• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 761
  • Last Modified:

Exchange Queue filling with retries "Unable to connect"

We've recently been put on two blacklists so I am looking in the Exchange 2010 queue to see if anything fishy. I see over 100 spam email domains with DNSConnectorDelivery in retry states. All the emails seem to have Undeliverable in subject. One such example below:

Identity: mail1\160283\1565892
Subject: Undeliverable: Ends Today! Get Your Free Gift
Internet Message ID: <70147933-36f8-4039-bf82-dc897bb2975c@ourdomain.net>
From Address: <>
Status: Ready
Size (KB): 10
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 5/22/2013 3:21:52 AM
Expiration Time: 5/27/2013 3:21:52 AM
Last Error:
Queue ID: mail1\160283
Recipients:  EvfPsKGA666@aktifofis.com

The Last error is 451 4.4.0 Primary target IP address responded with: "421 Unable to connect." We are not an open relay and we use Postini to filter our inbound email. I have installed AntiSpam on our Hub Transport and enabled Sender and Recipient Filtering to assist.  
The emails show no sender and no source IP so I don't understand how they are ending up in our queue.

Any ideas?
0
ecosys
Asked:
ecosys
  • 3
1 Solution
 
AmitIT ArchitectCommented:
Check first internal user. Any user or server hit with a virus attack. Virus can also generate these kind of spam emails. If you have application configured to relay using exchange server. Make sure to use IP based relay. Which means, don't open it for anonymous users. Try this first.
0
 
ecosysAuthor Commented:
We only allow IP based relay internally. Also port 25 is restricted to only our Postini servers so all email should be filtered by the time it reaches us. I am not sure if there is an easy way to check for a virus but we have many  servers and users.
0
 
ecosysAuthor Commented:
I've resolved this by installed AntiSpam for Hub Transport. Set up Recipient Filtering to block messages sent to recipients that do not exist in directory. I also blocked emails without sender information, although this may not be necessary.
0
 
ecosysAuthor Commented:
I resolved.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now