Email are qeueing up in huge amount in my Exchange server 2003 Ent SP2 - Plz Helpppp!!!!!

Hi,

I have exchange server 2003 Ent SP2 and all the inbound and outbound emails are qeueing up .

There are options of

Freeze
Unfreeze
delete with NDR
delete with no NDR

I dont know how much they can help

Our network has following diagram


ASA Firewall  -->  Symantec Brightmail Antispam Appliance --> two interfaces on Symantec Appliance...

1 interface goes to College 1 Exchange server
2 interface goes to College 2 Exchange Server

The outbound as well as inbound emails are all qeueing up ...also lots of emails are showing up in qeue in symantec Antispam appliance.

Any clue why ?

please help ...
Amir4uAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan HardistyCo-OwnerCommented:
Please have a read of my Article.  Sounds like you are either an open relay or an authenticated relay.

http://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/Why-are-my-outbound-queues-filling-up-with-mail-I-didn't-send.html
0
Amir4uAuthor Commented:
thanx for the link i am reading it still....but what about the legitimate user emails which are in qeue now? will they remain stuck there?

i, for now, have manually deleted hundereds of qeued email of "postmaster@mydomain.com" in the hope of releasing the already stuck emails while still reading the articles you mentioned above and trying to make sense out of the whole situation...

thanx...

did i do right ?
0
Alan HardistyCo-OwnerCommented:
You may suffer some casulaties unless you create a new connector and set that to something like [99.99.99.99] as a smarthost and set the address space to include those random domains, which will be a pain to add all of them.
Also, if you are sending out spam, you are probably blacklisted, so legitimate mail may also get stopped because of that.
Have you got 127.0.0.1 allowed as a relay IP on the SMTP Virtual Server - if so delete it.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Amir4uAuthor Commented:
we had Antivirus server issue for last 6 months ...do u think exposure to viruses for this much time may also have caused spams to increase ?
0
Amir4uAuthor Commented:
smtp:mail.psu.edu.sa                smtp    
421 queue is full


 Not an open relay.
 0 seconds - Good on Connection time
 0 seconds - Good on Transaction time
 OK - 83.101.139.135 resolves to
 Warning - Reverse DNS does not match SMTP Banner

What about this Warning ...................Reverse DNS does not match SMTP Banner
0
Alan HardistyCo-OwnerCommented:
I doubt your Anti-Virus issues would cause this problem, but it cannot be ruled out.  Most spam comes from either open relays, authenticated relays or a compromised machine, but compromised machines seldom use an Exchange server to send their payload as most viruses use their own SMTP engine.
The Reverse DNS is a problem, but not one causing your spam.
Call your ISP and ask them to set this up properly to match your mailserver name e.g., mail.yourdomain.com.
0
Amir4uAuthor Commented:
I have checked www.mxtoolbox.com for my smtp address and ran "diagnostics" as well as "blacklist" and the report is all ok  now......

how can i know if my domain is blacklisted ?
0
Alan HardistyCo-OwnerCommented:
If you have run the Blacklist check on MXToolbox and it comes up blank, then that would be good enough for me.  It can take a while to hit the blacklists, but if you have left sufficient time and nothing is registered, then you should be fine.
Who is the sender of the mail that is queueing?
0
Amir4uAuthor Commented:
I have setup diagnostic logging ............... lets see the result .....
0
Amir4uAuthor Commented:
shall i add my smtp domain ip or FQDN in the "Sender Filtering" ... ?
0
Alan HardistyCo-OwnerCommented:
The sender filtering will only stop inbound mail claiming to come from yourselves.  If that is where it is coming from, then that should help.
0
Amir4uAuthor Commented:
Hi,

What about "Block List Service Configuration"  inside "Messege Delivery Properties"  ?

I already have RBL ordb.org under the "rule" with "yes" ... is that of any help ?

One more thing ....

is the following because of too much spam?

Under "Administrative Groups" > "First Administrative Group" > "Servers" > "My Server" > Right Click > Properties > General > I have enabled the option "message tracking"  and it's making my Hdd run out of space very fast. Before it was not like this. shall i uncheck it ?  
0
Amir4uAuthor Commented:
ok So i put the delete tracking messeges older then 7 days and now my HDD is fine...

My Antispam brightmail gateway is filling up with mail from "Mailer-Daemon" and when i delete them all from my Symantec Brightmail Antispam Appliance then all my emails start moving again....

Why Mail-Daemon email is coming in huge numbers ?
0
Alan HardistyCo-OwnerCommented:
Souds like you are being targetted by someone.
0
Amir4uAuthor Commented:
today i recieved 3000 spam mail in my antispam....

From "Mail-Daemon"
To     "starlightoD@pressdisplay.com"

So i put the "starlightoD@pressdisplay.com"  in "Recipient Sender" list
0
Alan HardistyCo-OwnerCommented:
Download and install a trial of Vamsoft ORF - www.vamsoft.com and configure it to stop all spam, but then set it to trial mode - it won't filter anything and this should allow you to see where the mail from mailer-daemon is coming from and work out what to do next to stop it.
The trial for Vamsoft will work for 30 days.
0
Amir4uAuthor Commented:
I installed vamsoft ORF and checked and well there are lots and lots of spam coming to my exchange ...but then again how do i possibly stop so many numbers domains from where spam is coming ? it seems like a huge manual task ....

now that i can see so many domains ....what would be the most effective way to block it ?
0
Alan HardistyCo-OwnerCommented:
The most efective way is to enable Vamsoft to block the spam. 92% of all email hitting my server is rejected as spam and I only get about 4 spam a month now compared to 4-5 a week with my previous software.
It is not necessarily the sending domains that are arriving (they are probably spoofed), but the IP addresses.  You can configure Vamsoft to check the Barracuda Block List which is very effective and this will kill a lot of spam.  Also configuring the Greylisting will knock most on its head.
For $239 - Vamsoft is an incredible product, worth much more than the asking price.
0
Amir4uAuthor Commented:
my company just now purchased Trend Micro Antivirus solution and along came with it Scanmail which also has lots of Antispam, content filtering, web reputation and other features..

So now i have Symantec Antispam hardware appliance, vamsoft trial version for now and scanmail from trendmicro to be deployed.

How should I go about this situation ?
0
Alan HardistyCo-OwnerCommented:
I would finish the trial of Vamsoft and see how effective it is, then remove it and try out the Scanmail and see how effective that is, then make a decision on which one to keep.
Not having used Trend's Scanmail, I cannot comment on it's effectiveness, but all I use now is Vamsoft and I have only had 29 spam since the start of the year whereas I was receiving 5-6 spam a week before.
0
Amir4uAuthor Commented:
I'm recieving 500 spam a day
0
Alan HardistyCo-OwnerCommented:
500 a day with the Symantec Appliance in place?
If that is the case, then I would ditch it competely in favour of a one off payment of $239 to Vamsoft and see your spam reduce to next to nothing.
0
Amir4uAuthor Commented:
does vamsoft do it all automatically or there is always checking and configuration changes as well as manual work ?

this symantec Anti spam was working fine for the first year with very less spam and then all of a sudden we had to manully delete spam from it's Delivery Qeues...why would this happen?
0
Alan HardistyCo-OwnerCommented:
Vamsoft is totally automatic.  It either lets the mail through or it rejects it.  There is no quarantine area, or queue to sift through.  Once you set it up - it gets on with it.
You may have to tweak the settings from time to time to blacklists something or whitelist something (it can auto-whitelist email addresses that internal users have emailed) to allow it through, but it takes very little adjustment once it is configured and workng.
If it rejects mail, then the sender will get told why it got rejected and you can see in the logs why.  The logs are easy to use, easy to sort and filter and it is much better than Symantec (IMHO) as I used a Symantec Product before Vamsoft and although it was good, Vamsoft is better.
You will spend more time looking in the logs than you will tweaking it settings (at least I do), advising people that they are blacklisted or not configured properly!
Dont know why the Symantec Appliance worked and then needed manual intervention.  I don't have any experience of the appliances I'm afraid.
In terms of results, please have a read of this link:
http://blog.sembee.co.uk/post/Truly-Spectacular-Results-from-Vamsoft-ORF.aspx 
0
Amir4uAuthor Commented:
I just had a huge spam attack ......5000 emails from Mailer-Daemon
0
Amir4uAuthor Commented:
is my exchange server an open relay for spammers ? how can I block it if it is ?
0
Alan HardistyCo-OwnerCommented:
Do you still have Vamsoft installed?
If you do - check the time the first email that was spam arrived - the messages should stand out in the logs, then correlate that time to the security event log and see which user account was used to sign on with.
That is your abused user account.  Change the password to a strong password and make sure you have strong passwords for all other accounts.
If the spam is not using an account, then your anti-spam software should be blocking it.
0
Amir4uAuthor Commented:
well it seems that my antispam software may not be blocking it or

all the spam is appearing on my antispam software but i have to manually remove all the obvious spam mails.
0
Alan HardistyCo-OwnerCommented:
Which software are you referring to?
Vamsoft?
0
Amir4uAuthor Commented:
No our symantec antispam gateway is not doing it's work. I find vamsoft easy to manage.

I wanted to know , which is better ?

1) An antispam gateway which is intercepting spam before it reaches exchange or the antispam software installed on exchage server to intercept after it reaches exchange server?

2) WHere should the antispam software be best placed ?

or is it

3) what kind of antispam software we should purchase

or

4) how good antispam software is configured ?

or a combination of these ?
0
Alan HardistyCo-OwnerCommented:
There is no simple answer.
Technically, having a hardware appliance should be better for you as it takes the processing power away from the server, but if it does not work, then it is pretty useless having it.
Vamsoft does a brilliant job with little overhead.  It is only a 4Mb package after all.
It can be easily configured and the logs are brilliant, allowing you to sort and filter to find out what happened to an email, assuming it arrived.
It is also a one-time purchase.  Symantec is no doubt an annual renewal, thus the cost of Vamsoft is well worth it.
Has the Symantec Gateway license run out?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Amir4uAuthor Commented:
yea in coming month we have to renew it. I will tell my management for change of antispam ...if they dont then i'm stuck with this SBG applicance for good....
0
Alan HardistyCo-OwnerCommented:
Fingers crossed.

Do you need any more help with anything now?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.