MS Exchange Mail Queues Constantly being Filled

pts.
Tags:
Biometrics
configuration
Digital certificates
Identity & Access Management
Networking
patching
PEN testing
Platform Security
provisioning
Security tokens
Single sign-on
vulnerability management
I have an MS Exchange 2000 Server that was being used as a mail relay. This was stopped and the mail filtered from the spam. The problem is that the mail queues keep getting filled up. I have even disconneted the server and emptied the queues but they still just fill up again. I have no idea where the data is coming from. Anybody got any ideas ? Regards Scott

Answer Wiki

Thanks. We'll let you know when a new response is added.

First of all, if you are using a firewall (which you should be) then a lot of them have a filter for smtp traffic before it goes to the exchange server. However, if not, you must make appropriate changes to the smtp server (on the exchange management console) to only allow authenticated users and the local IP address and external IP address of the server. If this is already setup this way I would check to verify all users are complying with properly complex passwords (a hacker could use a generic name and password if that’s how you are setup).

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • PeterMac
    Not easy to get rid of once they are into your system. You will need to stop all mail services other than directory, and store. Keep emptying queues, wait until queues stop filling up, and only then, restart other services. You are probably still going to receive a lot of NDR's for a while after this, and of course hackers will still be trying to use you. Best to block IP addresses they are coming in from. Are you certain you have blocked relaying completely ?? it is not enough to simply ban all relaying, Microsoft does not handle this properly and it will still give you problems. Best is to allow relaying only from specific IP addresses, and not specify any, this blocks it at source.
    15 pointsBadges:
    report
  • January17
    follow the link below http://support.microsoft.com/default.aspx?scid=kb;en-us;886208
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following