Announcement

Collapse
No announcement yet.

20000 msgs in retry queue!!

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • 20000 msgs in retry queue!!

    Uhoh, I know I've done something wrong now......

    There are now over 20,000 messages in the SMTP virtual outbox jobbie in the System Manager, marked as queued or retry! Considering we've only got 57 mailbox's thats wrong.

    When I go into search the messages, 90% of them, maybe more, are sent from some random letters @ a random domain, eg %(&")@yahoo.com.tw
    This is obviously causing us some problems. Its only started in the past couple hours or so, since I ran the ExBPA tool

    Anyone got any ideas whats going on please? as we're now getting delayed email messages.
    James
    MCP

  • #2
    Re: 20000 msgs in retry queue!!

    Looks like you got an open relay so check this out:

    http://www.microsoft.com/technet/pro....mspx?mfr=true
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: 20000 msgs in retry queue!!

      cheers m8, have now done that.

      right panic over i think........i think it was an NDR attack. Sorted it now tho, so it seems, so i'll keep an eye on it......
      James
      MCP

      Comment


      • #4
        Re: 20000 msgs in retry queue!!

        anytime i see the yahoo.tw i get chills and start to have an anxiety attack... blacklised within 24 hours. took a few weeks to str8n that out.

        def open relay. by default, exchange isnt configured as an open relay... what do people do to make it open? or why? i undersand it was different prior to 5.5, but how come 2003 gets this problem?
        its easier to beg forgiveness than ask permission.
        Give karma where karma is due...

        Comment


        • #5
          Re: 20000 msgs in retry queue!!

          I've been in that situation before, but I think it doesn't necesarily mean you're an open relay.
          AFAIK, it indicates that someone is trying to relay trough you server, but if you are not O.R. the delivery will be denied AFTER the attempt; the message will not get send but it will generate an NDR and the queue trail.
          ...Well, at least I have seen that happen in a server that passed every O.R. test I could throw at it...

          Also, it COULD be a compromised account, specially if you have external access enabled.

          Comment

          Working...
          X