• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 334
  • Last Modified:

Exchange 2003 queue showing other domains sending messages??

Hello There,

When I go to the queue in exchange I see there is a email jobs@unitedpayroll.com trying to send 2000 messages out?

This is causing us problems because our mails are bouncing back with a delayed notification.

What is causing all this and how can I stop this?

I am not a exchange expert so please kindly guide me.

I appreciate all your help.
0
AmmanAnwar
Asked:
AmmanAnwar
  • 11
  • 6
  • 3
  • +1
1 Solution
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Is your server open for relay ?

Troubleshoot mail relay issues in Exchange Server 2003 and in Exchange 2000 Server
http://support.microsoft.com/kb/895853

On the SMTP Virtual server or any SMTP  connector do you relay from all servers ??

- Rancy
0
 
AmmanAnwarAuthor Commented:
Hello Rancy,

I went to the system manager and found a connector there. The connector name was given "relay". So I am assuming yes.
0
 
AmmanAnwarAuthor Commented:
I also just went to default smtp virtual server properties and in the general tab I see IP:Address (All unassigned)
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
Sushil SonawaneCommented:
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
I would say it should only have the IPs that i want to allow relay rather say the entire world can through me ?

Also check the article shared by Sushil and see if you can quickly run through few steps or for the time being if possible stop the SMTP and ROuting engine so your server isnt sending spam and isnt Blacklisted.

- Rancy
0
 
AmmanAnwarAuthor Commented:
I went to the test smtp website and this is what it gave.

All tests succeded, no relay accepted.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Not sure if any of you user machine is Compromised for Spamming .... check for any Virus right away on all Servers and client machines.

- Rancy
0
 
AmmanAnwarAuthor Commented:
I ran trend micro and it found some threats and it was removed. I also restarted the smtp service.

Is there any way I can have this jobs@unitedpayrolls.com not send messages through our smtp?
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Its not directly sending i guess its using some Machine to send the emails so need to find the Virus or have the issue on that machine corrected.

Stop the SMTP service and clear the data manually from the Queue and check if you still get new emails from this email address ?

- Rancy
0
 
Sushil SonawaneCommented:
Configure the Sender and Recipient Filtering on the exchange server. Please refer below link

http://www.msexchange.org/tutorials/sender-recipient-filtering.html
0
 
AmmanAnwarAuthor Commented:
I don't think I can stop the smtp service right now. Let me visit the link mentioned above.
0
 
AmmanAnwarAuthor Commented:
I have added that jobs@unitedpayrolls.com to the sender filtering. Should I also add this domain to recipient filtering?
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Yes do both and restart SMTP and Routing engine.

- Rancy
0
 
AmmanAnwarAuthor Commented:
I just did. Now let me monitor it for a few minutes and see the queue. Currently the queue has 92 messages from our staff. after restarting the service let me see what happens to the queue.
0
 
AmmanAnwarAuthor Commented:
I just checked queue and it went to 2663 messages from 92. Most of the messages are still showing jobs@payrollunited.com

I did a message tracking in the morning. Do you want me to attach it here? probably you can help me further?
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
jobs@payrollunited.com - Can you check its generation server or IP ?
Sure do so ..

- Rancy
0
 
AmmanAnwarAuthor Commented:
Message Tracking


it is generating server. I see in queue the host name jobs@unitedpayrolls.com
0
 
Simon Butler (Sembee)ConsultantCommented:
Start with my guide here to ensure that the server is secure and clean it up:
http://exchange.sembee.info/2003/smtp/spam-cleanup.asp

Only once you have cleaned the server up can you do anything else to try and block the measures. You need to establish where the message is coming from, so ensure the server is setup correctly to begin with.

Simon.
0
 
AmmanAnwarAuthor Commented:
I see in out current sessions on default smtp virtual server there is an ip from mexico. I cant terminate it. It gives an error saying user does not exisit.
0
 
Simon Butler (Sembee)ConsultantCommented:
Just restart the SMTP Server service, that will break the connection. If immediately reconnects though then you still have whatever method is being used active.

Simon.
0
 
AmmanAnwarAuthor Commented:
We fixed it. What I did was in the default smtp virtual server properties the connection tab had the settings checked that let anyone connect to this server and I removed that and selected allow on these following IP's to access it and I restarted the services and it worked although another issue was we were black listed and that is also taken care of.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 11
  • 6
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now