As I said if the spammers get hold of your domain name and you start getting emails on non-existing users, there is no real solution other than a spam filter. And more than that this will just get worse, making store.exe use more and more memory, until the point Exchange will fail routing messages. Then a reboot is required. The other trick would be to create a distribution list that has NO one on it but the list itself has its own email address (and then you add all these fake email addresses they are trying to reach). This works great but it is kind of high maintenance as you need to add the new emails they create based on your domain name as soon as you see they around. It works as I said but... Claudio Rodrigues Microsoft MVP Windows Technologies - Terminal Services http://www.terminal-services.net -----Original Message----- From: Philip Walley [mailto:philip.walley@xxxxxxxxxxxxxx]=20 Sent: March 4, 2004 11:16 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Exchange question I have relay set so no one can relay unless the authenticate. I set all =3D users to be forced to change their passwords. I think the box is ok, I = =3D just wasn't expecting to see domain names show up like that. I figured = =3D it would all be under the SMTP queue. There aren't any msgs in the =3D queue, ok, 1 had 2 emails in it, but now I see that they are deleting = =3D themselves after some time. I guess I just got overly concerned too =3D quick thanks to the recent issues with viruses.=3D20 -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf Of Ron Oglesby Sent: Thursday, March 04, 2004 8:53 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Re: Exchange question First off make sure you change the SMTP Virtual server's relay settings =3D to only allow your IP to relay. =3D20 Also once that is done look at the queues. Are they Chocked FULL or do = =3D you just have a ton of empty ones? If they are a bunch with 0 messages they =3D will go away the ones with TONS of messages are awaiting delivery etc. Those =3D you can right click on the queue slect find messages, then hit the find =3D button. Delete them with no NDR.=3D20 NOW. If you have thousands of messages (I had a customer yesterday =3D killing a quad box with like 45,000 messages waiting to go outbound) you may need =3D to get a little more creative. We change the Virtual server and all connectors to route to a smart =3D host. This smart host was a really a Windows 2000 box with IIS and SMTP on it. =3D Now we let all the messages dump right to it over several hours). Once the queues were emptied we rest the connectors and virtual server. Then we = =3D just stopped the SMTP service on the smart host and killed all the messages. Microsoft would have you send it to a bogus smart host, then try to =3D delete everything in the queue. This would take more than several hours so our little "method" was faster. Ron Oglesby Senior Technical Architect Microsoft MVP - Windows Server =3D20 RapidApp, Chicago Mobile 815 325-7618 Office 312 372-7188 e-mail roglesby@xxxxxxxxxxxx =3D20 -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On = =3D Behalf Of Philip Walley Sent: Thursday, March 04, 2004 8:30 AM To: Thin (E-mail) Subject: [THIN] Exchange question I have an exchange 2003 server that someone has obviously compromised. I noticed in the msg queues that there were entries for domains that I =3D didn't know anything about. My questions are how do I delete the msg queues and what can I do to prevent this from happening again?=3D20 Philip Walley=3D20 Sr. Network Engineer=3D20 Consultrix Technologies=3D20 Memphis, TN.=3D20 (901) 383-1300=3D20 =3D20 ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com=3D20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or=3D20 set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com=3D20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or=3D20 set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com=20 ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ******************************************************** This weeks sponsor triCerat Inc. triCerat makes your job easier by offering essential applications to eliminate your printing, policy and profile, and your application management problems. http://www.triCerat.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm