Results 1 to 3 of 3

Thread: Tenacious Spam In Exchange Server

  1. #1
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002

    Tenacious Spam In Exchange Server

    I received the following question from one of my readers. I am not an Exchange guru per se and thought that maybe some of my AO compatriots might be able to provide the answer.

    Basically he is having a problem with an Exchange Server mail delivery queue. There are messages in the queue, allegedly spam messages, which this person can not get rid of. He has tried to delete them but it seems to have no effect. He says there are about 100 messages currently stuck in the queue in this manner and that he has done scans of the client computers to try to determine the source of the offending messages to no avail.

    Does anyone have any suggestions for how to forcefully delete these messages and / or how to track them to their source to fix the problem for good?


  2. #2
    Senior Member
    Join Date
    Mar 2004
    Usually in this situation, your Exchange server is mis-configured and happends to be
    an open relay.
    Can you check that?

    If thats not the case, you probably have a device on the network sending out spam.

    To remove messages from queue.

    Sometimes messages are caught in a loop and can fill up the queues. I would check that

    Do you have VPN users? They can often be an overlooked source of SPAM.

  3. #3
    Senior Member
    Join Date
    Oct 2001
    Tony- If messages are stuck in queue and cannot be deleted through ESM that usually lets me know that the queue is somehow corrupted. Without having a lot more information on what else has been done there are a lot of different ways to take this type of issue when troubleshooting. I would first ask if the exchange routing service and the SMTP/IIS has been restarted.

    If the messages are actually in the SMTP queue you should be able to go to the mailroot directory and look at the messages themselves as files. You can stop the SMTP/IIS service, delete everything from the mailroot working queue directory, and then restart SMTP. This should clear everything out of the queue. He should however make sure that nothing legitimate is in the queue when he stops SMTP.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts