Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 443
  • Last Modified:

SBS 2003 using smart host, thousands of emails in queue

We had a computer on the system infected, sending spam thru the server. We are not an open relay. Cleaned up the computers and switched to a smart host. All was fine until today, there are 90,000 emails in the queue folder on the server. the queue in Exchange only shows the smart host connector. This is Exchange SP2. I suspect another computer infected. There are using two nic's in the server, not ISA just Windows firewall. In addition to finding the infected system and cleaning it what else can I do?
0
dpacheco
Asked:
dpacheco
  • 3
  • 3
1 Solution
 
AmitIT ArchitectCommented:
I might have deleted the queue without ndr and stopped all Exchange services. Then fix the infected computer or remove the infected computer from the LAN.
0
 
dpachecoAuthor Commented:
That's what I'm doing now. I guess I mistakenly thought that using a smarthost would prevent a workstation from trying to send out thru the server's smtp service. Apparently the queue folder will still get filled up, so far not on a blacklist.
0
 
AmitIT ArchitectCommented:
I guess that's the only option you have. Let me know, if I can assist you more.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
dpachecoAuthor Commented:
If I could figure out which computer is the culprit that would be helpful. Symantec says all computers are up to date and no issues. There are only 6 computers. I will scan them all but would be nice if there were a way to determine which one. They do not have wireless so no other devices connected.
0
 
AmitIT ArchitectCommented:
For that you can use the SMTP logging, by enabling the option like client IP address. Follow this:
http://www.msexchange.org/articles-tutorials/exchange-server-2000/monitoring-operations/Logging_the_SMTP_Service.html

Once you have the logs, parse it and you can find the culprit.

Make sure to have sufficient disk space, where you are writing these logs
0
 
dpachecoAuthor Commented:
I have enabled logging, so far we have not had the issue so I will continue to monitor.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now