Exchange Server 5.5

[]SK[]

Ok one of our cutomers exch 5.5 server has been the centre of a spam attack. Ive manage to close it down now but the queue is 25,000 outgoing emails and climbing after I delete them(Exchange ignores them until that queue goes down). Is there a better way of deleteing these emails rather than going into exchange admin and going into the IMC and looking at queues?
Need a way of deleting the files as this process is VERY slow. When I say slow I mean been deleting thousands of emails since Monday!!!
I know I can go into the imcdata\out dir and see the emails there. I will try backing them up and then deleting them tomorrow. Any tips are much appreciated.

 

[Summo]

Exchange 5.5 MCP, don't fail me now!

Yes! You can use the Exchange Merge Utility (exmerge.exe) to wade through the Private Information Store (priv.mdb) and export all the messages which match certain rules to a .pst file, which can then be safely deleted.

Exmerge is on the BackOffice Resource Kit and is prolly available for download, though PM if you can't get hold of it and I'll mail it to you. It's only ickle. More info on it here and this page might have some useful info, too.

I used this method to remove a truckload of Homepage virus infected messages (they'd alredy been cleaned by the AV software but I wanted to 'tidy up') If it's one type of spam message then you're laughing. Say, for example there is 25,000 messages all with "You cunt0r! I'm a spam message!" then just enter that as a key string in Exmerge and it will remove all messages with that exact text in them. Exmerge rocks!

Once the process has completed you can startup the Message Transfer Agent and everything should function as normal, sans spam messages. If you have time you might want to defrag the information store to make sure you recover the free space using:

ESEUTIL /D /ispriv

but this is really optional and I suspect you'll want the system up and running at full capacity as quickly as possible.

Let me know if you run into any probs.

 

[]SK[]

Erm the emails in the in/outgoing queue dont get stored in there. Out mails go to imcdata/out and youll see them all there tnx for thw try anyway SG.

 

[Summo]

They're still in the information store. I know what you mean - they appear in the MTA queue. Trust me, fella. Exmerge is your man.

 

[]SK[]

Oks...

Any idea where emails that havent even entered the outbound conversion or outbound awaiting delviery are?