Most likely your server has been the target of a 'Reverse NDR attack.' Here are some symptoms of this type of attack:
- Your Exchange Server queues have many messages waiting to be delivered to external recipients.
- Your ISP notified you that your server is sending UCE (a.k.a. spam).
- Store.exe and Inetinfo.exe use a lot of CPU cycles.
- The Badmail folder -- located in exchsrvrmailrootvsi 1 -- fills up fast and the drive could potentially run out of space.
- If you stop the SMTP service, your server returns to normal performance levels.
Please refer to the Microsoft Knowledge Base article 886208 to get detailed instructions on how to configure Recipient Filtering and clean up your queues.
MEMBER FEEDBACK TO THIS ASK THE EXPERT Q&A:
Not so fast. If you do this, spam will use directory harvesting on your server and may make things worse.
I would turn off non-delivery reports (NDRs) for messages that do not have a valid recipient. and just keep an eye out for misspelled email in the admin mailbox.
Do you have comments on this Ask the Expert Q&A? Let us know.
Related information from SearchExchange.com:
Dig Deeper on Exchange Server setup and troubleshooting
Related Q&A from Bharat Suneja
Find out how to troubleshoot problems scripting Exchange Server email disclaimers and signatures. Continue Reading
Learn how to bulk modify alternate recipients and other Active Directory objects in Exchange Server 2003. Continue Reading
Discover tools and methods to globally disable IMAP and POP in Microsoft Exchange Server 2003. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.