemon

is my exchange server an open relay for spammers ? how can I block it if it is ?

Do you still have Vamsoft installed?
If you do - check the time the first email that was spam arrived - the messages should stand out in the logs, then correlate that time to the security event log and see which user account was used to sign on with.
That is your abused user account.  Change the password to a strong password and make sure you have strong passwords for all other accounts.
If the spam is not using an account, then your anti-spam software should be blocking it.

well it seems that my antispam software may not be blocking it or

all the spam is appearing on my antispam software but i have to manually remove all the obvious spam mails.

Which software are you referring to?
Vamsoft?

No our symantec antispam gateway is not doing it's work. I find vamsoft easy to manage.

I wanted to know , which is better ?

1) An antispam gateway which is intercepting spam before it reaches exchange or the antispam software installed on exchage server to intercept after it reaches exchange server?

2) WHere should the antispam software be best placed ?

or is it

3) what kind of antispam software we should purchase

or

4) how good antispam software is configured ?

or a combination of these ?

yea in coming month we have to renew it. I will tell my management for change of antispam ...if they dont then i'm stuck with this SBG applicance for good....

Fingers crossed.

Do you need any more help with anything now?