IMS Outbound Messages Awaiting Delivery queue

IMS Outbound Messages Awaiting Delivery queue

Post by LJH » Thu, 21 Nov 2002 23:47:41



Hi...I'm not an Exchange admin by default, but I've inherited a 5.5 box
that's driving me nuts with regards to the above-referenced subject.  The
box is Win2K (fully patched) and Exchange is patched to SP4.  ISA server is
also running on this box -- patched to SP1.

I've gone to great lengths to make sure it's not set up to relay, but it
appears that something is amiss.  I've read the various Q articles on the
subject and made modifications to the config. where necessary, but I'm still
seeing a number of messages in this queue that are obviously UCE.  So all I
can figure is that somehow, someway, this box is still being used to relay
junk.

Can anybody give me some insight into what's going on?  I'll be glad to
provide additional info. if needed.

Thanks,

LJH

 
 
 

IMS Outbound Messages Awaiting Delivery queue

Post by Rummie Herssei » Fri, 22 Nov 2002 02:52:34


Hi LJH,
Actually it sounds to me like you've done a pretty good job of setting up
the box and that you've rather effectively secured and stabilized it.
You're prob NOT being relayed off of - I had a similar suspicion after I
hardened my 5.5 server as hard as granite and I was VERY frustrated to
continually see these emails in the outgoing queue.
After much investigation I determined that in actuality I was not being
relayed off of in the traditional sense but rather that these emails were
the result of spam coming INTO my network (being sent to users inside my
company) and these spam mails were configured to automatically send
something BACK out to the net (to the originating domain or actually to a
totally diff email address) once they were opened by the user. this is more
concisely known as "Auto-reply to the internet" - an option you can disable
through the properties tabs in the IMC - and users can individually disable
this in their MAPI email client (outlook, etc).
I did this, but found that auto-replies were STILL being generated and relay
attempts were still managing to attempt to get fired back out from INSIDE my
own network.
VERY frustrating but as far as I know , not much you can do to stop this
sort of <unknown> from appearing in your outgoing IMC queue.
I hope this has helped -

Rummie


Quote:> Hi...I'm not an Exchange admin by default, but I've inherited a 5.5 box
> that's driving me nuts with regards to the above-referenced subject.  The
> box is Win2K (fully patched) and Exchange is patched to SP4.  ISA server
is
> also running on this box -- patched to SP1.

> I've gone to great lengths to make sure it's not set up to relay, but it
> appears that something is amiss.  I've read the various Q articles on the
> subject and made modifications to the config. where necessary, but I'm
still
> seeing a number of messages in this queue that are obviously UCE.  So all
I
> can figure is that somehow, someway, this box is still being used to relay
> junk.

> Can anybody give me some insight into what's going on?  I'll be glad to
> provide additional info. if needed.

> Thanks,

> LJH


 
 
 

IMS Outbound Messages Awaiting Delivery queue

Post by LJH » Fri, 22 Nov 2002 03:14:21


Rummie:

Thanks for the quick reply and concise insight.  What you shared makes
perfect sense and leads me to believe that this is indeed the case.  I've
got Trend ScanMail running, so I may be able to use the domain info. related
to *showing up in the queue and stop the original message(s) that are
spawning it.

Take care,

LJH


> Hi LJH,
> Actually it sounds to me like you've done a pretty good job of setting up
> the box and that you've rather effectively secured and stabilized it.
> You're prob NOT being relayed off of - I had a similar suspicion after I
> hardened my 5.5 server as hard as granite and I was VERY frustrated to
> continually see these emails in the outgoing queue.
> After much investigation I determined that in actuality I was not being
> relayed off of in the traditional sense but rather that these emails were
> the result of spam coming INTO my network (being sent to users inside my
> company) and these spam mails were configured to automatically send
> something BACK out to the net (to the originating domain or actually to a
> totally diff email address) once they were opened by the user. this is
more
> concisely known as "Auto-reply to the internet" - an option you can
disable
> through the properties tabs in the IMC - and users can individually
disable
> this in their MAPI email client (outlook, etc).
> I did this, but found that auto-replies were STILL being generated and
relay
> attempts were still managing to attempt to get fired back out from INSIDE
my
> own network.
> VERY frustrating but as far as I know , not much you can do to stop this
> sort of <unknown> from appearing in your outgoing IMC queue.
> I hope this has helped -

> Rummie



> > Hi...I'm not an Exchange admin by default, but I've inherited a 5.5 box
> > that's driving me nuts with regards to the above-referenced subject.
The
> > box is Win2K (fully patched) and Exchange is patched to SP4.  ISA server
> is
> > also running on this box -- patched to SP1.

> > I've gone to great lengths to make sure it's not set up to relay, but it
> > appears that something is amiss.  I've read the various Q articles on
the
> > subject and made modifications to the config. where necessary, but I'm
> still
> > seeing a number of messages in this queue that are obviously UCE.  So
all
> I
> > can figure is that somehow, someway, this box is still being used to
relay
> > junk.

> > Can anybody give me some insight into what's going on?  I'll be glad to
> > provide additional info. if needed.

> > Thanks,

> > LJH

 
 
 

IMS Outbound Messages Awaiting Delivery queue

Post by Rummie Herssei » Fri, 22 Nov 2002 04:49:12


My Pleasure, always glad to be of help.
Be in touch,
Rummie


> Rummie:

> Thanks for the quick reply and concise insight.  What you shared makes
> perfect sense and leads me to believe that this is indeed the case.  I've
> got Trend ScanMail running, so I may be able to use the domain info.
related
> to *showing up in the queue and stop the original message(s) that are
> spawning it.

> Take care,

> LJH



> > Hi LJH,
> > Actually it sounds to me like you've done a pretty good job of setting
up
> > the box and that you've rather effectively secured and stabilized it.
> > You're prob NOT being relayed off of - I had a similar suspicion after I
> > hardened my 5.5 server as hard as granite and I was VERY frustrated to
> > continually see these emails in the outgoing queue.
> > After much investigation I determined that in actuality I was not being
> > relayed off of in the traditional sense but rather that these emails
were
> > the result of spam coming INTO my network (being sent to users inside my
> > company) and these spam mails were configured to automatically send
> > something BACK out to the net (to the originating domain or actually to
a
> > totally diff email address) once they were opened by the user. this is
> more
> > concisely known as "Auto-reply to the internet" - an option you can
> disable
> > through the properties tabs in the IMC - and users can individually
> disable
> > this in their MAPI email client (outlook, etc).
> > I did this, but found that auto-replies were STILL being generated and
> relay
> > attempts were still managing to attempt to get fired back out from
INSIDE
> my
> > own network.
> > VERY frustrating but as far as I know , not much you can do to stop this
> > sort of <unknown> from appearing in your outgoing IMC queue.
> > I hope this has helped -

> > Rummie



> > > Hi...I'm not an Exchange admin by default, but I've inherited a 5.5
box
> > > that's driving me nuts with regards to the above-referenced subject.
> The
> > > box is Win2K (fully patched) and Exchange is patched to SP4.  ISA
server
> > is
> > > also running on this box -- patched to SP1.

> > > I've gone to great lengths to make sure it's not set up to relay, but
it
> > > appears that something is amiss.  I've read the various Q articles on
> the
> > > subject and made modifications to the config. where necessary, but I'm
> > still
> > > seeing a number of messages in this queue that are obviously UCE.  So
> all
> > I
> > > can figure is that somehow, someway, this box is still being used to
> relay
> > > junk.

> > > Can anybody give me some insight into what's going on?  I'll be glad
to
> > > provide additional info. if needed.

> > > Thanks,

> > > LJH

 
 
 

IMS Outbound Messages Awaiting Delivery queue

Post by LJH » Sat, 23 Nov 2002 02:07:27


Rummie/Anybody...

After watching things and reviewing Event Log message related to IMC
activity (i enabled logging to get a closer look), it appears that outbound,
spam-related, tcp connections ARE being made.  How do you explain this?  My
guess, either my Exchange Server and/or client PC's are being used in some
fashion.

Any thoughts on the best way to confirm?

Thanks!

LJH


> My Pleasure, always glad to be of help.
> Be in touch,
> Rummie



> > Rummie:

> > Thanks for the quick reply and concise insight.  What you shared makes
> > perfect sense and leads me to believe that this is indeed the case.
I've
> > got Trend ScanMail running, so I may be able to use the domain info.
> related
> > to *showing up in the queue and stop the original message(s) that
are
> > spawning it.

> > Take care,

> > LJH



> > > Hi LJH,
> > > Actually it sounds to me like you've done a pretty good job of setting
> up
> > > the box and that you've rather effectively secured and stabilized it.
> > > You're prob NOT being relayed off of - I had a similar suspicion after
I
> > > hardened my 5.5 server as hard as granite and I was VERY frustrated to
> > > continually see these emails in the outgoing queue.
> > > After much investigation I determined that in actuality I was not
being
> > > relayed off of in the traditional sense but rather that these emails
> were
> > > the result of spam coming INTO my network (being sent to users inside
my
> > > company) and these spam mails were configured to automatically send
> > > something BACK out to the net (to the originating domain or actually
to
> a
> > > totally diff email address) once they were opened by the user. this is
> > more
> > > concisely known as "Auto-reply to the internet" - an option you can
> > disable
> > > through the properties tabs in the IMC - and users can individually
> > disable
> > > this in their MAPI email client (outlook, etc).
> > > I did this, but found that auto-replies were STILL being generated and
> > relay
> > > attempts were still managing to attempt to get fired back out from
> INSIDE
> > my
> > > own network.
> > > VERY frustrating but as far as I know , not much you can do to stop
this
> > > sort of <unknown> from appearing in your outgoing IMC queue.
> > > I hope this has helped -

> > > Rummie



> > > > Hi...I'm not an Exchange admin by default, but I've inherited a 5.5
> box
> > > > that's driving me nuts with regards to the above-referenced subject.
> > The
> > > > box is Win2K (fully patched) and Exchange is patched to SP4.  ISA
> server
> > > is
> > > > also running on this box -- patched to SP1.

> > > > I've gone to great lengths to make sure it's not set up to relay,
but
> it
> > > > appears that something is amiss.  I've read the various Q articles
on
> > the
> > > > subject and made modifications to the config. where necessary, but
I'm
> > > still
> > > > seeing a number of messages in this queue that are obviously UCE.
So
> > all
> > > I
> > > > can figure is that somehow, someway, this box is still being used to
> > relay
> > > > junk.

> > > > Can anybody give me some insight into what's going on?  I'll be glad
> to
> > > > provide additional info. if needed.

> > > > Thanks,

> > > > LJH

 
 
 

1. IMS: Outbound Awaiting Delivery Queue

Hi,

I have an Exchange 5.5 server that is having problems with its IMS Outbound
Awaiting Delivery Queue. There are ten messages stuck in there from the last
three days. Has anyone seen this symptom before?

thanks,

if responding please send to

2. Setting up internal Newsgroups

3. Attachment

4. Microsoft Fax & Exchange

5. queue "outbound message awaiting delivery"

6. A question about install KMS' error message

7. Queue for outbound messages awaiting delivery

8. Email got stuck in IMS Outbound messages awaiting delivery

9. So many outbound messages awaiting to delivery?

10. Outbound messages awaiting delivery

11. Outbound Messages awaiting delivery