Re: Getting rid of SMTP Q emails

Hi Jim,

OK I have changed the contentfilterversion back to DWord 2 and added another
DWord for contentfilterstate to 1.

That's too fun about restarting the SMTP service. My heart pauses all the
time until the service I restart comes back to live. I am afraid it will
not start against and I will have to restart the computer and and so I will
send myself an emails to remind me tonight to do that :)

Thank you so much for all your help.

I am going to whip this server in shape and get the SPAMMING under control.
Thank you for all your help.

Helen

"Jim Behning SBS MVP" <jimbehning@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:cqn8r35d08gt9oo84ii2oph5jqt0cqapm7@xxxxxxxxxx
Once you have added the DNS suffix provider just make sure you check
the tab in the Default Virtual SMTP Server. If you do not click stuff
there nothing you do up in Global Settings will take affect.

Do not change any existing key words unless it exactly matches the
word ContentFilterState. Version is a totally different value that you
do not want to mess with. You add a new dword ContentFilterState and
set the value to 1. I think you have to restart the SMTP service for
this setting to stick. Restarting that service does not affect users.
I have restarted that service many times and the end users never know.

As mentioned this new Dword lets the Exchange server get new IMF
definitions when you set the server to use Microsoft Updates. Go to
Windows Updates. When it offers you the chance to upgrade to Microsoft
Updates go ahead and do it.

Starting perfmon.msc affects no one. It is practically the same as
opening task manager on the server. It is just a tool to monitor what
is happening on the server. If you call Microsoft for support they may
run perfmon or other tools just to get a look see. It has no negative
affects.

On Thu, 14 Feb 2008 10:21:14 -0500, "Helen Mooc" <hmooc@xxxxxxxxxx>
wrote:

Hi Jim,

THank you so much for the detailed emails. Last night I went to that
Spamhaus.org site you were mentioning. Is this how I do this for the
connection filter?

I added zen. spamhaus.org to the DNS suffix provider.

I will try the perfmon task and let you know how it goes. But I probably
want to do it during non critical time.

Also also I went into regedit and follow the path to
HKLM\Software\Microsoft\Exchange\

My server show under Exchange...its ContentFilterVersion, DWORD is 2

Should I change it to DWORD 1 and are they the same?

Thanks,
Helen

"Jim Behning SBS MVP" <jimbehning@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in
message news:d7f7r31f08ru1bto6ror2o5tsn3qeguqji@xxxxxxxxxx
Here are some things I do. I may miss a step so you may have to
confirm things. After you added connection filter provider you need to
make sure you have checked that stuff in the default virtual server.

Global Settings/Message Delivery right click Properties.
Sender Filtering: Check Filter messages with a blank sender and Drop
connection if address filter matches filter.
Connection Filtering: Add your favorite RBL services.
Intelligent Messaging Filtering: I set it at 7 and Reject. You want
reject so if there was a valid message the sender receives notice that
your server rejected the message.
Recipient Filtering: Filter recipients who are not in the Directory.

Apply and go to Servers/Servername/Protocols/Default SMTP Virtual
Server right click Properties.
Advanced.
Edit
I check everything but Sender ID Filter.

Make sure you are on Exchange SP2 and you add the registry dword
HKLM\Software\Microsoft\Exchange\ ContentFilterState set to 1. That
key lets Microsoft Updates get IMF definitions.

I open up perfmon.msc from the Run box.
On the icon bar I click on the notebook icon to get the report view.
Click on the + sign next to it to add some counters.
In the Performance Object drop down box look for
MSExchange Transport Filter Sink. Choose all counters and Add.
Back to Performance Object and choose MSExchange Intelligent Message
Filter. Choose all counters and Add. I really do not care for the per
second counters so you can choose select counters from list if you
like.

Now you have a permon that is showing how much stuff is going in to
your Exchange server that the IMF considers spam. It shows you how
many connections are being rejected by the RBL. It shows you how many
connections are being dropped because the recipient is not in your
Active Directory. I do a little math and come up with some interesting
numbers.

Click on File and save as. I save it as imfperfmon.msc. I right click
on the desktop and make a new shortcut. Type imfperfmon.msc in the
next two boxes. Now you have a shortcut on your desktop anytime you
want to see how the RBL and IMF are doing.

Back to your question. If you have the imfperfmon working you can see
a little about what is coming in. Last night I had an account getting
slammed with some mailer daemon nonsense. I need to visit to see what
is really going on.

Mail may still be stuck in the queue as your server is trying to send
out Non Delivery Reports to bogus addresses. If you have done the
clicks I mentioned and others hopefully the junk will be blocked.
Those NDRs will die off after a few days. The default setting in
Exchange is to try to deliver for 2 days and then give up. There is a
trick to flush all the messages out but it may be just as easy to let
them die out on their own. As long as you do the clicks I did you
should eventually be ok.

Another rant is that I do in Exchange System Manager. Properties of
the Default SMTP Virtual Server/ Access/Relay. I have the button only
in the list. Below that list I do not have the checkbox clicked for
All computers that successfully authenticate. There is no computer
that I want to relay against my server. I want everyone to be using
Outlook or Outlook Web Access to deal with email. That is just another
way for people to cause trouble. Of course after a misadventure I get
to suggest now is the time to have passwords 8 characters long and
having more than 2 things from the keyboard. Since there are at least
6 easy things on the keyboard it should be not hard to create and easy
to remember complex password.
http://www.microsoft.com/protect/yourself/password/create.mspx




On Wed, 13 Feb 2008 21:38:03 -0500, "Helen Mooc" <hmooc@xxxxxxxxxx>
wrote:

Hey Merv,

I did try using that link at work today and though I did not waited long
enough to see the effect of what I did. I just check the server at home
and
STILL all those darn emails are stuck in the Q. Am I doing something
wrong
here?

Any suggestions is greatly appreciated.

Thanks,
Helen

"Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx> wrote in message
news:OYiVcGobIHA.4196@xxxxxxxxxxxxxxxxxxxxxxx
How To Flush the SMTP Mail Queue in Exchange Server 2003
http://support.microsoft.com/kb/821901

--
Merv Porter [SBS-MVP]
============================

"Helen Mooc" <hmooc@xxxxxxxxxx> wrote in message
news:uAUIk1nbIHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
Hello all,

I have over 86 emails in the SMTP Q. I have try right clicking on
them
and select Delete with NDR option but the option is grayed out for a
lot
them.

Can you advise what I can do about it please.

Thank you,
Helen







.