SMTP Server Remote Queue Length Alert

Discussion in 'Windows Small Business Server' started by Tony, Aug 3, 2004.

  1. Tony

    Tony Guest

    To begin with I am administrating a Small Business Server
    2003 which is running Exchange Server 2003.

    NOTE: Since My machine\doman names probably won't mean
    anything to you, I am going to call my sbs server
    <MyExchangeServer>, which is my Small Business Server
    2003 (which is running Server 2003, SQL Server 2000, and
    Exchange Server 2003), and my domain will simply be
    <mydomain>.com.

    It started with me receiving an email titled: "SMTP
    Server Remote Queue Length Alert on <MyExchangeServer>"

    With this as the body:
    <begin>
    A large number of messages are pending in the e-mail
    server send queue.

    Verify that you have Internet connectivity. If you can
    view Web sites normally, contact your Internet service
    provider (ISP) to determine if there is a problem with
    their e-mail server.

    You can disable this alert or change its threshold by
    using the Change Alert Notifications task in the Server
    Management Monitoring and Reporting taskpad.
    <end>

    From here I go to my server and open "Microsoft Exchange-
    "Servers-><MyExchangeServer>->Queues". In here I find
    about 70-80 'SmallBusiness SMTP Connectors' with messages
    pending. Wierd. So I open one up to discover that the
    email it is trying to send is
    from '[email protected]<mydomain>.com'. I definately didn't
    send this. I have closed down open relaying for my
    server as per the Microsoft Knowledge Base Article -
    324958, so this isn't a open relay problem, at least
    according to Microsoft's Knowledge Base.

    To make this even more bothersome, I ran s Server Usage
    Report and it reported that in the last two weeks my
    administrator account had sent out 19,415 emails (116.7
    MBs worth). I definately didn't do this. I am assuming
    that someone is using my Exchange Server to send Spam
    somehow.

    Any help on resolving this would be appreciated. Among
    my IT Admin friends most don't have a clue how to fix
    this, and a few are having this problem themselves.
     
    Tony, Aug 3, 2004
    #1
    1. Advertisements

  2. I am no Exchange expert but it seems to me that your
    server is effectively blocking relaying. The large number
    of emails originating from the administrator account are
    quite likely NDRs being sent out in response to SPAM.

    You can disable the [email protected] NDR sending mechanism but
    then genuine users who send you email won't know if the
    mail bounces back on account of for example, your server
    being down for maintenance.

    You might simply want to configure Connection Filtering to
    block known relaying domains.
     
    Devendra Deshmukh, Aug 4, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.