| Author |
Message |
jc
Guest
|
 Posted:
Tue Jan 18, 2005 7:13 pm Post subject:
HELP!!! SMTP Virtual server queue keeps filling up |
|
|
Hey guys
SBS2003 with all SP's and updates.
My Virtual SMTP server keeps filling up with crap.. I think there is a
virus somewhere there were like 28000 messages in the Q and all seemed to be
heading to like 2 or 3 diffrent address that noone in the Company jknows. Im
running corp SAV with all the updates updated and i dont know what to do. i
know im not an open relay is there any way for now that i can filer these
addresses from geting in my Q and grinding everything to a halt. Any help
would be appreciated.. im in deep trouble now
THx |
|
| Back to top |
|
 |
jc
Guest
|
| Posted:
Tue Jan 18, 2005 11:45 pm Post subject:
RE: HELP!!! SMTP Virtual server queue keeps filling up |
|
|
Guys any help would be appreciated
Im dead in the water here
THanks,
"jc" wrote:
| Quote: | Hey guys
SBS2003 with all SP's and updates.
My Virtual SMTP server keeps filling up with crap.. I think there is a
virus somewhere there were like 28000 messages in the Q and all seemed to be
heading to like 2 or 3 diffrent address that noone in the Company jknows. Im
running corp SAV with all the updates updated and i dont know what to do. i
know im not an open relay is there any way for now that i can filer these
addresses from geting in my Q and grinding everything to a halt. Any help
would be appreciated.. im in deep trouble now
THx
|
|
|
| Back to top |
|
|
Geoff Pearce
Guest
|
| Posted:
Wed Jan 19, 2005 12:12 am Post subject:
Re: HELP!!! SMTP Virtual server queue keeps filling up |
|
|
Do the emails have <> or postmaster@yourdomain.com as the originating email
address?
"jc" <jc@discussions.microsoft.com> wrote in message
news:6C702C50-245F-4875-B982-1A3C40FD492C@microsoft.com...
| Quote: | Guys any help would be appreciated
Im dead in the water here
THanks,
"jc" wrote:
Hey guys
SBS2003 with all SP's and updates.
My Virtual SMTP server keeps filling up with crap.. I think there is a
virus somewhere there were like 28000 messages in the Q and all seemed
to be
heading to like 2 or 3 diffrent address that noone in the Company
jknows. Im
running corp SAV with all the updates updated and i dont know what to
do. i
know im not an open relay is there any way for now that i can filer
these
addresses from geting in my Q and grinding everything to a halt. Any
help
would be appreciated.. im in deep trouble now
THx
|
|
|
| Back to top |
|
|
Jim Behning
Guest
|
| Posted:
Wed Jan 19, 2005 12:31 am Post subject:
Re: HELP!!! SMTP Virtual server queue keeps filling up |
|
|
Go through this article for starters.
http://support.microsoft.com/default.aspx?scid=kb;en-us;324958
I do not allow authenticated users to relay.
Reset all user's passwords including the administrator. I start at 8
character minimum and complexity required. Y0ou can do this as a group
policy. SBS 2003 creates new group policies for things like this. They
may do this in case you screw something up you have any easy way to
undo a group policy change.
Disable guest account. Reset guest account password to something hard
just incase someone accidentally enables it.
Set account lockout at 3 tries and 10 minutes locked out. This is just
an attempt to reduce password cracking.
"jc" <jc@discussions.microsoft.com> wrote:
| Quote: | Guys any help would be appreciated
Im dead in the water here
THanks,
"jc" wrote:
Hey guys
SBS2003 with all SP's and updates.
My Virtual SMTP server keeps filling up with crap.. I think there is a
virus somewhere there were like 28000 messages in the Q and all seemed to be
heading to like 2 or 3 diffrent address that noone in the Company jknows. Im
running corp SAV with all the updates updated and i dont know what to do. i
know im not an open relay is there any way for now that i can filer these
addresses from geting in my Q and grinding everything to a halt. Any help
would be appreciated.. im in deep trouble now
THx
|
Jim B. SBS Community Member
remove the mvp to send email |
|
| Back to top |
|
|
jc
Guest
|
| Posted:
Wed Jan 19, 2005 1:29 am Post subject:
Re: HELP!!! SMTP Virtual server queue keeps filling up |
|
|
They are coming from mostly 3 or 4 email addresses and the they have a lot
ore recipents. there are some from administrator but i think those are NDR's
and i may have accidentily hit delete with NDR when i was deleting from the
queue and yes the address are in < >
"Geoff Pearce" wrote:
| Quote: | Do the emails have <> or postmaster@yourdomain.com as the originating email
address?
"jc" <jc@discussions.microsoft.com> wrote in message
news:6C702C50-245F-4875-B982-1A3C40FD492C@microsoft.com...
Guys any help would be appreciated
Im dead in the water here
THanks,
"jc" wrote:
Hey guys
SBS2003 with all SP's and updates.
My Virtual SMTP server keeps filling up with crap.. I think there is a
virus somewhere there were like 28000 messages in the Q and all seemed
to be
heading to like 2 or 3 diffrent address that noone in the Company
jknows. Im
running corp SAV with all the updates updated and i dont know what to
do. i
know im not an open relay is there any way for now that i can filer
these
addresses from geting in my Q and grinding everything to a halt. Any
help
would be appreciated.. im in deep trouble now
THx
|
|
|
| Back to top |
|
|
Geoff Pearce
Guest
|
| Posted:
Wed Jan 19, 2005 2:07 am Post subject:
Re: HELP!!! SMTP Virtual server queue keeps filling up |
|
|
Likely then one of the problems is
If <> or postmaster is the originating email address of the outbound emails
then they are
Non Delivery Report
Exchange Server accepts aliases to valid domains at your exchange server.
Later if the alias is undeliverable then Exchange Server returns an Non
Deliver Report (NDR) to the orginator. If a nondelivery report can't be
delivered to the sender, a copy of the original message is placed in the
"bad" mail directory. Messages placed in the bad mail directory can't be
delivered or returned. You can use the bad mail directory to track potential
abuse of your messaging system. By default, the bad mail directory is
located at root:\Exchsrvr\Mailroot\vsi#\BadMail, where root is the install
drive for Exchange Server and # is the number of the SMTP virtual server,
such as C:\Exchsrvr\Mailroot\vsi 1\BadMail. You can change the location of
the bad mail directory at any time, but you should never place the directory
on the M: drive, which is reserved for other types of Exchange Server data.
Likely at your location spammers are attempting dictionary attacks on your
domains in an attempt to get their emails delivered. A dictionary attack
are emails addressed to a large list of common aliases. Also to prevent the
spammer from being swamped with NDRs the originating email address is
typically spoofed or randomized. Exchange Server attempts to deliver NDRs
to the originator of the emails with invalid aliases during the dictionary
attack. Due to the fact that many of the originating addresses of the spam
are falsified the NDRs sit in the outbound queue (outbound with originating
address of <> or postmaster@yourdomain.com) attempting to go to an invalid
location. Eventually the NDRs fail the defined number of retrys and are
moved to your Badmail folder.
Exchange 2003
The following article describes how to prevent exchange 2003 server from
accepting undeliverable email and therefore would reduce the amount of items
in your badmail folder.
http://support.microsoft.com/default.aspx?scid=kb;en-us;823866
"jc" <jc@discussions.microsoft.com> wrote in message
news:0EB48F63-84BF-4389-81AB-7FD03CF6CCF7@microsoft.com...
| Quote: | They are coming from mostly 3 or 4 email addresses and the they have a lot
ore recipents. there are some from administrator but i think those are
NDR's
and i may have accidentily hit delete with NDR when i was deleting from
the
queue and yes the address are in
"Geoff Pearce" wrote:
Do the emails have <> or postmaster@yourdomain.com as the originating
email
address?
"jc" <jc@discussions.microsoft.com> wrote in message
news:6C702C50-245F-4875-B982-1A3C40FD492C@microsoft.com...
Guys any help would be appreciated
Im dead in the water here
THanks,
"jc" wrote:
Hey guys
SBS2003 with all SP's and updates.
My Virtual SMTP server keeps filling up with crap.. I think there
is a
virus somewhere there were like 28000 messages in the Q and all
seemed
to be
heading to like 2 or 3 diffrent address that noone in the Company
jknows. Im
running corp SAV with all the updates updated and i dont know what
to
do. i
know im not an open relay is there any way for now that i can filer
these
addresses from geting in my Q and grinding everything to a halt.
Any
help
would be appreciated.. im in deep trouble now
THx
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in