Solved

SBS 2003 using smart host, thousands of emails in queue

Posted on 2013-06-19
6
417 Views
Last Modified: 2013-06-23
We had a computer on the system infected, sending spam thru the server. We are not an open relay. Cleaned up the computers and switched to a smart host. All was fine until today, there are 90,000 emails in the queue folder on the server. the queue in Exchange only shows the smart host connector. This is Exchange SP2. I suspect another computer infected. There are using two nic's in the server, not ISA just Windows firewall. In addition to finding the infected system and cleaning it what else can I do?
0
Comment
Question by:dpacheco
  • 3
  • 3
6 Comments
 
LVL 43

Expert Comment

by:Amit
ID: 39260448
I might have deleted the queue without ndr and stopped all Exchange services. Then fix the infected computer or remove the infected computer from the LAN.
0
 
LVL 1

Author Comment

by:dpacheco
ID: 39260453
That's what I'm doing now. I guess I mistakenly thought that using a smarthost would prevent a workstation from trying to send out thru the server's smtp service. Apparently the queue folder will still get filled up, so far not on a blacklist.
0
 
LVL 43

Expert Comment

by:Amit
ID: 39260464
I guess that's the only option you have. Let me know, if I can assist you more.
0
Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

 
LVL 1

Author Comment

by:dpacheco
ID: 39260487
If I could figure out which computer is the culprit that would be helpful. Symantec says all computers are up to date and no issues. There are only 6 computers. I will scan them all but would be nice if there were a way to determine which one. They do not have wireless so no other devices connected.
0
 
LVL 43

Accepted Solution

by:
Amit earned 500 total points
ID: 39260501
For that you can use the SMTP logging, by enabling the option like client IP address. Follow this:
http://www.msexchange.org/articles-tutorials/exchange-server-2000/monitoring-operations/Logging_the_SMTP_Service.html

Once you have the logs, parse it and you can find the culprit.

Make sure to have sufficient disk space, where you are writing these logs
0
 
LVL 1

Author Comment

by:dpacheco
ID: 39269746
I have enabled logging, so far we have not had the issue so I will continue to monitor.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
how to add IIS SMTP to handle application/Scanner relays into office 365.

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question