Hello,First of all this is my first time asking for help in TechNet, sorry for the mistakes in choosing the right place for the question etc.We'are running a 2003 SBS with Exchange 2003.For the last two days, inetinfo.exe and store.exe started to use incredible amounts of memory. For instance, yesterdar inetinfo.exe was using 1,2GBs of RAM.These cause the similar amount of Page File usage and the thus the server becomes unresponsive.The server is in very light usage (a SQL server with totally no transactions at all, a CRM only with two log-ins per week)Then the events.. Nearly 20(twenty) 3018 events per MINUTE... the classic 3018 message, saying there's a DNS or IPv4 naming error etc.all with yahoo.br or some edu.tw sites etc. None makes sense to our e-mail traffic.and tons of msxx.hinet.net queues.. What is hinet.net? I browsed it and didn't like the page it brought. =)reminWhen I look at the Queues in our server via System manager I figured out that there are thousands of emails in queue.. with those addresses I mentioned.So.. What is going on exactly, and ideas? :)last night we weren't able to print anything from a printer shared on that server =)Now I'm deleting the queued e-mails.. which are mostly from addresses likedroixmbvstm |@| withm.jp and postmaster of our system. I guess the not delivered emails to those senders.are we under attack or sth? =)thank you, and apologies again for the mistakes.

Hi Oz,Welcome to this forum....!!! This looks like you are under reverse NDR attack :PCheck out below KB article and follow the instructions to configure recipient filtering toFilter recipients who are not in the Active Directory so Exchange stop sending NDRs and clear the queues.Let us know the result and status of problem after that :)Exchange queues fill with many non-delivery reports from the postmaster account in Small Business Server 2003http://support.microsoft.com/kb/886208Amit Tank | MVP - Exchange | MCITP:EMA MCSA:M | http://ExchangeShare.WordPress.com

Hey Amit,Thanks for the warm welcome.I think there is an important issue I forgot to mention.We are not using our Exchange Server as our primary e-mail server for sending mails.We have an outsource server from an e-mail provider (valueweb) and using one of their servers in the U.S (I think)Exchange is used for storing the archive folders and public folders like shared calender and shared contacts. and of course our inboxes are stored in exchange too.May be there are still some points missing, that I should mention but I'm not that good at Exchange.Today some guys came to our office for support as my role in my company is not exactly IT support but also some consulting for business stuff and some support for customers who bought our product. I wasn't able to be at the office as they were there and later on the evening it was told to me that, probably it is a virus but it could not be found, via Symantec (and AVG Free "if they installed it"-havent checked)To delay the problem, they canceled the SMTP connector I guess -who gave me information is not much of an IT guy-Why I said these. As our Exc is not our "mail sender" server, filtering process may not be that useful. And also our AD includes our only internal employers which means there are only 5 accounts in there. =)I may be pushing too hard but :)What are the exact causes for these reverse NDR attacks and is there any other simpler way to get rid of this (since this server is not used for sending mails exactly-if this is not a silly thing to say, dont know:)). I may follow up the steps in the KB article you linked, but I dont want to deal with this right know and actually forever .. because of my limited exchange knowledge.and to be really annoying. :)we're facing some SCSI faults too. Since planning to get a new server, I'm also considering the option to get rid of that SBS and put a porper Enterprise Edition. Moving the whole Exchange (and SQL of course but not the place to talk this I guess).. Is that a painful thing to do?Thank you very very very much..edit:Now I'm making RDP to the Exc.They stopped the Virtual SMTP Server.Whenever I started it, the Queues came again. Any piece of information =)