• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Lots of queues after Exchange server compromised, but all queues show 0 messages

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2003] >> Server Security >> Lots of queues after Exchange server compromised, but all queues show 0 messages Page: [1]
Login
Message << Older Topic   Newer Topic >>
Lots of queues after Exchange server compromised, but a... - 3.Jun.2013 11:41:50 AM   
kahn.yiin

 

Posts: 1
Joined: 3.Jun.2013
Status: offline
Hello all:

Please assist with this dilemma: I have an Exchange 2003 server that was recently compromised and started flooding the Internet with spam.

I have enabled Recipient, Sender, and Sender ID filtering with the appropriate options, locked down the perimeter firewall to restrict SMTP only from our third-party spam-filtering service, run malware scans on the e-mail server (all came back clean), and ran multiple open-relay tests (e.g. www.test-smtp.com - no open relays accepted).

At this point, the Exchange server does not seem to be sending any spam messages. The message tracking logs do not show any spam messages.

However, one problem remains: the Exchange queues list shows over one thousand queues ... but there are no messages in any of the queues. No messages are stuck in any of the queues (the number of messages shows as zero for all of the queues and clicking "Find messages" in any of the queues turns up no results).

These queues have been in Exchange server since I implemented the new methods to block the spam, and have not disappeared even after four days. In fact, they seem to be accumulating.

For example, a few queues are like so:
1) Name:
00012003.yahoo.com
Protocol:
SMTP
Source:
Default SMTP Virtual Server:
State:
Retry
Number of messages:
0
Total message size:
0
Time oldest message submitted:
[blank]
Time next connection retry:
[time already passed]
System:
No

2) Name:
0jnz82afl0-h82y4.l2b
Protocol, Source, State - etc. same as above

When I click on any of these queues to highlight them in the list, the additional queue information display at the bottom shows the following message: "Destination server does not exist."

I would like to know how to remove these queues from the Exchange queues list. Again, thanks in advance for your assistance.
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2003] >> Server Security >> Lots of queues after Exchange server compromised, but all queues show 0 messages Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter