50,000 Messages in 'messages pending submission' folder

50,000 Messages in 'messages pending submission' folder

Post by mark.a.rob » Mon, 21 Jan 2008 23:00:45


Having a critical issue that I've just picked up on, 50,000 messages
in the exchange queue directory 'messages pending delivery'.

I've dismounted the store currently and this stops it filling up
further however I've got no idea on how to chase down this issue.

It seems deleting the messages is a futile process as this does not
clear them out, and if it does as soon as I remount the store the
messages get added, any idea what could be causing this?

Thanks

Config -

MS Windows 2003
Exchange 2003
'Ninja' Anti-Spam
 
 
 

50,000 Messages in 'messages pending submission' folder

Post by Stev » Tue, 22 Jan 2008 01:46:54

I just went through the same thing for a business customer. A computer on
the network was infected that flooded the server. You might need to use
something like Microsoft Network Monitor 3.1 to track which computer or
computers it is coming from and remove it from the network See the link
below to information that may help about clearing the ques using the
aqadmcli.exe tool and identify the user account/accounts sending the email.
The server I was working on had 23,000 messages in a que for PayPal and
several other ques with hundreds. Hopefully the server itself is not
infected

http://www.yqcomputer.com/

http://www.yqcomputer.com/

Steve

 
 
 

50,000 Messages in 'messages pending submission' folder

Post by John Fullb » Tue, 22 Jan 2008 04:23:31

What do the messages look like? Could be NDRs from messages with a forged
sender.
 
 
 

50,000 Messages in 'messages pending submission' folder

Post by John Olive » Tue, 22 Jan 2008 07:03:01

Also check to insure you are not an open to relay. Have you enable
Recipient Filtering? Do you have any Antispam protection in place?

--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner
 
 
 

50,000 Messages in 'messages pending submission' folder

Post by mark.a.rob » Tue, 22 Jan 2008 09:17:32

attached is the copy of one of the many culprit emails.



"Received: from mail pickup service by mail.companyname.com.au with
Microsoft SMTPSVC;
Mon, 21 Jan 2008 01:52:16 +1100
From: Ninja-Attachment-Filter
To: postmaster
Subject: File "ATT14683.eml" was quarantined
X-Mailer: devMail.Net (1.0.0.0-0)
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Message-ID: < XXXX@XXXXX.COM >
X-OriginalArrivalTime: 20 Jan 2008 14:52:16.0388 (UTC)
FILETIME=[0C7C8440:01C85B74]
Date: 21 Jan 2008 01:52:16 +1100

1/21/2008 1:52:16 AM

A file with the name "ATT14683.eml" was sent from
Billbo.Bobbyu@companyname=
com.au to XXXX@XXXXX.COM . This type of file is not
permitted=
because: <sender> Maximum number of embedded emails

The file was quarantined.


I have checked the relay setting and it all seems fine from what ive
seen. I have tested this

I am using Ninja antispam which normally seems to work and do its job,

recipient filtering is enabled and blocking all the culprit to /from
addresses. however this does not appear to be working.

I have also enabled the feature 'filter recipients who are not in the
directory'

Any futher thoughts are much appreciated. i am also contacble on
mark18@ h o t m a i l.com if you have any time for a chat on
messenger.

Thankyou very much
 
 
 

50,000 Messages in 'messages pending submission' folder

Post by John Fullb » Wed, 23 Jan 2008 06:51:38

Use your spam filter to drop them. They are NDRs , where the from address
was a spoofed address in your domain.