[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Exchange 2003 queue getting full

Posted on 2011-09-13
3
Medium Priority
?
653 Views
Last Modified: 2012-06-21
Hi guys,

I have an Exchange 2003 server system which has been working fine but recently we get lots of spams taking advantage of our server just like an open relay.

- I've tested open relay from public but it is not an open relay.
- It only happened at certain hours (usually from midnight till 9am)

We have an AD/ISA server up front, and then an Exchange server inside. IPs as followed
- AD/ISA: 192.168.1.100 (external), 172.38.6.1 (internal)
- Exchange: 172.38.6.2

ISA is publishing all the necessary rules from Exchange server.
The "Default SMTP Virtual Server" from Exchange is "Allowing All computers which sucessfully authenticate to relay".
Right now the spams come in too often and it is taking all the smarthost quota that we have.
In Application Logs, I typically get this message:
-------------
This is an SMTP protocol warning log for virtual server ID 1, connection #908. The remote host "204.13.248.71", responded to the SMTP command "mail" with "451 Daily Message Quota Exceeded  ". The full command sent was "MAIL FROM:<pooh@anet.net.tw> SIZE=2318  ".  This may cause the connection to fail.
---------------

How do I know where this came from and how to stop it ? Thank you
0
Comment
Question by:Johnny_Nguyen
3 Comments
 
LVL 17

Accepted Solution

by:
Viral Rathod earned 1200 total points
ID: 36533621
0
 
LVL 15

Assisted Solution

by:.
. earned 800 total points
ID: 36534479
Hi, Does your firewall allow all connections on TCP:25 to hit your Exchange ? if so it could be an authenticated relay which means that a user on your network may have had their password compromised allowing an attacker to send email using SMTP Authentication. The other possiblity is that a PC on your network may have malware.

Read the following article. It will show you how to increase the Transport log level to pinpoint where the attach is coming from. It will also show you a way of purging the queue quickly.

http://exchange.sembee.info/2003/smtp/spam-cleanup.asp

You should run a syslog from your Firewall to see where the traffic is coming from.

Be sure to have password policies inplace that force complexity and account lockout and advise is to close SMTP as best you can. As an example you can improve your server performance by have an external message cleansing source, like Messagelabs or MimeCast, then lock down your SMTP so that only the IP ranges used by these MTA's can access your Exchange using SMTP.

Another consideration would be to check the queue content, are they Postmaster messages?
0
 
LVL 1

Author Closing Comment

by:Johnny_Nguyen
ID: 36813770
Thank you. I did all the above measures and it seems to have stopped
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Jet database engine errors can crop up out of nowhere to disrupt the working of the Exchange server. Decoding why a particular error occurs goes a long way in determining the right solution for it.
What is the biggest problem in managing an exchange environment today? It is the lack of backups, disaster recovery (DR) plan, testing of the DR plan or believing that it won’t happen to us.
how to add IIS SMTP to handle application/Scanner relays into office 365.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Suggested Courses
Course of the Month7 days, 23 hours left to enroll

608 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question