Quick Links

Skip to main content Skip to navigation

Main Navigation

Top

Tech Blog

Sign up for the News Update.

Sub Navigation

Top

Headlines

 

Home > breadcrumbs: Products/Services > breadcrumbs: Tech Blog >

Working...

Ajax Loading Image

 

Exchange 2003 Queue Fills Up With Entries

If your Exchange server mail queue fills up with a bunch of entries, you are mostly under some kind of DNR attack or you may have a machine on site generating spam.

The easiest way to determine which problem you have, go into your Exchange System Manager and click on QUEUES. Choose a queue, then click "Find Messages." If the account listed is POSTMASTER or ADMINISTRATOR, it is probably an NDR. If it is a valid user on your network, it is most likely an infected machine or you have a spammer in your house.

If it is NDR, there is little you can do other than clean up the queues and make sure your server is not set up for relaying. I am not covering that here, but rather what to do AFTER you've figured out the issue. If it is a user, most likely that user's computer is infected, so get it off the network and get it cleaned up.

That leaves the server itself. We need to get rid of all that junk clogging up your system and causing general havoc.

Please note that it may take more than one try to get everything cleaned up. It may also take HOURS to clear up, depending on how bad things are. Just be aware of that now so you won't get as frustrated later.

If you do not know how to find your queues, look in Servers, , Queues.

The first thing we are going to do is clean out the Exchange Server's SMTP Queues. Before we start, you need to know that what you are about to do will delete all outbound email that has not yet gone out. Messages between your own users are not affected and incoming mail should not be affected except that incoming mail may be delayed because of the cleanup procedure.

The easiest way to clean up all those message queues you might have is to create a "dummy" queue for all those messages to go into so that Exchange sees them as if they were all in the same place.

I am assuming you are using one SMTP connector on your campus.

BEFORE you begin, RIGHT-CLICK on your SMTP Connector and view the properties. WRITE DOWN or REMEMBER what your settings are. We will be changing these temporarily and you will need to change these back after we're done.

To view you SMTP connector, click on CONNECTORS. Yours is most likely listed as something like "Default..." but may be called something else.

Once you have recorded your settings, change your settings by doing the following:

Click on the General tab. Change the option in the center from DNS to "Forward all mail through this connector to the following smart hosts".

Enter an invalid IP address in square brackets. I usually use: [99.99.99.99].

Click on the "Delivery Options" tab and make sure that "Specify when messages are sent through this connector" is selected.

Change the option to a time that is MORE THAN five hous away. Ex: 11pm. The time doesn't matter as long as it is not close to the current time that you are doing this.

Press OK to save changes and close the SMTP Connector dialogue.

Now, we need to restart the SMTP Virtual Server:

Go to Servers, , Protocols, SMTP.

Right click on the "Default SMTP Virtual Server"

Choose "Stop". This may take a few minutes.

Once it has stopped, right click again and choose "Start".

Exchange then processes all the messages and puts them into one queue. This can take a while! Keep refreshing your Queue (little piece of paper with green arrows in toolbar) every 15-20 seconds until the number of messages seems to stabilize (watch the number of items. When it stops growing, you should be ready to move to the next step).

Now, in the queues section, you will have several that are always there. The one we want will have a small red clock on the yellow icon.

Once you find the right queue, right click on it and select "Find Messages".

In the drop down box select 10000. Even if you don't have that many. It saves time.

Click "Find Now".

Once the search is complete, select all of the messages. I usually click the top message, scroll to the bottom, hold shift and click the last item. This should select all. You may notice the number of messages changes as you keep scrolling. That's okay, just keep scrolling down until you can't anymore. Then, shift-select the last one to select all the messages. Note: You could also click the first message, then se shift-pgdn and keep pressing pgdn until you get to the bottom.

Once you have them selected, right-click in the message list and choose "Delete all Messages (No NDR)." It is important that you choose the "No NDR" option!

Click "Yes" when asked if you want to delete all the messages in the queue.

Once the messages have been deleted, which could take some time, REFRESH the queues to make sure there weren't other messages still waiting to be queued. If more messages show up, then you will need to repeat the steps above for deleting the messages (just from the "Find Messages" step).

Once you're done, you need to change the SMTP Connector back to how it was set up before we started. Mainly, set the delivery back to "Always Run" and use the DNS option so mail does not try to route through 99.99.99.99.

Finally restart SMTP virtual server (like we did before).

Now, your Exchange queues should be back to normal.

Exchange 2003 Queue Fills Up With Entries

Date Subject Posted by:
No feedback has been posted yet. Please post yours!

Back To Top