Error logs flooding hard drive. I think. Windows 2003.
We are running Windows 2003 with Exchange 2003. However, none of the users have mailboxes set up, and out domain provider has not changed the domain settings to point toward our Exchange server. We can send mail from an account, so SMTP is working, but like I said, no one has a mailbox yet.
We are running Windows 2003 with Exchange 2003. However, none of the users have mailboxes set up, and out domain provider has not changed the domain settings to point toward our Exchange server. We can send mail from an account, so SMTP is working, but like I said, no one has a mailbox yet.
In the Event Viewer I am bombarded with the follwing logs. The recipients are slightly different each time.
Event Type: Error
Event Source: M[censored]changeTransport
Event Category: NDR
Event ID: 3030
Date: 1/5/2005
Time: 2:15:53 PM
User: N/A
Computer: MAINSERVER
Description:
A non-delivery report with a status code of 4.0.0 was generated for recipient rfc822;skinny@gigigaga.com (Message-ID <MAINSERVERox7nyeKzG00000215@connectky.org>).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: d1 02 04 c0 Ñ..À
We also get lots of this similar one.
Event Type: Error
Event Source: M[censored]changeTransport
Event Category: NDR
Event ID: 3008
Date: 1/5/2005
Time: 2:12:11 PM
User: N/A
Computer: MAINSERVER
Description:
A non-delivery report with a status code of 5.0.0 was generated for recipient rfc822;luxwell@ethome.net.tw (Message-ID <MAINSERVERWStui3cJv00006609@connectky.org>).
Cause: This indicates a permanent failure. Possible causes : 1)No route is defined for a given address space. For example, an SMTP connector is configured, but this recipient address does not match the address spaces for which it routes mail. 2)Domain Name Server (DNS) returned an authoritative host not found for the domain. 3)The routing group does not have a connector defined û mail from one server in the routing group has no way to get to another routing group.
Solution: Verify that this error is not caused by a DNS lookup problem, and then check the address spaces configured on your STMP connectors. If you are delivering Internet mail through an SMTP connector, consider adding an address space of type SMTP with value ô*ö (an asterisk) to one of the SMTP connectors to make routing possible. Verify all routing groups are connected to each other through a routing group connector or another connector.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Are we being compromised in some way? Or is it nothing to worry about?
Also, in the Program Files\Exhchange\MDBDATA folder, it get's constantly filled up with E0000*.log files that are 5MB each. We get 80 of these in a couple of hours, which is costly, and I have to manually delete them every so often. IS this related. How can I stop it?
Thanks a lot for your help.
In the Event Viewer I am bombarded with the follwing logs. The recipients are slightly different each time.
Event Type: Error
Event Source: M[censored]changeTransport
Event Category: NDR
Event ID: 3030
Date: 1/5/2005
Time: 2:15:53 PM
User: N/A
Computer: MAINSERVER
Description:
A non-delivery report with a status code of 4.0.0 was generated for recipient rfc822;skinny@gigigaga.com (Message-ID <MAINSERVERox7nyeKzG00000215@connectky.org>).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: d1 02 04 c0 Ñ..À
We also get lots of this similar one.
Event Type: Error
Event Source: M[censored]changeTransport
Event Category: NDR
Event ID: 3008
Date: 1/5/2005
Time: 2:12:11 PM
User: N/A
Computer: MAINSERVER
Description:
A non-delivery report with a status code of 5.0.0 was generated for recipient rfc822;luxwell@ethome.net.tw (Message-ID <MAINSERVERWStui3cJv00006609@connectky.org>).
Cause: This indicates a permanent failure. Possible causes : 1)No route is defined for a given address space. For example, an SMTP connector is configured, but this recipient address does not match the address spaces for which it routes mail. 2)Domain Name Server (DNS) returned an authoritative host not found for the domain. 3)The routing group does not have a connector defined û mail from one server in the routing group has no way to get to another routing group.
Solution: Verify that this error is not caused by a DNS lookup problem, and then check the address spaces configured on your STMP connectors. If you are delivering Internet mail through an SMTP connector, consider adding an address space of type SMTP with value ô*ö (an asterisk) to one of the SMTP connectors to make routing possible. Verify all routing groups are connected to each other through a routing group connector or another connector.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Are we being compromised in some way? Or is it nothing to worry about?
Also, in the Program Files\Exhchange\MDBDATA folder, it get's constantly filled up with E0000*.log files that are 5MB each. We get 80 of these in a couple of hours, which is costly, and I have to manually delete them every so often. IS this related. How can I stop it?
Thanks a lot for your help.
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
Please does anyone know what I could do to stop this? I've stopped the Exchange services from running, but how will I solve this problem when we make the switch?
Also, The mailbox store database is be getting larger even though, like I said, no one is using it and there are no mailboxes configured.
Thanks for any help you can give.
Also, The mailbox store database is be getting larger even though, like I said, no one is using it and there are no mailboxes configured.
Thanks for any help you can give.
Ignore the above.
Do NOT set upthe batch script.
Refer to your other post with answers by Clutch, Dosfreak, apk.
Link courtesy of Dosfreak http://weblogs.asp.net/exchange/archive/2004/05/12/130556.aspx
Do NOT set upthe batch script.
Refer to your other post with answers by Clutch, Dosfreak, apk.
Link courtesy of Dosfreak http://weblogs.asp.net/exchange/archive/2004/05/12/130556.aspx
It sounds like your Email server is being Spammed, you need to configure SMTP for your domain and disable Anonymous login for the SMTP Virtual servers.
See http://www.m[censored]change.org/tutorials/SMTP_Virtual_Server_Uncovered.html
See http://www.m[censored]change.org/tutorials/SMTP_Virtual_Server_Uncovered.html
Your Exchange server is most probably being used as relay server.
Check your firewall or router settings and see what open ports you have and to where they redirect.Also check as your server is not exposed as a DMZ.
Check your firewall or router settings and see what open ports you have and to where they redirect.Also check as your server is not exposed as a DMZ.
Badmail will continue to fill up; Microsoft doesn't provide a way to automatically delete it.
Here's a batch file I made for my Exchange server at work:
del "C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\*.*" /Q
Put that in a .bat file and schedule it to run early in the morning every day and you'll be fine.
Here's a batch file I made for my Exchange server at work:
del "C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\*.*" /Q
Put that in a .bat file and schedule it to run early in the morning every day and you'll be fine.