Solution:
Exchange 2003 - Clear SMTP queues after an NDR attack / Open relay - stop SMTP service - navigate to queue directory (by default, C:\\PROGRAM FILES\\EXCHSRVR\\MAILROOT\\VSI 1\\QUEUES) - back up 1 directory, right click directory QUEUES - Search directory using the MS SEARCH TOOL for files containing text \"Recipient Failed\" - Deleted all files that were found While stopping the SMTP service and deleting ALL messages in the queue directory would certainly clear up this issue, it would also delete any messages that were frozen in the queue (both inbound and outbound) that were considered GOOD messages. This method identifies only messages that are NDR replies, which usually is the result of a reverse-NDR attack. |