Solved

Exchange 2003 queue getting full

Posted on 2011-09-13
3
642 Views
Last Modified: 2012-06-21
Hi guys,

I have an Exchange 2003 server system which has been working fine but recently we get lots of spams taking advantage of our server just like an open relay.

- I've tested open relay from public but it is not an open relay.
- It only happened at certain hours (usually from midnight till 9am)

We have an AD/ISA server up front, and then an Exchange server inside. IPs as followed
- AD/ISA: 192.168.1.100 (external), 172.38.6.1 (internal)
- Exchange: 172.38.6.2

ISA is publishing all the necessary rules from Exchange server.
The "Default SMTP Virtual Server" from Exchange is "Allowing All computers which sucessfully authenticate to relay".
Right now the spams come in too often and it is taking all the smarthost quota that we have.
In Application Logs, I typically get this message:
-------------
This is an SMTP protocol warning log for virtual server ID 1, connection #908. The remote host "204.13.248.71", responded to the SMTP command "mail" with "451 Daily Message Quota Exceeded  ". The full command sent was "MAIL FROM:<pooh@anet.net.tw> SIZE=2318  ".  This may cause the connection to fail.
---------------

How do I know where this came from and how to stop it ? Thank you
0
Comment
Question by:Johnny_Nguyen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 17

Accepted Solution

by:
Viral Rathod earned 300 total points
ID: 36533621
0
 
LVL 15

Assisted Solution

by:It breaks therefore I am
It breaks therefore I am earned 200 total points
ID: 36534479
Hi, Does your firewall allow all connections on TCP:25 to hit your Exchange ? if so it could be an authenticated relay which means that a user on your network may have had their password compromised allowing an attacker to send email using SMTP Authentication. The other possiblity is that a PC on your network may have malware.

Read the following article. It will show you how to increase the Transport log level to pinpoint where the attach is coming from. It will also show you a way of purging the queue quickly.

http://exchange.sembee.info/2003/smtp/spam-cleanup.asp

You should run a syslog from your Firewall to see where the traffic is coming from.

Be sure to have password policies inplace that force complexity and account lockout and advise is to close SMTP as best you can. As an example you can improve your server performance by have an external message cleansing source, like Messagelabs or MimeCast, then lock down your SMTP so that only the IP ranges used by these MTA's can access your Exchange using SMTP.

Another consideration would be to check the queue content, are they Postmaster messages?
0
 
LVL 1

Author Closing Comment

by:Johnny_Nguyen
ID: 36813770
Thank you. I did all the above measures and it seems to have stopped
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question