Stuck message flooding connection

Our Internet connection has been flooded to full capacity for two days now, and after a lot of searching, it looks like it's all coming from our Exchange server. Wireshark reveals nonstop connections to various Yahoo mail servers. There doesn't appear to be anything in the queue, but it looks like we immediately try to send mail to Yahoo upon rebooting the SMTP service:
74.6.136.65 SAU56EXCH01 - 25 - - 220+mta1032.mail.sk1.yahoo.com+ESMTP+YSmtp+service+ready 0 0 56 0 7609 SMTP
74.6.136.65 OutboundConnectionCommand SMTPSVC1 SAU56EXCH01 - 25 EHLO - sau56exch01.SAU56.Local 0 0 4 0 7609 SMTP
74.6.136.65 SAU56EXCH01 - 25 - - 250-mta1032.mail.sk1.yahoo.com 0 0 30 0 7969 SMTP
74.6.136.65 OutboundConnectionCommand SMTPSVC1 SAU56EXCH01 - 25 MAIL - FROM:<senderaddress@STUDENTS.domain.ORG>+SIZE=39375679 0 0 4 0 12500 SMTP
74.6.136.65 SAU56EXCH01 - 25 - - 250+sender+<senderaddress@students.domain.org>+ok 0 0 42 0 12609 SMTP
74.6.136.65 OutboundConnectionCommand SMTPSVC1 SAU56EXCH01 - 25 RCPT - TO:<recipientaddress@yahoo.com> 0 0 4 0 12609 SMTP
74.6.136.65 SAU56EXCH01 - 25 - - 250+recipient+<recipientaddress@yahoo.com>+ok 0 0 39 0 12719 SMTP
74.6.136.65 OutboundConnectionCommand SMTPSVC1 SAU56EXCH01 - 25 DATA - - 0 0 4 0 12719 SMTP

I can't get it to stop attempting to deliver this message. I have even deleted the mailbox and purged, it still tries every time I reload the SMTP service and maxes out our connection. Using the message tracking center tool shows multiple (successful?) attempts to send the message that only had one recipient to begin with. I can't seem to copy/paste that data, but an image is located at http://i43.tinypic.com/fxfnv4.jpg. The original sent date matches up perfectly with when the problem started.

Any thoughts on how we can clear this up?
rsalvatiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan HardistyCo-OwnerCommented:
0
rsalvatiAuthor Commented:
Thanks for the info. I have taken a look and enabled the logging, but don't see any authentication info in the event viewer. Would normal Outlook usage show up there? That's what we'd mainly use.

The email does seem to be legitimate. The recipient on Yahoo's end definitely looks like a second email for the original sender (similar names). Also around the same time the message was originally sent, the student sent a message to their instructor saying they were having a hard time figuring out how to send some sort of attachment. The queues don't seem to be filling up with anything (not even the problem message) and it is just to one recipient.

Forgot to add, it is Exchange 2003 running on Server 2003 R2.
0
Alan HardistyCo-OwnerCommented:
Okay - in that case - your student has probably sent a large email to several people or a blooming big attachment to one person.
You can schedule large emails to be delivered after hours by changing the properties of the default SMTP Connector> Delivery Options Tab - Use different delivery times for oversize messages - Set the Size - Set the Schedule and restart the SMTP service.
Essentially, Exchange will throw all its resources at getting the emails out of its queues and if you have lots of mail to go - your connection will get clogged by Exchange trying to send it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

rsalvatiAuthor Commented:
I don't actually seem to have a default SMTP connector (or any connectors at all, really). I created a default one as per http://support.microsoft.com/kb/265293 and set up a oversized limit of 2000KB and to have them send in the evening (not really realistic, but just to test...) It does seem to have stopped attempting to send the message.

Is there any way to delete this message? The queues are completely empty, and the message has apparently taken more than two days to send, so I don't really want it to continue. :) It isn't still in her outbox, as I've completely deleted the account.
0
Alan HardistyCo-OwnerCommented:
The horse may have bolted now - so it may be too late this time round, but next time, you have you SMTP Connector that will save you from bandwidth melt-down.
Try sending a 4mb .JPG picture to three friends before the large file watershed and look at your queue - it should just be sitting there.
If you have nothing in your queue now - then the message(s) has/have gone.
0
rsalvatiAuthor Commented:
Seems all set now, the problem message did not attempt to start sending again even when the window opened back up. Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.