[THIN] Re: Exchange question

• From: "Claudio Rodrigues" <crodrigues@xxxxxxxxxxxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Thu, 4 Mar 2004 12:06:43 -0500

As I said if the spammers get hold of your domain name and you start
getting emails on non-existing users, there is no real solution other
than a spam filter. And more than that this will just get worse, making
store.exe use more and more memory, until the point Exchange will fail
routing messages. Then a reboot is required.
The other trick would be to create a distribution list that has NO one
on it but the list itself has its own email address (and then you add
all these fake email addresses they are trying to reach). This works
great but it is kind of high maintenance as you need to add the new
emails they create based on your domain name as soon as you see they
around. It works as I said but...

Claudio Rodrigues

Microsoft MVP
Windows Technologies - Terminal Services
http://www.terminal-services.net


-----Original Message-----
From: Philip Walley [mailto:philip.walley@xxxxxxxxxxxxxx]=20
Sent: March 4, 2004 11:16 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Exchange question


I have relay set so no one can relay unless the authenticate. I set all
=3D
users to be forced to change their passwords. I think the box is ok, I =
=3D
just wasn't expecting to see domain names show up like that. I figured =
=3D
it would all be under the SMTP queue. There aren't any msgs in the =3D
queue, ok, 1 had 2 emails in it, but now I see that they are deleting =
=3D
themselves after some time. I guess I just got overly concerned too =3D
quick thanks to the recent issues with viruses.=3D20

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
Behalf Of Ron Oglesby
Sent: Thursday, March 04, 2004 8:53 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Exchange question


First off make sure you change the SMTP Virtual server's relay settings
=3D
to
only allow your IP to relay. =3D20

Also once that is done look at the queues. Are they Chocked FULL or do =
=3D
you
just have a ton of empty ones? If they are a bunch with 0 messages they
=3D
will
go away the ones with TONS of messages are awaiting delivery etc. Those
=3D
you
can right click on the queue slect find messages, then hit the find =3D
button.
Delete them with no NDR.=3D20

NOW. If you have thousands of messages (I had a customer yesterday =3D
killing a
quad box with like 45,000 messages waiting to go outbound) you may need
=3D
to
get a little more creative.

We change the Virtual server and all connectors to route to a smart =3D
host.
This smart host was a really a Windows 2000 box with IIS and SMTP on it.
=3D
Now
we let all the messages dump right to it over several hours). Once the
queues were emptied we rest the connectors and virtual server. Then we =
=3D
just
stopped the SMTP service on the smart host and killed all the messages.

Microsoft would have you send it to a bogus smart host, then try to =3D
delete
everything in the queue. This would take more than several hours so our
little "method" was faster.


Ron Oglesby
Senior Technical Architect
Microsoft MVP - Windows Server
=3D20
RapidApp, Chicago
Mobile 815 325-7618
Office 312 372-7188
e-mail roglesby@xxxxxxxxxxxx
=3D20
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On =
=3D
Behalf
Of Philip Walley
Sent: Thursday, March 04, 2004 8:30 AM
To: Thin (E-mail)
Subject: [THIN] Exchange question

I have an exchange 2003 server that someone has obviously compromised. I
noticed in the msg queues that there were entries for domains that I =3D
didn't
know anything about. My questions are how do I delete the msg queues and
what can I do to prevent this from happening again?=3D20
Philip Walley=3D20
Sr. Network Engineer=3D20
Consultrix Technologies=3D20
Memphis, TN.=3D20
(901) 383-1300=3D20

=3D20

********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential
applications to eliminate your printing, policy and profile,
and your application management problems.
http://www.triCerat.com=3D20
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or=3D20
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential
applications to eliminate your printing, policy and profile,
and your application management problems.
http://www.triCerat.com=3D20
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or=3D20
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm
********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential
applications to eliminate your printing, policy and profile,
and your application management problems.
http://www.triCerat.com=20
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

********************************************************
This weeks sponsor triCerat Inc.
triCerat makes your job easier by offering essential
applications to eliminate your printing, policy and profile,
and your application management problems.
http://www.triCerat.com 
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

Other related posts:

• » [THIN] Exchange question
• » [THIN] Re: Exchange question
• » [THIN] Re: Exchange question
• » [THIN] Re: Exchange question
• » [THIN] Re: Exchange question
• » [THIN] Re: Exchange question
• » [THIN] Re: Exchange question
• » [THIN] Re: Exchange question
• » [THIN] Re: Exchange question
• » [THIN] Re: Exchange question
• » [THIN] Re: Exchange question
• » [THIN] Re: Exchange question
• » [THIN] Exchange question
• » [THIN] Exchange question
• » [THIN] Re: Exchange question
• » [THIN] Re: Exchange question
• » [THIN] Re: Exchange question

1. Home
2. thin
3. Archive
4. 03-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---