Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Exchange 2003 queue getting full

Posted on 2011-09-13
3
637 Views
Last Modified: 2012-06-21
Hi guys,

I have an Exchange 2003 server system which has been working fine but recently we get lots of spams taking advantage of our server just like an open relay.

- I've tested open relay from public but it is not an open relay.
- It only happened at certain hours (usually from midnight till 9am)

We have an AD/ISA server up front, and then an Exchange server inside. IPs as followed
- AD/ISA: 192.168.1.100 (external), 172.38.6.1 (internal)
- Exchange: 172.38.6.2

ISA is publishing all the necessary rules from Exchange server.
The "Default SMTP Virtual Server" from Exchange is "Allowing All computers which sucessfully authenticate to relay".
Right now the spams come in too often and it is taking all the smarthost quota that we have.
In Application Logs, I typically get this message:
-------------
This is an SMTP protocol warning log for virtual server ID 1, connection #908. The remote host "204.13.248.71", responded to the SMTP command "mail" with "451 Daily Message Quota Exceeded  ". The full command sent was "MAIL FROM:<pooh@anet.net.tw> SIZE=2318  ".  This may cause the connection to fail.
---------------

How do I know where this came from and how to stop it ? Thank you
0
Comment
Question by:Johnny_Nguyen
3 Comments
 
LVL 17

Accepted Solution

by:
Viral Rathod earned 300 total points
ID: 36533621
0
 
LVL 15

Assisted Solution

by:It breaks therefore I am
It breaks therefore I am earned 200 total points
ID: 36534479
Hi, Does your firewall allow all connections on TCP:25 to hit your Exchange ? if so it could be an authenticated relay which means that a user on your network may have had their password compromised allowing an attacker to send email using SMTP Authentication. The other possiblity is that a PC on your network may have malware.

Read the following article. It will show you how to increase the Transport log level to pinpoint where the attach is coming from. It will also show you a way of purging the queue quickly.

http://exchange.sembee.info/2003/smtp/spam-cleanup.asp

You should run a syslog from your Firewall to see where the traffic is coming from.

Be sure to have password policies inplace that force complexity and account lockout and advise is to close SMTP as best you can. As an example you can improve your server performance by have an external message cleansing source, like Messagelabs or MimeCast, then lock down your SMTP so that only the IP ranges used by these MTA's can access your Exchange using SMTP.

Another consideration would be to check the queue content, are they Postmaster messages?
0
 
LVL 1

Author Closing Comment

by:Johnny_Nguyen
ID: 36813770
Thank you. I did all the above measures and it seems to have stopped
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question