Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Mysterious Spam Queue
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
Mysterious Spam Queue - 20.Nov.2006 1:17:04 PM
|
|
|
Threecaster
Posts: 2
Joined: 20.Nov.2006
Status: offline
|
In Exchange Server 2000, System Mangler/Servers/<my domain>/Protocols/SMTP/Queues, there is a queue that has mysteriously
(and ominously) added itself:
mail5.myhealthwealthandhappiness.com (Remote Delivery)
This is the "Rochelle Gordon" Astrological BS spam giant.
I want to know how this got here, and more importantly, how to get rid of
it and how to keep it from happening again.
The queue had 1 message, which has since relayed itself, and I now have the queue frozen. I cannot figure out how to delete the queue itself.
Any suggestions would be greatly apprecicated...
Threecaster
_____________________________
Do...or do NOT! There is no try....
|
|
|
|
|
RE: Mysterious Spam Queue - 20.Nov.2006 1:42:06 PM
|
|
|
jchong
Posts: 2516
Joined: 1.Dec.2005
From: Centreville, Virginia
Status: offline
|
Queues are dynamically built. Go to your c:\program files\exchsrvr\vsi\queue directory (path might be different) Locate the queue, open it and determine source sender, recipients and source ip. You can delete it from here as well. If it doesn't let you, try stopping smtp service then delete the message.
_____________________________
James Chong
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com
|
|
|
|
|
RE: Mysterious Spam Queue - 22.Nov.2006 1:41:10 PM
|
|
|
Threecaster
Posts: 2
Joined: 20.Nov.2006
Status: offline
|
I suspected there was a dynamic function at work here.
But I am having trouble finding individual queues.
I found "Exchsrvr\Mailroot\vsi 1\Queue", but that directory only has the mails
as they pass through. (Local Delivery?)
Am currently running a search on the drive for different keywords...any suggestions on filenames or extensions?
(and thanx! btw)
|
|
|
|
|
RE: Mysterious Spam Queue - 22.Nov.2006 2:53:50 PM
|
|
|
jchong
Posts: 2516
Joined: 1.Dec.2005
From: Centreville, Virginia
Status: offline
|
The directory Exchsrvr\Mailroot\vsi 1\Queue",
should show all messages local and outbound. Is that queue mail5.myhealthwealthandhappiness.com
still showing in esm?
_____________________________
James Chong
MCSE | M+, S+, MCTS, Security+
msexchangetips.blogspot.com
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
If you only see one spammer domain listed in your outbound queue, you must be doing something right or else you're lucky as hell. If the former, would you please tell us your secrets? 
