Relay Locked down, however thousands of Relay requests in Queue

Tags:
Microsoft Exchange
Hi All, We have been running W23 with Exchange Server 2003 all year with relaying locked down. However this morning we came in and I noticed at least a thousand items in our outgoing queue. It seems that someone, or something made it's way past the authentication or relay restrictions. Does anybody have a clue how this could have happened?
1

Answer Wiki

Thanks. We'll let you know when a new response is added.

I would start by checking all the servers that are allowed to relay, for a virus.
if authenticated users are allowed to relay, then it could be a workstation is infected with a virus. or has been turned into a spam zombie.
the workstation could even be a user that connects via a vpn like a home user,, if you allow that.

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Nickd9999
    Did you check some of the messages in the outgoing queue? Are you sure it's spam? It could also be another problem like an out-of-office loop or site-to-site traffic
    0 pointsBadges:
    report
  • Hedgehog
    The two previous posters are right on the money. I have seen that same problem several times in customers and it was almost always an infected machine which was allowed to send mail unchecked and had become a spam zombie. You should be able to trace back the culprit by looking at IP addresses or usernames. Check the queue in case you've been caught in a loop (auto-reply, or replies to some postmaster's error/warning message). Good luck, H
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: