?
Solved

exchange 2003

Posted on 2011-09-26
11
Medium Priority
?
207 Views
Last Modified: 2012-05-12
what is the quckest way to clear out the queue in exchange 2003? over the weekend, something happened and my queue is FULL of stuff, it looks like something is try to relay through my server, so i just want to blow out everything in the queue
0
Comment
Question by:JeffBeall
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 23

Assisted Solution

by:Stelian Stan
Stelian Stan earned 668 total points
ID: 36599496
0
 
LVL 23

Expert Comment

by:Stelian Stan
ID: 36599559
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36599943
Please have a read of my article so that you can identify which of your accounts the spammer is abusing so that you can stop this happening again, which it will:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2556-Why-are-my-outbound-queues-filling-up-with-mail-I-didn't-send.html

You can use aquadmcli.exe to purge the queues quickly:
http://community.spiceworks.com/how_to/show/267
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 1

Author Comment

by:JeffBeall
ID: 36669284
i had to put postmaster@mydomain.com in sender filtering to stop all the bogus email. how can i clean up after this?
0
 
LVL 6

Assisted Solution

by:Em Man
Em Man earned 664 total points
ID: 36670822
make sure your Exchange Server is not an Open Relay.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36708937
Have you read my article?

You are either an authenticated relay and need to identify the account, or you are not recipient filtering and need to.

Which is it?

Who is the sender of the emails in your queue?  Random users from a domain not hosted by your server or postmaster@yourdomain.com?
0
 
LVL 1

Author Comment

by:JeffBeall
ID: 36709298
yes alanhardisty, i read your article, and i thought it was very good. but maybe i didn't read something carefully enough.
all i know is that once i put postmaster@mydomain.com in recipient filtering, and checked  - filter recipients who are not in the directory, the attack stopped and my queue is perfect.
i can send and receive emails.
so should i keep postmaster@mydomain.com in recipient filtering? or are there problems keeping this setting?
now that my queue is clear, i don't have one of the bogus emails to look at who the sender was.
i did look at those emails when i had them, but i guess i couldn't tell who was the sender.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36709358
Okay - so you enabled Recipient Filtering - which means you now won't be sending NDR (Non Delivery Reports) back to spammers.

When you don't recipient filter, and you get inundated with spam, your server will accept all the messages, then try to deliver them, discover that the recipient doesn't exist and will then send a Non Delivery Report back to the sender, which will usually be a forged address, so a proportion of the NDR messages won't be deliverable (because they have been made up).

The problem is, that some messages will be sent to people that didn't send you messages and this will mean you will probably be Blacklisted on Backscatterer.org as a result.

Now that you have Recipient Filtering enabled, your server checks the Recipient details on inbound messages and if the Recipient doesn't exist on your server, the server will reject the message and the Sender will then be the one responsible for sending the NDR message (not you).

So - what was happening was that you were being inundated with spam and you were not Recipient Filtering.

You should now remove the postmaster@mydomain.com filter but leave Recipient Filtering Enabled.

Check on www.mxtoolbox.com/blacklists.aspx and see if your IP Address is blacklisted with Backscatterer.org.  It probably will be but will drop off in about 30 days time automatically.

Until then, you may have some problems sending mail to some domains because they will use this blacklist to reject spam and because they will find you on it, your messages will be rejected.

To bypass this, you can setup a new SMTP Connector to send emails for the problem domains via your ISP's mail server (Smarthost).

For details of how to do this, please have a read of the following:

http://www.msexchange.org/tutorials/configuring-smtp-connector.html

Alan
0
 
LVL 1

Author Comment

by:JeffBeall
ID: 36709637
ok, i took postmaster out of recepient filtering and all is still well with my queue.
also, i tried the link to see if i'm black listed, and i am not!! so good news, i guess i caught it in time.
any suggestions on how to clean up after this? i apologize in advance if the clean up is in your article, i started googleing so many things, i lost track of what was where.
my queue is nice and clean, i just didn't know if there were other things to consider.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 668 total points
ID: 36709688
Nothing to cleanup by the sounds of it.  If you have nipped the issue in the bud, then you should be fine.  Not being Blacklisted is good news.  Hopefully it will stay that way.

Recipient Filtering was the answer in this case, which hopefully my article would have pointed you towards as the solution.
0
 
LVL 1

Author Closing Comment

by:JeffBeall
ID: 36777106
thanks for the help, all is well with my server now.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to effectively resolve the number one email related issue received by helpdesks.
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question