Re: HELP! SMTP Outbound queue generating thousands of messages!!!

From: Lonny Cruff ("Lonny)
Date: 09/23/04 

Date: Thu, 23 Sep 2004 12:08:24 -0400

You have to disable NDR's. It's a common spamming practice to send junk
messages to a known good domain and then forge the from field so the server
replies with an NDR to the person or persons who were the real target of the
spammers anyway.

In the global settings for your server there are some check boxes to
eliminate ALL non-delivery receipts.
"Lise" <nospam@hotmail.com> wrote in message
news:eZ7t4RYoEHA.1816@TK2MSFTNGP09.phx.gbl...
> We have a very serious problem: yesterday, I noticed that there were over
> 150,000 messages in the Small Business SMTP Connector Queue. We only have
> 25
> users and we send no more than 100 messages in a full day. Yesterday,
> messages were being generated at the rate of over 1000 per 15 minutes. I
> froze the Queue, Disabled outbound mail, and blocked the sender in
> Exchange
> System Manager sender filtering, which stopped the messages from being
> generated. The suspect messages in the queue were then deleted, the queue
> was unfrozen, and outbound mail was re-enabled. The system is now working
> well again, but since this is the second time we have had to deal with
> this
> issue in less than 3 months, it is important that we find a permanent
> solution. The last time, our ISP provider accused us of sending spam and
> cut
> off our service.
>
>
>
> Here is the relevant information on our setup:
>
> Running SBS2003 with ISA;
>
> Using Exchange to send messages through SMTP;
>
> Our outbound mail is forwarded to our ISP's mail server;
>
> The Sender/Recipient/Connection Filters have been applied to our SMTP
> virtual server;
>
> We filter recipients who are not in the directory;
>
> Only our internal IP addresses and authenticated computers are allowed to
> relay;
>
> We do not perform reverse DNS lookup on incoming messages;
>
> We do not allow NDR's, etc.;
>
> Applied the KB835734 POP3 Connector patch already;
>
> Using Trend C/S/M Suite AV;
>
> Using MS POP3 Connector to retrieve messages from our ISP every 15
> minutes,
> which usually download in less than 2 minutes;
>
> Message Tracking shows that the suspect outbound messages were generated
> every 15 minutes, which coincides with the retrieval of our inbound
> messages.
>
>
>
> The first message was a legitimate message sent to about 60 recipients as
> "bcc", including 2 of our own users. The next 75,000 messages seemed to be
> duplicates of the first message, and the other 75,000 messages were NDR's.
> The strange thing about all the messages is that even though the sender
> was
> from the outside and the message was therefore inbound to our 2 users,
> Message Tracking information shows that it was routed and queued for both
> REMOTE and LOCAL delivery. The other time this happened, SMTP was sending
> the same message to all the "bcc" recipients from the original message.
> The
> messages don't appear to be getting out successfully, but they are still
> paralyzing our message queue.
>
>
>
> The other strange thing about the message is that among the list of
> recipients was mspop3connector.our_username@our_domainname.com. This
> happens
> occasionally and always results in the message being routed for both
> remote
> and local delivery, but is does not usually cause any problems.
>
>
>
> In addition to the fact that the message was originally sent as "bcc" to
> the
> recipients, I also noticed from the header information that the original
> sender used Outlook Express. Could this combination be responsible for
> incorrect header information?
>
>
>
> Here is sample information from the event log:
>
>
>
> Event Type: Error Event Source:
> MSExchangeTransport
>
> Event Category: SMTP Protocol Event ID: 7004
>
> Date: 9/21/2004 Time: 8:03:53 PM
>
> User: N/A Computer: Server
>
> Description: This is an SMTP protocol error log for virtual server ID 1,
> connection #208. The remote host "216.251.32.97", responded to the SMTP
> command "rcpt" with "550 5.1.1
> <mspop3connector.username@domainname.com>...
> User unknown ". The full command sent was "RCPT
> TO:<mspop3connector.usrname@domainname.com> ". This will probably cause
> the connection to fail.
>
>
>
> I have read Todd Holloway's postings of August 2-10, 2004, and hope that
> MS
> or someone else has found a solution to this problem.
>
>
>
> I would greatly appreciate your help.
>
>
>
> Lise
>
>

Relevant Pages

  • Outbound Messages sitting in Queue
    ... I am running an Exchange 03 Enterprise server behind an ISA 2004 server. ... have noticed that all of my outbound mail is sitting in the queue for several ...
    (microsoft.public.exchange.admin)
  • Re: Connectivity between E2K & E2K3 server in same site
    ... The Exchange 2003 server will deliver outbound mail fine but eventually it ... > box just sits in the queue--either the IMS queue or the queue for the ...
    (microsoft.public.exchange.connectivity)
  • Re: Lanwench - Quick Question take 2
    ... > If NDR's are sent to the sender from my server and their ... > NDR's only send once - not queue up, ... The NDRs are really no different than any message in that your server will ...
    (microsoft.public.exchange.admin)
  • Re: Mail in queue
    ... When I send from telnet outbound mail the message stay in the queue on the ... Logging results are saying that the backend server cannot relay these mails ...
    (microsoft.public.exchange.setup)
  • Re: Exchange 2007 queue
    ... I have Exchange 2007 server in a mix enviroment with Exchange 2003. ... queue on Exchange 2007 is showing some strage domains with no sender. ...
    (microsoft.public.exchange.admin)
Quantcast