Most likely your server has been the target of a 'Reverse NDR attack.' Here are some symptoms of this type of attack:
- Your Exchange Server queues have many messages waiting to be delivered to external recipients.
- Your ISP notified you that your server is sending UCE (a.k.a. spam).
- Store.exe and Inetinfo.exe use a lot of CPU cycles.
- The Badmail folder -- located in exchsrvrmailrootvsi 1 -- fills up fast and the drive could potentially run out of space.
- If you stop the SMTP service, your server returns to normal performance levels.
Please refer to the Microsoft Knowledge Base article 886208 to get detailed instructions on how to configure Recipient Filtering and clean up your queues.
MEMBER FEEDBACK TO THIS ASK THE EXPERT Q&A:
Not so fast. If you do this, spam will use directory harvesting on your server and may make things worse.
I would turn off non-delivery reports (NDRs) for messages that do not have a valid recipient. and just keep an eye out for misspelled email in the admin mailbox.
Do you have comments on this Ask the Expert Q&A? Let us know.
Related information from SearchExchange.com:
Dig Deeper on Exchange Server setup and troubleshooting
Related Q&A from Bharat Suneja
An Exchange Server administrator seeks advice on how to prevent users from deleting the unified messaging folder, which stores their voice messages. Continue Reading
Get tips on how to download POP3 email to Microsoft Outlook mailboxes in a Microsoft Exchange Server setup. Continue Reading
Find out how to troubleshoot problems scripting Exchange Server email disclaimers and signatures. Continue Reading