Mysterious Spam Queue

Mysterious Spam Queue (Full Version)

All Forums >> [Microsoft Exchange 2000] >> Information Stores

Message

Threecaster -> Mysterious Spam Queue (20.Nov.2006 1:17:04 PM)
In Exchange Server 2000, System Mangler/Servers/<my domain>/Protocols/SMTP/Queues, there is a queue that has mysteriously (and ominously) added itself: mail5.myhealthwealthandhappiness.com (Remote Delivery) This is the "Rochelle Gordon" Astrological BS spam giant. I want to know how this got here, and more importantly, how to get rid of it and how to keep it from happening again. The queue had 1 message, which has since relayed itself, and I now have the queue frozen. I cannot figure out how to delete the queue itself. Any suggestions would be greatly apprecicated... Threecaster

jchong -> RE: Mysterious Spam Queue (20.Nov.2006 1:42:06 PM)
Queues are dynamically built. Go to your c:\program files\exchsrvr\vsi\queue directory (path might be different) Locate the queue, open it and determine source sender, recipients and source ip. You can delete it from here as well. If it doesn't let you, try stopping smtp service then delete the message.

Threecaster -> RE: Mysterious Spam Queue (22.Nov.2006 1:41:10 PM)
I suspected there was a dynamic function at work here. But I am having trouble finding individual queues. I found "Exchsrvr\Mailroot\vsi 1\Queue", but that directory only has the mails as they pass through. (Local Delivery?) Am currently running a search on the drive for different keywords...any suggestions on filenames or extensions? (and thanx! btw)

jchong -> RE: Mysterious Spam Queue (22.Nov.2006 2:53:50 PM)
The directory Exchsrvr\Mailroot\vsi 1\Queue", should show all messages local and outbound. Is that queue mail5.myhealthwealthandhappiness.com still showing in esm?

jassyca -> RE: Mysterious Spam Queue (25.Nov.2006 1:38:06 PM)
Just my 2 cents but when I find that sort of stuff in my outbound queues, it usually turns out that it's an NDR and not my server relaying junk. In other words, it's a "legit" message (even though it's going to a spammer). However, since the message is going to a spammer and spammers never accept messages, it appears "stuck".. until Exchange finally gives up on trying to deliver it. Probably one of your ex-users signed themselves up to receive that crap and now that the user is gone, Exchange is dutifully trying to let the sender know the mailbox does exist anymore but of course the spammer doesn't give a rat's a*. I've got mailboxes that haven't existed for 5 years that still get crapmail. [:'(] If you only see one* spammer domain listed in your outbound queue, you must be doing something right or else you're lucky as hell. If the former, would you please tell us your secrets? [;)] Just incase you ask: yes you could turn off sending back NDR's to spammers but that would include not sending them to non-spammers as well because it's one of those all-or-nothing things.

Page: [1]