RE: SMTP queue problem (SPAM!!!) 2nd message

  • From: Chris Wall <Chris.Wall@xxxxxxxxxxxxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Mon, 20 Sep 2004 10:49:12 -0400

Can you view the messages in the queue?  If so, look to see if most of the
messages are NDR's (non-delivery receipts) being sent by your domain.  I had
a similare issue, but found that the queue was building up because Exchange
was trying to send NDR's to the sender (almost always a spoofed address)
indicating that the address does not exist in our organization.

Two things to do...

1. Disable all autoreplies (if possible using your SPAM/Viral software)
indicating that their mail has been marked as spam, has a virus or has been
sent to a non-existant e-mail address in your organization.

2. Reduce the amount of time that a message is retried in your SMTP engine.
You may be trying to send mail that failed on the first attempt for a period
of 24 hours or more.  I kicked this down to about 8 hours for our
organization and this times things out in the queue much quicker and assists
in keeping the queues down.


-----Original Message-----
From: Antsnio Vasconcelos [mailto:antonio.vasconcelos@xxxxxxxxxxx] 
Sent: Monday, September 20, 2004 11:41 AM
To: [ExchangeList]
Subject: [exchangelist] SMTP queue problem (SPAM!!!) 2nd message

I wrote a while ago about an Exchange 2000 server problem with spam.
I explained that it is open relay disabled, that the server has Mcafee
SpamKiller installed and Mcafee VirusScan Enterprise v7.0 .
Some of you told me (and I want to thank you all again for your answers)
that it could be internal virus problem, AD password problems, etc.
All of the internal computer have AV software installed (up to date), same
with the servers. The AD password policy was changed some weeks ago (they
are now strong passwords). And I have done all the tests (that i know) about
open relay in exchange server.
The problem is that the SMTP queue list doesn't stop to grow, and this
weekend our domain as been listed in a ORL. The causes for the blacklist
were to e-mails that my server sent to unautherized domains (not from, and
to, our domain). Now I ask, how can it be possible? Is there anything that
is missing me?? Please help me... I'm losing my hope that one day I will
solve this problem. The network is secured by a Nokia firewall, E-Trust
software and an ISA Server. Could it be something in the ISA Server?
Thank you all.
Best regards,
António Vasconcelos.

List Archives:
Exchange Newsletters:
Exchange FAQ:
Other Internet Software Marketing Sites:
World of Windows Networking: Leading
Network Software Directory:
No.1 ISA Server Resource Site: Windows Security
Resource Site: Network Security Library: Windows 2000/NT Fax Solutions:
You are currently subscribed to this Discussion List as:
Chris.Wall@xxxxxxxxxxxxxxxxxxx To unsubscribe visit
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts: