|
-
April 5th, 2004, 10:46 AM
#1
Registered User
SMTP Message Queue's
On my Exchange 2003 server there are several SMTP queues that appear to be spam relay attempts but as I have checked the server from several sources to verify we are not an open relay I am wondering how to get rid of these strange queues completely. It appears that the server accepts the message but will not relay it - just dumps it. How can I stop this altogether?
-
April 6th, 2004, 02:04 AM
#2
Registered User
 Originally Posted by D@ve
On my Exchange 2003 server there are several SMTP queues that appear to be spam relay attempts but as I have checked the server from several sources to verify we are not an open relay I am wondering how to get rid of these strange queues completely. It appears that the server accepts the message but will not relay it - just dumps it. How can I stop this altogether?
What is making you think they are spam relay attempts? If the server is set to disallow relaying then I don't think they will even appear in the queue.
Are you sure they are not NDR's generated by your Exchange Server in response to emails received for non-existant address on your domain? I am getting a lot of these at the moment due to the large amounts of virus emails arriving with spoofed address and also addressed to non-existant accounts.
emr
-
April 14th, 2004, 11:57 AM
#3
Registered User
Are there messages in the queues? That may give some information as to where they're coming from.
-
May 19th, 2004, 08:30 AM
#4
I am having these same types of emails show up in my Exchange 2003 server queue's.
The messages are originated from postmaster@ourdomain.com
They are going to places like, whyyoushoulddateme.com and other places that our users wouldn't be sending to.
There are usually only one message per domain, sometimes a few. I have to go in and manually delete them.
I too have setup all the non relay settings and checked for open relays.
Any advice would be greatly appreciated!!!
-
May 19th, 2004, 08:38 AM
#5
Registered User
I think what is happening here from viewing on the 2003 servers I've been installing is an e-mail is coming in to an unknown address for example [email protected], as the e-mail server cannot deliver it attempts to send back to the sender (eg [email protected]).
This e-mail will be coming from [email protected], if you are using DNS to send e-mails from your server and the return domain has been removed/doesn't exist, the mail server will create a queue and attempt to re-send.
So, its not a relay attempt, merely an NDR to a non-existent domain.
"Today is a Gift, thats why they call it the present"
-
May 19th, 2004, 09:34 AM
#6
Originally Posted by corturbra
I think what is happening here from viewing on the 2003 servers I've been installing is an e-mail is coming in to an unknown address for example [email protected], as the e-mail server cannot deliver it attempts to send back to the sender (eg [email protected]).
This e-mail will be coming from [email protected], if you are using DNS to send e-mails from your server and the return domain has been removed/doesn't exist, the mail server will create a queue and attempt to re-send.
So, its not a relay attempt, merely an NDR to a non-existent domain.
This certainly makes sense. Is there anything I can do to get rid of these? I don't like have messy queue's
Thanks for the info!
-
May 19th, 2004, 10:33 AM
#7
Registered User
Originally Posted by jfesler
This certainly makes sense. Is there anything I can do to get rid of these? I don't like have messy queue's
Thanks for the info!
Yeah, you can delete them.... not near a 2003 at the moment but if memory servers (pardon the pun) me correctly, then you right click the queue, select details/properties, search (or find now) and then right click on the found messages and delete. Once the queue is empty it should disappear.
If this is wrong I'll post tomorrow when I can get access to a 2003 server.
JT
-
May 19th, 2004, 10:41 AM
#8
Originally Posted by corturbra
Yeah, you can delete them.... not near a 2003 at the moment but if memory servers (pardon the pun) me correctly, then you right click the queue, select details/properties, search (or find now) and then right click on the found messages and delete. Once the queue is empty it should disappear.
If this is wrong I'll post tomorrow when I can get access to a 2003 server.
JT
You are correct with deleting them, that is how you do it. I was hoping there was a way to make them go away without having to delete them everyday.
-
May 19th, 2004, 03:23 PM
#9
Registered User
If you're logging the IP of SMTP connections you can go into the SMTP server and deny those IP blocks from accessing the server completely. I've got half of europe and china blocked in mine. 
-
May 20th, 2004, 03:49 AM
#10
You *could* tweak the retry timings of your smtp server. I tend to do this so a message retrys often over a short period of time so that office workers get 'message failed' notifications the same day they sent the message.
On the bussiness side this means they know the information has to be sent another way or they have to check they used the right address details. By default I think the message is tried for 7 days or something daft.
The other effect of this is your NDR's are dropped from the queue quicker so they're less likely to bother you.
The down side is that if the destinations mail server or your leased line is out for 7 or 8 hours many emails will be failed... but then I think its better to acknowledge those kind of issues and let the user resend the email.
Just checking my main exhange server and I see that I configured it for 10minute retries for the 1st, 2nd and 3rd attempt then every 15 minutes.
Delay notification after 3 hours and expiration after 6.
-
May 20th, 2004, 06:31 AM
#11
Originally Posted by Eaglec
You *could* tweak the retry timings of your smtp server. I tend to do this so a message retrys often over a short period of time so that office workers get 'message failed' notifications the same day they sent the message.
On the bussiness side this means they know the information has to be sent another way or they have to check they used the right address details. By default I think the message is tried for 7 days or something daft.
The other effect of this is your NDR's are dropped from the queue quicker so they're less likely to bother you.
The down side is that if the destinations mail server or your leased line is out for 7 or 8 hours many emails will be failed... but then I think its better to acknowledge those kind of issues and let the user resend the email.
Just checking my main exhange server and I see that I configured it for 10minute retries for the 1st, 2nd and 3rd attempt then every 15 minutes.
Delay notification after 3 hours and expiration after 6.
Thank you for the suggestion, I may give that a try!
Similar Threads
-
By JClarke65 in forum Windows Server 2003 & Windows Home Server
Replies: 6
Last Post: June 21st, 2004, 02:55 PM
-
By Papa Smurf in forum Windows NT/2000
Replies: 0
Last Post: October 30th, 2001, 08:08 AM
-
By Bjorn in forum Windows NT/2000
Replies: 3
Last Post: February 17th, 2001, 12:58 PM
-
By thirdfey in forum Comments and Suggestions
Replies: 3
Last Post: November 13th, 2000, 09:45 PM
-
By Note in forum Windows 95/98/98SE/ME
Replies: 1
Last Post: June 12th, 1999, 12:12 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
Bookmarks