cstephen100
asked on
Exchange not sending/receiving email
Hi
I have an sbs 2003 exchange box that has stopped sending emails,
all users are connected to exchange, if i send an internal or external email they are not been received.
I just checked exchange queue and see there is a lot of unwanted emails in queue,
i.e .tw domains.
Would this be related? i dont have exchange server set as a relay server,
what is best way to resolve this?
I check event log and saw a couple of event ids for exchange, not sure if they woudl cause it but there added below:
Thanks
stephen
*************
Event Type: Information
Event Source: ESE
Event Category: Online Defragmentation
Event ID: 700
Date: 20/04/2010
Time: 09:16:18
User: N/A
Computer: GPSSERVER
Description:
Information Store (4032) First Storage Group: Online defragmentation is beginning a full pass on database 'D:\program folders\Exchsrvr\MDBDATA\p
**************************
Event Type: Error
Event Source: MSExchangeIS
Event Category: General
Event ID: 9646
Date: 20/04/2010
Time: 09:16:31
User: N/A
Computer: GPSSERVER
Description:
Mapi session "/o=First Organization/ou=first administrative group/cn=Recipients/cn=vry
For more information, click http://www.microsoft.com/contentredirect.asp.
I have an sbs 2003 exchange box that has stopped sending emails,
all users are connected to exchange, if i send an internal or external email they are not been received.
I just checked exchange queue and see there is a lot of unwanted emails in queue,
i.e .tw domains.
Would this be related? i dont have exchange server set as a relay server,
what is best way to resolve this?
I check event log and saw a couple of event ids for exchange, not sure if they woudl cause it but there added below:
Thanks
stephen
*************
Event Type: Information
Event Source: ESE
Event Category: Online Defragmentation
Event ID: 700
Date: 20/04/2010
Time: 09:16:18
User: N/A
Computer: GPSSERVER
Description:
Information Store (4032) First Storage Group: Online defragmentation is beginning a full pass on database 'D:\program folders\Exchsrvr\MDBDATA\p
**************************
Event Type: Error
Event Source: MSExchangeIS
Event Category: General
Event ID: 9646
Date: 20/04/2010
Time: 09:16:31
User: N/A
Computer: GPSSERVER
Description:
Mapi session "/o=First Organization/ou=first administrative group/cn=Recipients/cn=vry
For more information, click http://www.microsoft.com/contentredirect.asp.
ASKER
hi thanks for above,
would the above eventid cause the server to not send/receive email
or
is the reason they are not receiveing/sending due to all the .tw emails in exchnge queue?I
I have around 2000 of them in queue.
Thanks
stephen
would the above eventid cause the server to not send/receive email
or
is the reason they are not receiveing/sending due to all the .tw emails in exchnge queue?I
I have around 2000 of them in queue.
Thanks
stephen
Please have a read of my article which should help you - sounds like you have an authenticated relay attack, or you are suffering from NDR spam:
https://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/Why-are-my-outbound-queues-filling-up-with-mail-I-didn't-send.html
https://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/Why-are-my-outbound-queues-filling-up-with-mail-I-didn't-send.html
If you restart the SMTP service do all mails go (do the Queues empty) or do they just fill up again after a short while OR not process at all?
ASKER
Hi
i cleared down the queues and then restarted the smtp service,
however the smtp service stopped and wouldnt restart, the server now doesnt reboot,
i am going on site now :-(, ill post back shortly.
thanks stephen
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
can you go onto www.mxtoolbox.com and verify that it is not showing your server as an open relay?
ASKER
Hi Mega,
Thanks for above, got server back online,
and we are not receiving email. However no external email seems to be sending.
When lok at quese, i see that the Exchange MTA is not running.
Would this cause Smtp mail not to send?
i get the follwoing information in event viewer:
**************************
Event Type: Information
Event Source: MSExchangeIS Mailbox Store
Event Category: Transport Delivering
Event ID: 9650
Date: 21/04/2010
Time: 12:30:00
User: N/A
Computer: GPSSERVER
Description:
Message delivery is being attempted.
Internet Msg Id:<15E476084EA33244918D52
**************************
Thanks
stephen
How big is that message? @horizongpschina? How BIG are your message restrictions to and from the internet? 5Mb, 10Mb, 20Mb or unrestricted?
Have you checked on mxtoolbox.com to make sure that you aren't an open relay?
Have you checked on mxtoolbox.com to make sure that you aren't an open relay?
MTA Stacks service is not needed in Exchange 2003. this is only for non-smtp messages like Lotus Notes connectors etc...
did you apply either of those hotfixes I gave you?
Also, what version of store.exe are you running?
and what version of exsmtp.dll?
You might try this:
If you do have an open relay, as mentioned above, correct that issue. Usually, it's best to go to the smtp server in Exchange, go to Access, Relay Restrictions, grant access to only the list below.
Put in the server IP, the mask and the local host IP (127.0.0.1)
Uncheck 'allow all computer that authenticate'. It is very likely that an internal machine will have a mysteriously enabled IIS or SMTP on it that is sending spam to the Exchange server.
stop the Exchange services. Usually stopping the system attendant is good enough (accept the additional services that want to stop as a result). In particular make sure the information store is stopped.
Go to this directory:
C:\Program Files\Exchsrvr\Mailroot\vs
the object is to stop the queue objects (all your in-process mail) from going out. They are probably mostly spam.
use the command prompt--the gui may take a long time because it has to read the entire queue before it will list. Make a directory, name it something like queueold.
copy queue\*.* to queold. Double check that this worked.
Then delete queue\*.*
Now, start the services again, using the reverse order : start the system attendant (and whatever wants to start automatically) and then all the other services that say Microsoft Exchange. (I like to sort by the startup type--all the Exchange services will be listed in a row and all should be started from the top down).
If the queue fills up again, you have to start over. You haven't found the offending machine yet.
Several things can cause this, all nefarious. Look for some workstation that has IIS running on it first. Make sure your SMTP server in Exchange is set correctly. And then do it again.
The objects in the queue directory can be copied back into the queue if they are legit. Delete the other ones.
You may not be receiving mail because the BadMail directory is so full that you are out of room on drive C:.
Also, the First Storage Group mail and public stores should be running, right click and click mount store.
But I suggest fixing the SMTP and move the queue files first.
If you do have an open relay, as mentioned above, correct that issue. Usually, it's best to go to the smtp server in Exchange, go to Access, Relay Restrictions, grant access to only the list below.
Put in the server IP, the mask and the local host IP (127.0.0.1)
Uncheck 'allow all computer that authenticate'. It is very likely that an internal machine will have a mysteriously enabled IIS or SMTP on it that is sending spam to the Exchange server.
stop the Exchange services. Usually stopping the system attendant is good enough (accept the additional services that want to stop as a result). In particular make sure the information store is stopped.
Go to this directory:
C:\Program Files\Exchsrvr\Mailroot\vs
the object is to stop the queue objects (all your in-process mail) from going out. They are probably mostly spam.
use the command prompt--the gui may take a long time because it has to read the entire queue before it will list. Make a directory, name it something like queueold.
copy queue\*.* to queold. Double check that this worked.
Then delete queue\*.*
Now, start the services again, using the reverse order : start the system attendant (and whatever wants to start automatically) and then all the other services that say Microsoft Exchange. (I like to sort by the startup type--all the Exchange services will be listed in a row and all should be started from the top down).
If the queue fills up again, you have to start over. You haven't found the offending machine yet.
Several things can cause this, all nefarious. Look for some workstation that has IIS running on it first. Make sure your SMTP server in Exchange is set correctly. And then do it again.
The objects in the queue directory can be copied back into the queue if they are legit. Delete the other ones.
You may not be receiving mail because the BadMail directory is so full that you are out of room on drive C:.
Also, the First Storage Group mail and public stores should be running, right click and click mount store.
But I suggest fixing the SMTP and move the queue files first.
thanks for the points, did the hotfixes solve your issue?
http://support.microsoft.com/kb/830829
http://technet.microsoft.com/en-us/library/aa996193.aspx