Exchange 2003 - Clear SMTP queues after an NDR attack / Open relay
- From: Joseph Keegan <jkeegan@xxxxxxxx>
- Date: Mon, 04 Jun 2007 22:05:12 -0400
Exchange 2003 - Clear SMTP queues after an NDR attack / Open relay
- stop SMTP service
- navigate to queue directory (by default, C:\PROGRAM
FILES\EXCHSRVR\MAILROOT\VSI 1\QUEUES)
- back up 1 directory, right click directory QUEUES
- Search directory using the MS SEARCH TOOL for files containing text
"Recipient Failed"
- Deleted all files that were found
While stopping the SMTP service and deleting ALL messages in the queue
directory would certainly clear up this issue, it would also delete
any messages that were frozen in the queue (both inbound and outbound)
that were considered GOOD messages. This method identifies only
messages that are NDR replies, which usually is the result of a
reverse-NDR attack.
.
- Prev by Date: Exchange ActiveSync error 85010001 - "Your account in microsoft exchange server does not have permission to synchronize with your current settings. Contact your Exchange Server administrator"
- Next by Date: Missing Schedule + free busy "sub folder"
- Previous by thread: Exchange ActiveSync error 85010001 - "Your account in microsoft exchange server does not have permission to synchronize with your current settings. Contact your Exchange Server administrator"
- Next by thread: Missing Schedule + free busy "sub folder"
- Index(es):
Relevant Pages
|
Loading
