transport, Help Please SMTP Queue filling with Remote Senders

microsoft.public.exchange2000.transport - Microsoft Exchange Server


transport >> Help Please SMTP Queue filling with Remote Senders

by Janice » Tue, 09 Sep 2003 12:03:49 GMT

I applied SP4, and the next morning I did an indepth
check of our Exchange Server and found others apparently
using our SMTP to transfer (relay) mail. As this is the
first time this has happened, I am wondering did SP4 open
up the relay? I have checked the configuration of the
SMTP server and it has not changed, yet the Remote Relays
are still occurring. Have any had luck rolling back from
SP4? Is there a patch I am missing?
Top

transport >> Help Please SMTP Queue filling with Remote Senders

by Patrick Genova (MSFT) » Tue, 09 Sep 2003 18:54:58 GMT


Hi Janice,

I doubt that SP-4 for Windows had any bearing on this issue. I would suggest
looking at how the Spammers are Relaying mail through your Server. The first
place to check is to make sure the Guest account is not enabled. The next
place I would suggest looking at is your Relay settings on your Default
Virtual Server. On the Relay tab do you have the "Allow all computers which
successfully authenticate to relay, regardless of the list above" Checked?
If so I suggest unchecking this.What this does is allow any users who you
allow POP and SMTP access from the outside to pass their authentication
through to the Server to relay outbound SMTP mail, with this checked and
users actually using this we have seen where the Spammers are sniffing the
lines and getting valid usernames and passwords and then authenticating into
your Server and Relaying their mail.

Hope this helps,

--
Patrick Genova
XXXX@XXXXX.COM
Please do not send mail directly to this alias.This alias is for newsgroup
purposes only.
This posting is provided "AS IS" with no warranties, and confers no rights.
Top

transport >> Help Please SMTP Queue filling with Remote Senders

by Alfons Bierbaum » Wed, 10 Sep 2003 02:32:45 GMT

I suugest to install NoSPAMProxy



"Janice" < XXXX@XXXXX.COM > schrieb im Newsbeitrag
Top
Similar Threads

1. SMTP Queue filled with wanna be senders - Manage MS Exchange Server

2. SMTP Server Remote Queue Length - Help Requested 

All:

I am getting the above message from the server daily. It states: QA large 
number of messages are pending in the e-mail server send queue. This started 
about three days ago.

The pending messages are from the Postmaster to a website in Korea 
(Daum.net). Since I do not know the reason for these messages, I have Frozen 
the queue and deleted the pending messages, but there are approximately 10 
messages a minute being sent to the pending queue.

I've checked to see if my Windows SBS 2003 server is being used as a relay, 
but it appears to not be the case. I have checked out Article 823489 and 
followed all instructions.

I am stumped. Any ideas of how to delete the queue for this particular 
situation?

TIA,

-Mike Cuciti
CBM Computer Solutions
Integration Engineer
 XXXX@XXXXX.COM

3. SMTP Queue Entry in X.400 - Please Help - Manage MS Exchange Server

4. mail sets on the SMTP queue won't sent -I am in trouble please help 

Hi Everyone , Microsoft expert, Microsoft

We are have problem sending e-mail to some domain from 
time to through our exchange 2000 Server. 
via a telnet session. the user we try sending to did 
received my e-mail through the telnet session and replied 
to me. but the mail to them via exchange Server all it 
does is just set on the queue. I restart the DNS service, 
SMTP service, the mail to that domain agal.gov.au won't 
leave out site. I don't know what causing it. this is 
certain not DNS issue as I can see them 

but I get the follow error message on the Application log 
saying.

Message delivery to the remote domain 'agal.gov.au' failed
for the following reason: Unable to bind to the
destination server in DNS.

I had a look on the knowledge base. this problem normally 
case by reinstalling IIS. I did not reinstall IIS. 

If you have suggestion or any solution for this will be
much appreciated.

Thank in Advance

5. HELP, Queue filled with relay spam - Manage MS Exchange Server

6. SMTP Messages Pending submission Queue fills with messages 

Box: W2K3 SP2 Back-End Exchange 2003 Enterprise Server SP2  has outbound mail 
"Messages Pending submission Queue" fill up with messages at random times. 
Restarting the SMTP service or rebooting the Exchange server itself fixes 
this issue.

Anyone run into this?

7. SMTP Queue keeps filling - Manage MS Exchange Server

8. SPAM dictionary attacks filling up SMTP queues 

At work, I have a Symantec AV gateway scanning all inbound email for 
viruses and disallowed attachment types.  It then passes messages to my 
Exchange 2000 server for delivery.  Actually, I have two Symantec AV 
gateways and two Exchange 2000 recipient servers.  I have one of each in 
Arizona and Indiana.

The problem I'm having is that during SPAM dictionary attacks, my Exchange 
servers in both locations attempt to deliver the messages that are 
addressed to invalid recipients, instead of dropping them immediately.

Because I have two layers of email reception, I have been forced to tell 
external DNS users that the SMTP AV gateways are the authorized MXes for 
my domains (I have three) and I tell internal DNS users that the two 
Exchange servers are the authorized MXes for the domains.

Before I did this, the Exchange server and the AV gateway would play hot 
potato with invalid recipients.  The AV gateway slavishly forwarded all 
mail that passed muster to the Exchange server.  The Exchange server 
decided it didn't know who the recipient was and concluded that the AV 
gateway must know because it was the MX for the domain.  This would repeat 
until one of the parties finally dropped the message.

Thanks to my new internal-vs-external MX scheme, that particular problem 
has been averted.  However, I can't seem to get the Exchange servers to 
decide that they are the final arbiters of whether an email address in one 
of my domains is valid.

For example:  Spammer sends emails to  XXXX@XXXXX.COM ,  XXXX@XXXXX.COM , 
etc.  Exchange server fills outbound queue for "foo.com (Remote delivery)" 
with messages destined for non-existent recipients.

I'm not sure if this is because the two Exchange servers each think the 
other one is the ultimate authority, or if it's something else.

Please understand I didn't setup these servers--I just maintain them 
(poorly, I suspect).  Is there anything I should be looking at that would 
help explain this behavior?  Is there some kind of flag I should set in 
Exchange that tells it to NDR mail destined for recipients not in its 
directory?

Thanks in advance.

--Paul
** Note "removemunged" in email address and remove to reply. **