SMTP Server Remote Queue Length Alert

Discussion in 'Windows Small Business Server' started by Technical, Aug 3, 2004.

  1. Technical

    Technical Guest

    To begin with I am administrating a Small Business Server 2003 which is running Exchange Server 2003.

    NOTE: Since My machine\doman names probably won't mean anything to you, I am going to call my sbs server <MyExchangeServer>, which is my Small Business Server 2003 (which is running Server 2003, SQL Server 2000, and Exchange Server 2003), and my domain will simply be <mydomain>.com.

    It started with me receiving an email titled: "SMTP Server Remote Queue Length Alert on <MyExchangeServer>"

    With this as the body:
    <begin>
    A large number of messages are pending in the e-mail server send queue.

    Verify that you have Internet connectivity. If you can view Web sites normally, contact your Internet service provider (ISP) to determine if there is a problem with their e-mail server.

    You can disable this alert or change its threshold by using the Change Alert Notifications task in the Server Management Monitoring and Reporting taskpad.
    <end>

    From here I go to my server and open "Microsoft Exchange->System Manager" and go to
    "Servers-><MyExchangeServer>->Queues". In here I find about 70-80 'SmallBusiness SMTP Connectors' with messages pending. Wierd. So I open one up to discover that the email it is trying to send is from '[email protected]<mydomain>.com'. I definately didn't send this. I have closed down open relaying for my server as per the Microsoft Knowledge Base Article - 324958, so this isn't a open relay problem, at least according to Microsoft's Knowledge Base.


    Is there any way to configure my Exchange server to block this?

    Any help on resolving this would be appreciated. Among my IT Admin friends most don't have a clue how to fix this, and a few are having this problem themselves.
     
    Technical, Aug 3, 2004
    #1
    1. Advertisements

  2. What you are seeing is a large number of Non-Delivery Report (NDRs)
    messages stacking up in the queue. When you see this, most often what is
    happening is that someone is attempting to spam you by sending a large
    number of e-mails to <randomuser>@mydomain.com. Since this user does not
    exist, Exchange generates an NDR. In most cases, this would be delivered
    back to the original sender, however, in this case the header has been
    forged so that it appears to be sent from a non-existent sender. Exchange
    cannot deliver the NDR, and they stack up in the queue until the individal
    messages expire, normally 48 hours in SBS's case.

    You can use the information in the queue cleanup instructions of KB324958
    to delete the postmaster messages, however to prevent them, you will want
    to turn on recipient filtering. Recipient filtering is a new technology
    for Exchange 2003 where the SMTP server does a lookup against Active
    Directory to see if the email address in the RCPT TO: line exists as an
    address. If it does, SMTP accepts the message and routes it to Exchange.
    If not, the message is blocked by the SMTP server and never gets to
    Exchange, which is responsible for generating the NDR.

    To turn on Recipient Filtering, go to Exchange System Manager, and navigate
    to Global Settings\Message Delivery. In the properties of Message
    Delivery, click on the Recipient Filtering tab, then select the box for
    "Filter recipients who are not in the Directory." Click Apply, OK, and OK.
    Now navigate to Servers\<Servername>\Protocols\SMTP\Default SMTP Virtual
    Server. In the General tab of the properties, click on Advanced, then Edit
    the address the server is listening on. Check the box for "Apply Recipient
    Filter" and okay your way back out. Restart the default SMTP virtual
    server, and you should see a dramatic reduction of the postmaster messages
    in your queue.

    Thank you,
    --------------------------
    Jonathan Lotman
    Microsoft Online Support Engineer

    Microsoft Corporation
    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via
    your newsreader so that others may learn and benefit
    from your issue.
    =====================================================

    --------------------
    | From: =?Utf-8?B?VGVjaG5pY2Fs?= <Technical @discussions.microsoft.com>
    | Subject: SMTP Server Remote Queue Length Alert
    | Date: Tue, 3 Aug 2004 11:47:02 -0700
    | Newsgroups: microsoft.public.windows.server.sbs
    |
    | To begin with I am administrating a Small Business Server 2003 which is
    running Exchange Server 2003.
    |
    | NOTE: Since My machine\doman names probably won't mean anything to you, I
    am going to call my sbs server <MyExchangeServer>, which is my Small
    Business Server 2003 (which is running Server 2003, SQL Server 2000, and
    Exchange Server 2003), and my domain will simply be <mydomain>.com.
    |
    | It started with me receiving an email titled: "SMTP Server Remote Queue
    Length Alert on <MyExchangeServer>"
    |
    | With this as the body:
    | <begin>
    | A large number of messages are pending in the e-mail server send queue.
    |
    | Verify that you have Internet connectivity. If you can view Web sites
    normally, contact your Internet service provider (ISP) to determine if
    there is a problem with their e-mail server.
    |
    | You can disable this alert or change its threshold by using the Change
    Alert Notifications task in the Server Management Monitoring and Reporting
    taskpad.
    | <end>
    |
    | From here I go to my server and open "Microsoft Exchange->System Manager"
    and go to
    | "Servers-><MyExchangeServer>->Queues". In here I find about 70-80
    'SmallBusiness SMTP Connectors' with messages pending. Wierd. So I open
    one up to discover that the email it is trying to send is from
    '[email protected]<mydomain>.com'. I definately didn't send this. I have closed
    down open relaying for my server as per the Microsoft Knowledge Base
    Article - 324958, so this isn't a open relay problem, at least according to
    Microsoft's Knowledge Base.
    |
    |
    | Is there any way to configure my Exchange server to block this?
    |
    | Any help on resolving this would be appreciated. Among my IT Admin
    friends most don't have a clue how to fix this, and a few are having this
    problem themselves.
    |
    |
     
    Jonathan Lotman [MSFT], Aug 5, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.