If you have a situation where spammers have been using backscatter or other methods to send spam from your exchange server you may find thousands of emails in the Exchange queues.
- From the exchange powershell you can view the messages using the command
Get-message
- This will return a list of messages in all queues
- You will able to see common themes of the spam emails. Typically backscatter emails will have a fromaddress <> and you may see many permanent Delivery or Undelivered messages.
- To specifically clear these from the queues without sending NDRs use the exchange powershell commands
Remove-Message -Server EX -Filter {FromAddress -like “<>”} -WithNDR $false
Remove-Message -Server EX -Filter {Subject -like “*Permanent*”} -WithNDR $false
Remove-Message -Server EX -Filter {Subject -like “*Undelivered*”} -WithNDR $false
- Run Get-message again to check what is left in the queues, and run similar command to clear out the invalid emails.
- To clear the entire submission queue at once you can stop the Microsoft Exchange Transport service and rename the folder
C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\data\Queue to Queue old.
- Recreate a blank Queue folder and restart the Microsoft Exchange Transport service and it will recreate a clean database.