Re: Exchange 2003 SMTP Current Sessions

SF Dave <SFDave@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

Recipient filtering, wow! That sounds reasonable. I have seen that mentioned
before to trim down the queues, but can it really be that easy? Are there any
'gotchas', like, creating a nightmare for IMAP users, for example?
Also, I was asking really about the SMTP sessions themselves, long before
Active Directory gets involved. Why is there not a tool to drop every SMTP
session, whether they are in the midst of sending an email (likely bulk
emails after 5-7 minutes) or not. Does anyone have a script for this by any
chance? Is it me or does that not seem to be one of the easiest things we
could do to at least slow down spammers? Maybe it is against RFC 'rules', but
I wouldn't care.

It wouldn't slow them down at all. Throw one off and another take its
place. There are, literally, hundreds of thousands of compromised
computers (zombies, or 'bots) whose services are sold by 'bot herders
to spamers and fraudsters.

What you really want is for a security appliance to watch the number
of bad RCPT TO addresses and, after some number of them, disconnect
the session and put the IP address in some sort of "jail" where no
connection will be accepted for it for "X" number of days.

As for RBL, I have heard your concern before, but really, our spam has been
cut down 10-20% as a result of its usage, so I am keeping it until I actually
hear from too many customers who cannot email us.

What about the potential customers that can't email you?

Use a RBL if you must, but pick the one you use with care. SpamCop
isn't one you want to use. Neither is SORBS (at least not the whole
set of RBLs they offer). Understand that you /will/ refuse legitimate
connections. RBLs don't block spam, they block connections. They never
look at the message contents.

It has happened several
times in the past, but that was before RBL (weird).

Not so wierd. Your server's busy with other connections.

In summary: I have read & talked to to many who end up MANUALLY terminating
these never ending sessions. Why hasn't Microsoft provided a simple tool for
automating this?

Why pick on MS? Who else does it?

Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at
Don't send mail to this address mailto:h.pott@xxxxxxxxxxxxx
Or to these, either: mailto:h.pott@xxxxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxxxx

Relevant Pages

  • Re: Exchange 2003 SMTP Current Sessions
    ... Also, I was asking really about the SMTP sessions themselves, long before ... These are exactly the connections I am referring to. ... saying to not bother to disconnect these sessions because another would ... Use a RBL if you must, but pick the one you use with care. ...
  • Re: maximum number of sessions
    ... I am interested in the maximum number of sessions not connections. ... I.e I can have 15 mapped drives from one machine to ... We have 6 pcs connecting to a 7 pc we call our server. ...
  • RE: Multiple entries of the same user under "Current Sessions"
    ... FTP clients, or through the command-line? ... you may well see multiple entries in the 'current sessions' list that ... several sessions open simultaneously.) ... I will see 2 connections, ...
  • Re: Logging for RBL activity
    ... counters - you've already looked at the latter. ... you do get any response from your RBL for a listed host. ... As a sidenote, when you use RBLs Exchange doesn't drop ... Connection Filtering only drops connections from IP addresses on the Global ...
  • Re: shared printer WinXP Workgroup
    ... Use the following method to avoid null session connections that have a high session idle time and that have opened a handle to the named pipe \PIPE\spoolss. ... "John John" wrote: ... To kill all the sessions at once you can stop the server service These are pretty crude and inconvenient ways of trying to cope with the problem. ...