Re: SMTP Connectors with massive queues .. How do i stop this?

anonymous_at_discussions.microsoft.com
Date: 05/10/04 

Date: Mon, 10 May 2004 08:34:05 -0700

Les - I found it. Thanks.
The structure of 2003 SBS Sys Manager must be different
to that of the 324958 example
>-----Original Message-----
>Hi Scamps,
>
>Your server will accept email for
non_existent_user@yourdomain.com. When
>Exchange cannot deliver the email because the user
doesn't exist, it (
>Postmaster@yourdoman.com ) turns around and sends a NDR
(non delivery
>report) to the sender. Most of the time, the senders
email address and
>domain are fake, and the NDR cannot be delivered. Hence
the queues fill up.
>Trying to block these fake domains will do you no good.
>
>Here are some suggestions:
>
>Do this first:
>
>In article 324958, check out the section
entitled: "Clean Up the Exchange
>Server's SMTP Queues" for the steps you can use to clean
up the queue(s).
>
>324958.KB.EN-US HOW TO: Block Open SMTP Relaying and
Clean Up Exchange
>Server SMTP
>http://support.microsoft.com/default.aspx?scid=KB;EN-
US;324958
>
>then:
>
>(If you don't use Trend, just ignore those parts - the
Exchange parts are
>still relevant.)
>
>Without any third party apps except Trend CSM - here is
what I use.
>
>1. Exchange
>
>a) Internet Message Format
>
>Advanced Tab
>
>Disallow:
>Out of Office responses
>Automatic replies
>Automatic forward
>Delivery Reports
>non-delivery Reports
>Allow:
>Preserve sender's display name on message.
>
>b) Message Delivery > properties
>
>Sender Filtering Tab
>
>Filter messages with blank sender
>Drop connection if address matches filter
>
>Recipient Filtering Tab
>
>Filter recipients who are not in the directory
>
>c) Default SMTP Server
>
>| General | Advanced | Edit (all unassigned)
>
>Apply Sender Filter (although I have no filters
presently)
>Apply Recipient Filter
>Apply Connection Filter (although I have none of these
either, presently)
>
>Messages Tab
>
>Send copy of NDR reports is blank.
>
>2. Trend Scanmail eManager
>
>a) Antispam
>
>Enabled
>Threshold: High
>Action: Quarantine
>Notifications Button: None
>Approved Senders Button: I have had to add a few to the
list, but not many -
>mostly list subscriptions.
>Blocked Senders Button: None - useless against a
reasonably competent
>spammer.
>
>b) Content Filter
>Anti-spam, hoaxes, chainmail, and Melissa Virus enabled.
>The other items will do a *lot* of blocking - too much
when your threshold
>is set to high.
>
>c) Update
>
>The automatic updates don't work. No reason, no error.
But the Update button
>does. I've been meaning to take this up with Trend, but
haven't yet looked
>into it. There are reasonably frequent updates, and they
do make a
>difference. I update whenever I think of it, generally
at least monthly.
>
>d) Log Files
>
>Log files are daily, set to delete after 30 days. The
reporting is useful
>here, especially for initial tuning.
>
>3. Scanmail
>
>a) Options
>
>Attachment Blocking is *not* enabled in Scanmail, but it
is in Exchange. I
>think you want to go with one or the other, not both. I
may turn off
>attachment blocking in Exchange, and instead do it in
Scanmail as there are
>more options in scanmail.
>
>Virus actions are set to delete, delete, delete, delete.
>
>b) Active Message Filter
>
>Filter Inbound Messages *see Outlook section for a note.
>
>c) Notification
>
>virus scan - windows event log only
>outbreak alert - email me, and event log.
>attachment blocking - windows event log.
>
>d) Quarantine Manager
>
>This is where you go to check on the blocked items,
including eManager spam
>blocked mail. You spend some time here initially tuning
things for your
>environment.
>
>Quarantine Maintenance is set to delete at 7 days. Works
well.
>
>
>--
>Les Connor [SBS MVP]
>-------------------------------------
>SBS Rocks !
>
>
>
>"Scamps" <anonymous@discussions.microsoft.com> wrote in
message
>news:ac3001c43691$b83ba150$a501280a@phx.gbl...
>> I am a Small Business User of SBS2003 with no time to
be
>> dealing with exchange mail issues. I have between 5
and 8
>> users, yet there are two SMTP connectors that now have
>> 16,000 and 70,000 queued messages. The messages appear
to
>> be being sent by my own exchange postmaster. Today My
>> server has been slowing down so that SQL server
>> transactions are three or four times slower than normal
>> and it has been thrashing the disk non stop until I
>> stopped the default SMTP server. Now the server disk is
>> quiet and the SQL transactions have returned to normal
>> speed.
>>
>> q1. Why is this happening. these two websites
>> (codehot.co.uk and techsniper.com) are unknown to me or
>> the other 5 people in the office
>> q2. how can I stop any emails from them getting in to
the
>> server
>> q3. how can I stop my postmaster repeatedly trying to
>> answer them back
>> q4. What is the impact of me stopping the virtual SMTP
>> server. does it mean that none of our emails get out of
>> the organisation?
>>
>> In desparation
>> Scamps
>> PS - can we rename SmallBuisnessServer as Ifyouhavelots
>> ofITSkillsThenBuyThisServer
>
>
>.
>