Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 446
  • Last Modified:

SBS 2003 using smart host, thousands of emails in queue

We had a computer on the system infected, sending spam thru the server. We are not an open relay. Cleaned up the computers and switched to a smart host. All was fine until today, there are 90,000 emails in the queue folder on the server. the queue in Exchange only shows the smart host connector. This is Exchange SP2. I suspect another computer infected. There are using two nic's in the server, not ISA just Windows firewall. In addition to finding the infected system and cleaning it what else can I do?
0
dpacheco
Asked:
dpacheco
  • 3
  • 3
1 Solution
 
AmitIT ArchitectCommented:
I might have deleted the queue without ndr and stopped all Exchange services. Then fix the infected computer or remove the infected computer from the LAN.
0
 
dpachecoAuthor Commented:
That's what I'm doing now. I guess I mistakenly thought that using a smarthost would prevent a workstation from trying to send out thru the server's smtp service. Apparently the queue folder will still get filled up, so far not on a blacklist.
0
 
AmitIT ArchitectCommented:
I guess that's the only option you have. Let me know, if I can assist you more.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
dpachecoAuthor Commented:
If I could figure out which computer is the culprit that would be helpful. Symantec says all computers are up to date and no issues. There are only 6 computers. I will scan them all but would be nice if there were a way to determine which one. They do not have wireless so no other devices connected.
0
 
AmitIT ArchitectCommented:
For that you can use the SMTP logging, by enabling the option like client IP address. Follow this:
http://www.msexchange.org/articles-tutorials/exchange-server-2000/monitoring-operations/Logging_the_SMTP_Service.html

Once you have the logs, parse it and you can find the culprit.

Make sure to have sufficient disk space, where you are writing these logs
0
 
dpachecoAuthor Commented:
I have enabled logging, so far we have not had the issue so I will continue to monitor.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now