Most likely your server has been the target of a 'Reverse NDR attack.' Here are some symptoms of this type of attack:
- Your Exchange Server queues have many messages waiting to be delivered to external recipients.
- Your ISP notified you that your server is sending UCE (a.k.a. spam).
- Store.exe and Inetinfo.exe use a lot of CPU cycles.
- The Badmail folder -- located in exchsrvrmailrootvsi 1 -- fills up fast and the drive could potentially run out of space.
- If you stop the SMTP service, your server returns to normal performance levels.
Please refer to the Microsoft Knowledge Base article 886208 to get detailed instructions on how to configure Recipient Filtering and clean up your queues.
MEMBER FEEDBACK TO THIS ASK THE EXPERT Q&A:
Not so fast. If you do this, spam will use directory harvesting on your server and may make things worse.
I would turn off non-delivery reports (NDRs) for messages that do not have a valid recipient. and just keep an eye out for misspelled email in the admin mailbox.
Do you have comments on this Ask the Expert Q&A? Let us know.
Related information from SearchExchange.com:
Dig Deeper on Exchange Server setup and troubleshooting
Related Q&A from Bharat Suneja
Get tips on how to download POP3 email to Microsoft Outlook mailboxes in a Microsoft Exchange Server setup. Continue Reading
SearchExchange.com expert Bharat Suneja explains what to do if you want to change the language settings for out-of-office messages on Exchange 2003. Continue Reading
Discover the connection between back-end servers, front-end servers, bridgehead servers and FQDNs and learn how to configure them for POP3 and IMAP ... Continue Reading