Announcement

Collapse
No announcement yet.

How can I remove spam mails in my queue and find the source?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How can I remove spam mails in my queue and find the source?

    i faced alot of mail in Exchange 2003 Queue as spam..
    My exchange 2003 is fully updated and not open relay server


    Delivery has failed to these recipients or distribution lists:

    [email protected]
    There's a problem with the recipient's mailbox. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.








    Diagnostic information for administrators:

    Generating server: ُExserver.mydomain.com

    [email protected]
    #< #5.2.1 smtp;554 5.2.1 : (HVU:B2) http://postmaster.info.aol.com/errors/421hvub2.html > #SMTP#


    Original message headers:

    Received: from accserver ([99.138.189.230]) by ُExserver.mydomain.com with
    Microsoft SMTPSVC(6.0.3790.4675); Fri, 12 Nov 2010 14:23:31 +0200
    From: <[email protected]>
    Subject: test smtp ExServerIP-account-1234
    To: <[email protected]>
    Content-Type: text/html
    Content-Transfer-Encoding: 7bit
    Date: Fri, 12 Nov 2010 04:23:17 -0800
    X-Priority: 3
    X-Library: Indy 9.00.10
    Return-Path: [email protected]
    Message-ID: <[email protected]ُExserver.mydomain.com>
    X-OriginalArrivalTime: 12 Nov 2010 12:23:33.0479 (UTC) FILETIME=[6C41E770:01CB8264]
    MIME-Version: 1.0


    ------------------------

    Delivery has failed to these recipients or distribution lists:

    [email protected]
    A communication failure occurred during the delivery of this message. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message later, or provide the following diagnostic text to your system administrator.








    Diagnostic information for administrators:

    Generating server: ُExserver.mydomain.com

    [email protected]
    #< #5.5.0 smtp;550-5.1.1 The email account that you tried to reach does not exist. Please try> #SMTP#


    Original message headers:

    Received: from User ([99.149.58.166]) by ُExserver.mydomain.com with Microsoft
    SMTPSVC(6.0.3790.4675); Fri, 12 Nov 2010 17:52:20 +0200
    Reply-To: <[email protected]>
    From: Craigslist.org <[email protected]>
    Subject: Please remove limitation from your Craigslist account !
    Date: Fri, 12 Nov 2010 09:52:19 -0600
    MIME-Version: 1.0
    Content-Type: text/html; charset="Windows-1251"
    Content-Transfer-Encoding: 7bit
    X-Priority: 1
    X-MSMail-Priority: High
    X-Mailer: Microsoft Outlook Express 6.00.2600.0000
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
    BCC:
    Return-Path: [email protected]
    Message-ID: <[email protected]ُExserver.mydomain.com>
    X-OriginalArrivalTime: 12 Nov 2010 15:52:20.0814 (UTC) FILETIME=[972186E0:01CB8281]




    Last edited by bustanji83; 13th November 2010, 08:03.

  • #2
    Re: how can i solved spam mails in my qeue and find the source?

    You can use aqadmcli tool to erase messages from queue. Get is here:
    ftp://ftp.microsoft.com/pss/Tools/Ex...i/aqadmcli.exe
    Here is a nice post about usage or it:
    http://www.virtualhelp.me/component/...in-ms-exchange

    Regarding locating the source: you can use the message tracking tool:
    http://support.microsoft.com/default...b;EN-US;246856
    Similarly, you can use SMTP logs to find the source; you'll have to check both, because at first you don't know the source protocol of the spam: is it SMTP or MAPI.
    Enable logging of SMTP in Exchange2003:
    http://support.microsoft.com/kb/303738

    Good luck.
    Regards,
    Leonid

    MCSE 2003, MCITP EA, VCP4.

    Comment


    • #3
      Re: how can i solved spam mails in my qeue and find the source?

      Sure that is Exchange 2003?
      The NDR is an Exchange 2007 or 2010 NDR.

      If i tis Exchange 2003, then it is probably an authenticated relay.
      I have an article on cleaning up the server here:
      http://exchange.sembee.info/2003/smtp/spam-cleanup.asp

      Simon.
      Last edited by Sembee; 15th July 2011, 12:02. Reason: URL Correction
      --
      Simon Butler
      Exchange MVP

      Blog: http://blog.sembee.co.uk/
      More Exchange Content: http://exchange.sembee.info/
      Exchange Resources List: http://exbpa.com/
      In the UK? Hire me: http://www.sembee.co.uk/

      Sembee is a registered trademark, used here with permission.

      Comment


      • #4
        Re: How can I remove spam mails in my queue and find the source?

        It's Exchange 2003 but my mail on Exchange 2007 ...

        Comment


        • #5
          Re: How can I remove spam mails in my queue and find the source?

          Your answer doesn't make any sense.
          You have two servers in your Exchange org? Both Exchange 2003 and 2007?

          Finding the source will be almost impossible. Not worth the headaches. Your server can be abused in one of three ways:
          - Open relay
          - NDR attack
          - Compromised account

          The latter two are the most common. If you have confirmed you aren't an open relay and have recipient filtering enabled on the server then it is probably authenticated relaying. That usually uses the administrator account.

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment

          Working...
          X