Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SBS 2003 using smart host, thousands of emails in queue

Posted on 2013-06-19
6
Medium Priority
?
434 Views
Last Modified: 2013-06-23
We had a computer on the system infected, sending spam thru the server. We are not an open relay. Cleaned up the computers and switched to a smart host. All was fine until today, there are 90,000 emails in the queue folder on the server. the queue in Exchange only shows the smart host connector. This is Exchange SP2. I suspect another computer infected. There are using two nic's in the server, not ISA just Windows firewall. In addition to finding the infected system and cleaning it what else can I do?
0
Comment
Question by:dpacheco
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 44

Expert Comment

by:Amit
ID: 39260448
I might have deleted the queue without ndr and stopped all Exchange services. Then fix the infected computer or remove the infected computer from the LAN.
0
 
LVL 1

Author Comment

by:dpacheco
ID: 39260453
That's what I'm doing now. I guess I mistakenly thought that using a smarthost would prevent a workstation from trying to send out thru the server's smtp service. Apparently the queue folder will still get filled up, so far not on a blacklist.
0
 
LVL 44

Expert Comment

by:Amit
ID: 39260464
I guess that's the only option you have. Let me know, if I can assist you more.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 1

Author Comment

by:dpacheco
ID: 39260487
If I could figure out which computer is the culprit that would be helpful. Symantec says all computers are up to date and no issues. There are only 6 computers. I will scan them all but would be nice if there were a way to determine which one. They do not have wireless so no other devices connected.
0
 
LVL 44

Accepted Solution

by:
Amit earned 2000 total points
ID: 39260501
For that you can use the SMTP logging, by enabling the option like client IP address. Follow this:
http://www.msexchange.org/articles-tutorials/exchange-server-2000/monitoring-operations/Logging_the_SMTP_Service.html

Once you have the logs, parse it and you can find the culprit.

Make sure to have sufficient disk space, where you are writing these logs
0
 
LVL 1

Author Comment

by:dpacheco
ID: 39269746
I have enabled logging, so far we have not had the issue so I will continue to monitor.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question