?
Solved

SBS 2003 using smart host, thousands of emails in queue

Posted on 2013-06-19
6
Medium Priority
?
445 Views
Last Modified: 2013-06-23
We had a computer on the system infected, sending spam thru the server. We are not an open relay. Cleaned up the computers and switched to a smart host. All was fine until today, there are 90,000 emails in the queue folder on the server. the queue in Exchange only shows the smart host connector. This is Exchange SP2. I suspect another computer infected. There are using two nic's in the server, not ISA just Windows firewall. In addition to finding the infected system and cleaning it what else can I do?
0
Comment
Question by:dpacheco
  • 3
  • 3
6 Comments
 
LVL 45

Expert Comment

by:Amit
ID: 39260448
I might have deleted the queue without ndr and stopped all Exchange services. Then fix the infected computer or remove the infected computer from the LAN.
0
 
LVL 1

Author Comment

by:dpacheco
ID: 39260453
That's what I'm doing now. I guess I mistakenly thought that using a smarthost would prevent a workstation from trying to send out thru the server's smtp service. Apparently the queue folder will still get filled up, so far not on a blacklist.
0
 
LVL 45

Expert Comment

by:Amit
ID: 39260464
I guess that's the only option you have. Let me know, if I can assist you more.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 1

Author Comment

by:dpacheco
ID: 39260487
If I could figure out which computer is the culprit that would be helpful. Symantec says all computers are up to date and no issues. There are only 6 computers. I will scan them all but would be nice if there were a way to determine which one. They do not have wireless so no other devices connected.
0
 
LVL 45

Accepted Solution

by:
Amit earned 2000 total points
ID: 39260501
For that you can use the SMTP logging, by enabling the option like client IP address. Follow this:
http://www.msexchange.org/articles-tutorials/exchange-server-2000/monitoring-operations/Logging_the_SMTP_Service.html

Once you have the logs, parse it and you can find the culprit.

Make sure to have sufficient disk space, where you are writing these logs
0
 
LVL 1

Author Comment

by:dpacheco
ID: 39269746
I have enabled logging, so far we have not had the issue so I will continue to monitor.
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Exchange database may sometimes fail to mount owing to various technical reasons. A dismounted EDB file can be the source of many Exchange errors including mailbox inaccessibility for users. Resolving the root cause of mounting problems becomes …
Organisation is organized in a pattern to flow the day to day business, every application and system is interdepended on each other and when very important “Exchange Server downtime” happened.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question