• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1510
  • Last Modified:

Exchange 2010 Queue Viewer

Hi all

Have a question regarding my Exchange 2010 message queue..
At any given time when I check the queue I have several messages that are completely unrelated to my company.

Here is an example of the properties of one of those messages:


Identity: CSMMS\26789\19514
Subject: Undeliverable: Purchase original branded accessory replicas and get a huge discount.. Order the branded Armani accessories to be the most stylish guy of your city.
Internet Message ID: <432a6ab2-ba4f-4830-af1e-d6dfd3182d7b@csmeng.sw>
From Address: <>
Status: Active
Size (KB): 7
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 2011/05/09 12:38:47 PM
Expiration Time: 2011/05/11 12:38:47 PM
Last Error:
Queue ID: CSMMS\26789
Recipients:  terser80@eliteexcavatingllc.com

Could someone please shed some light on this as sometimes there is more than 100 messages in the queue.

Thanks in advance.
0
DJMohr
Asked:
DJMohr
  • 10
  • 9
  • 2
1 Solution
 
d3ath5tarCommented:
Looks like someone or something is trying to use you as a relay.

Run your external smtp ip through this link; http://www.mxtoolbox.com/diagnostic.aspx
It will tell you if you are vunerable.
0
 
ckeshavCommented:
These mails are SPAM mails, make sure have SPAM Control at DMZ level or install the Anti-Spam on the HUB server itself.

The below link should help you enable Anti-Spam on HUB Transport Server

http://technet.microsoft.com/en-us/library/bb201691.aspx
0
 
DJMohrAuthor Commented:
@ ckeshav

I have Avira's small business package installed on my exchange... suppose it's not the same as what you are mentioning?
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
DJMohrAuthor Commented:
@ d3ath5tar

Have run the test, results:

smtp:196.210.164.152      
Monitor This
        smtp    
220 CSMMS.csmeng.sw Microsoft ESMTP MAIL Service ready at Mon, 9 May 2011 13:02:14 +0200
 OK - 196.210.164.152 resolves to 196-210-164-152.dynamic.isadsl.co.za
 Warning - Reverse DNS does not match SMTP Banner
 0 seconds - Good on Connection time
 Not an open relay.
 7.192 seconds - Warning on Transaction time


Session Transcript:
HELO please-read-policy.mxtoolbox.com
250 CSMMS.csmeng.sw Hello [64.20.227.133] [374 ms]
MAIL FROM: <supertool@mxtoolbox.com>
250 2.1.0 Sender OK [343 ms]
RCPT TO: <test@example.com>
550 5.7.1 Unable to relay [5351 ms]
QUIT
221 2.0.0 Service closing transmission channel [359 ms]

anything else I need to check/do?
0
 
ckeshavCommented:
Yes that is the Anti-Spam solution, make sure it is configured correctly.
You can also enable Anti-Spam on HUB transport as an additional security
0
 
d3ath5tarCommented:
Looks like you're safe externally in terms of relay so they must be being sent in spoofed headers.....

ckeshavs post would be the next one to follow.... get spam protection if you don't have it already...

Also, as a protection point for yourself, whilst we're all here to help, occasioanlly you do get the odd unscrupulous person... when posting test result you might to consider removing your real external ip addresses.

0
 
DJMohrAuthor Commented:
Oh yeah, my bad.

Thanks, will enable the Anti-Spam on the Hub and report back.
0
 
DJMohrAuthor Commented:
Ok, have installed/enabled the Anti-Spam. Does it need to be configured?
0
 
ckeshavCommented:
Yes it quite simple, you can keep the "Sender reputation" at a lower level.

You may also need to configure a Mailbox for Quarantine mails and configure the SPAM Quarantine to this Mailbox.
Initially you need to monitor this Mailbox and release these mails if any genuine mails get Quarantined and adjust your SPAM settings accordingly.
0
 
ckeshavCommented:
This link should help you configure Anti-Spam.
This is a Exchange 2007 article but would hold good for Exchange 2010 also.
0
 
ckeshavCommented:
This link should help you configure Anti-Spam.
This is a Exchange 2007 article but would hold good for Exchange 2010 also.

http://www.petri.co.il/reduce-spam-by-using-sender-reputation-with-exchange-2007.htm
0
 
DJMohrAuthor Commented:
Awesome, will have a look.

Also just checked the queue and there is still quite a few spam messages going through, but I take this will be reduced once I have configured it.
0
 
DJMohrAuthor Commented:
When you say Sender Reputation quite low I take i can set it to 2 instead of the default 7?
0
 
ckeshavCommented:
Yes...I would suggest keep it 4 or 5
0
 
DJMohrAuthor Commented:
OK, have set that.

How would I be able to monitor what is being caught by the Anti-Spam?
0
 
ckeshavCommented:
sorry that is other way around...

Keep it around 9

http://technet.microsoft.com/en-us/library/bb124510%28EXCHG.80%29.aspx

This topic explains how to use the Exchange Management Console or the Exchange Management Shell to configure the sender reputation level (SRL) block threshold. Sender reputation is anti-spam functionality that blocks messages according to the characteristics of the sender. The SRL is a number between 0 and 9 that predicts the probability that a specific sender is a spammer or malicious sender. A value of 0 indicates that the message is not likely to be spam. A value of 9 indicates that a message is likely to be spam.

You can configure the threshold for sender blocking by SRL. This SRL block threshold defines the SRL value that must be exceeded for sender reputation to block a sender. By default, the SRL threshold value is 7. Use caution when you set the SRL threshold. A threshold that is too low may unintentionally block legitimate senders. A threshold that is too high may not block malicious senders or spammers. If a message is equal to or greater than the SRL block threshold, that sender will be added to the IP Block list from 0 to 48 hours. The default is 24 hours.
0
 
ckeshavCommented:
As i told earlier you need to create a Mailbox Ex: Spam-Quarantine and configure that in the Content-Filtering configuration.
You can login to OWA with the credentials of the Mailbox and release any genuine mails. The mail will get delivered to the user.
Spam.jpg
0
 
DJMohrAuthor Commented:
Ok, is it just a normal mailbox that i need to create?
0
 
ckeshavCommented:
Yes...normal user mailbox.
0
 
DJMohrAuthor Commented:
Thanks man, seems to be going a lot better. I also added IP Blocked Providers list to the mix up.
0
 
ckeshavCommented:
Great :)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 10
  • 9
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now