- stop SMTP service - navigate to queue directory (by default, C:\PROGRAMFILES\EXCHSRVR\MAILROOT\VSI 1\QUEUES) - back up 1 directory, right click directory QUEUES - Search directory using the MS SEARCH TOOL for files containing text - Deleted all files that were found While stopping the SMTP service and deleting ALL messages in the queuedirectory would certainly clear up this issue, it would also delete any messages that were frozen in the queue (both inbound and outbound) that were considered GOOD messages. This method identifies only messages that are NDR replies, which usually is the result of a reverse-NDR attack.
