Re: Growing SMTP queue to random domains

From: Peter Murray (anonymous_at_discussions.microsoft.com)
Date: 04/22/04 

Date: Thu, 22 Apr 2004 14:41:45 -0400

Hello,

Use Notepad to open the messages in your out bound queue and find out
what machine is sending these messages. You can tell by the first
"Received" line in the header.

If most messages are coming from an internal machine, unplug it from the
network and run anti-virus software on it.

I'd also recommend using a third party software for anti-spam such as
Spam Marshall. Besides, read the following article on Intrusion Detection.

http://www.spammarshall.com/SpamMarshallWeb/SMTPIntrusionDetection.jsp

Regards.
Peter

Plee wrote:
> We have seen this issue where the SMTP queue on an Exchange 2000 Server
> begins to grow. The domains are valid but the email addresses seem suspect
> (i.e. kxkevgrlew@domain.com ). However, the domains are not known to the
> business and generally appear to be completely random. If we enumerate the
> messages they all are sent from the postmaster with the subject "Delivery
> Status Notification (Failure)."
>
> The only knowledge base article I could find (324958) describes this problem
> only if the mail server is open for relay or is on a black list of some
> sort. The servers that are experiencing this issue are not open for relay
> and are not blacklisted.
>
> Does anyone know what is the cause of this and the fix? Has a machine on
> the LAN been compromised and is being used to send out SPAM? We have seen
> this in several of the enviroments we support and we are eager to get to the
> bottom of this.
>
> Thanks.
>
>

Relevant Pages

  • Re: Ouch! My SBS got hacked! Please help me not be a spammer
    ... With any mail server, the first thing to check is not a Windows virus. ... You should be checking your SMTP _relay_ settings. ... I have eTrust Anti Virus Version: 7.0.139 running with the latest signatures on SBS and all the other client computers. ...
    (microsoft.public.windows.server.sbs)
  • Re: DNS / ISA and Exchange issue
    ... This is neither ISA nor DNS. ... The key to this is the error message: ... The mail server is not configured to accept mail for smtp.ourdomain.com. ... to relay for mir@smtp.ourdomain.com (in reply to RCPT TO ...
    (microsoft.public.isa.configuration)
  • Re: MX & A Records for Dual Domain Smtp Host
    ... Relay is for outgoing mail and doesn't require an MX record. ... outgoing email to another mail server. ... Here is a good article I found that discusses where to look in your config ...
    (microsoft.public.windows.server.dns)
  • Strange SMTP Garbage Flood
    ... Subject: Strange SMTP Garbage Flood ... I'm noticing an increasing amount of weird smtp relay attempts through my ... objective of discovering whether my mail server is an open relay) ...
    (Incidents)
  • Re: How to accept SMTP mail from specific IP adresses
    ... connection button not the relay button. ... This posting is provided "AS IS" with no warranties, ... > knowledge base article: Q319356, George is right but he is missing ... >> Under the properties select Access and there you have the RELAY. ...
    (microsoft.public.exchange.admin)