Exchange 2010 Transport Queue

We're running Exchange 2010  and I recently starting running a powershell script to check the server health.   Today I received a Fail on the Transport Queue with a count of 127.   I've looked in the Transport Queue and there are lots of items taht look like spam.   What's the best way to handle these ?   Is there an adjustment on the server I need to make ?

I'm not an exchange expert by any means .....    Thanks .....

I've attached the ps1 file for viewing if you need ......

Joel
Test-ExchangeServerHealth.txt
Joel BrownIT DirectorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ZorniacCommented:
What is the SMTP failure code?  Have you exported the messages to see if they are part of backscatter or actual SPAM?  You could be processing NDR's from someone who spoofed your e-mail domain, or possibly being used as a relay to send the SPAM.
Joel BrownIT DirectorAuthor Commented:
The last error message attached to 98% of the message is "451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect."  

I'm familiar with using EMS to view the MessageTrackingLog but not quite sure how to export the message,  could you explain ?    

Sounds like we're probably processing the NDR's,  how can we prevent this ?

Thanks ....

Joel
ZorniacCommented:
So that SMTP 451 4.4.0 is most likely an indication that you have block / blacklisted.  Have you checked to see if you are blacklisted?  Do you use a smarthost or send mail
This link http://www.msdigest.net/2014/04/how-to-export-messages-from-a-mail-queue-on-exchange/ will give you cut / paste commands to export the mail in the queue to a local folder for closer inspection.directly from you server?

Two ways I go about getting the message.  One way is to create a transport hub rule through EMC.  Just like creating a rule in Outlook, you can create a rule to send a copy of the message to you.  So if my normal mail has an SCL of -1, and I want to capture a sampling of SPAM create a rule to send you a copy of SCL 0 or greater.  This can be used in your situation or as an actively monitored SPAM config.

I wish I could tell you a bullet proof way to control these NDR's.  One way is to stop sending out NDR's, however this will apply for legitimate mail / users as well, so not a superb idea.  The other way is to invest in some software or a mail appliance that creates keys embedded in outgoing mail.  Then if a message is bounced, the bounce message must have a matching key value to indicate it originated from your server.  If the key value matches the recorded value, then, and only then, is an NDR generated.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

ZorniacCommented:
Somehow my 2nd question to you got cut up and moved, it was supposed to read...
Do you use a smarthost or send mail or send directly from your sever?

How to Stop Backscatter.
http://www.rackaid.com/blog/how-to-stop-email-backscatter/
Joel BrownIT DirectorAuthor Commented:
@ Middletown_Tech

I've used mxtoolbox to check for blacklisting and all is okay ....     To me this is looking like spam being sent to our server with bogus recipients ....    

I've sent you a private message .... please take a look ...

Joel
ZorniacCommented:
Hi Joel,

So you got this all resolved?  What did you ultimately do or find?

just curious.

Thanks,

--Craig
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.