Spam and queues
Hi all, This question is more out of curiosity, but I wanted to know if anyone can tell me how queues continue to keep growing when you have UCE spewing from your SBS 2003 server after changing the config to pass open relay tests & disconnecting it from the Internet & the LAN? I have an SBS server that has recently become open relay (courtesy of a third party)& I stopped if from being open relay, disconnected it from the Internet & LAN, scanned for viruses & even after 3-4 hours of deleting spam from the [99.99.99.99] connector the queues continue to grow. How does spam continue getting to the queue once the problem is rectified. Even KB Q324958 states that the queue will keep growing & to check every 15 minutes until the number of messages in the queue stops growing. Anyone? Whist on the topic, This server has been running fine for about two months, using one NIC with the default SMTP virtual server config. Due to the remote location the site uses a Satelitte/ISDN link for internet access. The site changed their ISP & the router that is managed by the satellite company changed the configuration which is when the UCE began. Once notified of the situation I performed an Open Relay test & the server proved to be Open Relay. I checked the two connectors mentioned in KBQ324958 & the configuartion had not changed & yet it was now showing as open relay. Could the router config change make the server open relay, without actually changing the server configuration???
June 19th, 2008 2:16pm

For anyone interested the issue was with the router configuration. So to answer my own question, a misconfigured router can make your server open relay despite the server being configured correctly.
Free Windows Admin Tool Kit Click here and download it now
June 22nd, 2008 4:04am

A misconfigured router? Really??!!! That is scary. Can you share the router type, version, and what the misconfiguration was? I know just about anything is possible with software, but I can't imagine how a router configuration would tell an Exchange server to allow relay.
June 22nd, 2008 10:16pm

That's a good question Jim. Unfortunately the router is managed by the Satellite provider & they deny that the issue was caused by them. This is what happened. 1) The site applied to change satellite providers & the ISPconnected to the router & configured it for the new site. 2) The same day we notice spam filling the queues & I performed an open relay test which comes back as a fail (to my surprise) 3) I confirm that the server is configured correctly (it is the default configuration after all & not tricky) 4) I eliminate authenticated relay as the cause & disconnect all clients from the LAN just incase the spam is originating from one of them. 5) After exhausting all posible causes of the open relay on the network I ask the provider to reverse the changes. 6) Once the routerchanges have beenreversed the server no longer appears as open relay. 7) The server configuration was not changed at any point over the6 sad days that this saga went on. I can only conclude that it was the router configuration. The timing is just too coindidental. Does anyone else have any ideas??
Free Windows Admin Tool Kit Click here and download it now
June 24th, 2008 10:38am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics