Re: Exchange issues
- From: "John Oliver, Jr. [MVP]" <jcoliverjr@xxxxxxxxxxx>
- Date: Thu, 21 Jul 2005 14:25:12 -0500
Are you up to date on all your Service Packs, both Windows and Exchange?
Also try unchecking the "allow all computers which successfully authenticate
to relay, regardless of the list above" and restarting your VS as one of
your domain accounts may have been compromised.
--
John Oliver, Jr.
MCSE, MCT, CCNA, Exchange MVP
Microsoft Certified Partner
"Ashi" <Ashi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6174AD7B-B66C-43ED-912C-A03E9805A5E3@xxxxxxxxxxxxxxxx
> Hi,
>
> I have a very strange problem.
>
> Environment: SBS 2000, 25 users, Exchange is configured with an SMTP feed.
> ADSL is connected throught a firewall then a router. The Firewall has a
> live
> IP address that the MX record points, port forwarding is configured to
> route
> all traffic on port 25 to the SBS Exhange server. Groupsheild and
> Virusscan
> Enterprise are installed.
>
> All has been fine for months but as from last Friday they reported the
> internet being slow and intermitent times, I managed to narrow it down to
> the
> server that was using all the bandwidth. I suspected SMTP relaying becuase
> when I shutdown the information store the bandwidth resumes although I am
> confused because SMTP was locked down and configured to only reley mail
> from
> authenicated users?? Things I have tried;
>
> Confirmed that the default SMTP vurtual server is locked down (no SMTP
> connector installed)
> Disabled groupsheild - no effect
> Scaned for virus - no effect
> Scaned with stinger - no effect
>
> All was fine last night and this morning until Exchange stopped working
> alltogether. Users can login and see there in box but can't send or
> receive
> mail. All the Exchange services are running and all looks fine. The MX
> record
> is pointing to the correct IP and I can externally connect to port 25.
> When I
> try and send mail locally sometimes it works (although I have to log in
> and
> out of outlook) and other times not. I am completly stummped!! Not sure
> where
> else to look and really don't want to have to reload the server!! Any
> suggestions would be greatly appreciated.
>
> Thanks
>
>
>
>
> Send to a Friend Printer Friendly
>
> Comment from gpriceee
> Date: 07/20/2005 09:45AM PDT
> Comment
>
>
> Hi.
> You should verify that the server really isn't an open relay:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;324958
>
> Also, about half way down, pay particular attention to "Clean up the
> Exchange Server's SMTP queues."
>
> You might have some issues remaining.
>
> Comment from eholland99
> Date: 07/20/2005 09:48AM PDT
> Comment
>
>
> It definitely sounds like relay is either turned on or was turned on.
> Your
> SMTP queues are probably clogged with SPAM. I once saw a single Exchange
> server with relay turned on that after 12 hours had half a billion email
> messages in it's queue.
>
> You will need to clear out the queues...there are a couple of tools that
> can
> do this for you. Make sure, however, that you've disabled relay before
> you
> start doing that or you'll be chasing your tail.
>
> It is also possible that you are getting attacked by a relay on the
> internet. I would try to determine if the traffic is coming from inside
> your
> organization or outside.
>
> Here is a good article from Microsoft on how to lock yourself down and
> clean
> up your SMTP queues.
>
> http://support.microsoft.com/?id=324958
>
>
> Comment from eholland99
> Date: 07/20/2005 09:48AM PDT
> Comment
>
>
> gpriceee...get off my back! LOL...we seem to be on the same wavelength.
>
> Comment from gpriceee
> Date: 07/20/2005 09:51AM PDT
> Comment
>
>
> :-)
> Ha! LMAO
>
> Comment from Dejan_Foro
> Date: 07/20/2005 12:11PM PDT
> Comment
>
>
> My sound stupid, but do you have a file system antivirus installed ? Such
> things happen when you have antivirus for Exchange but no file system
> antivirus and your server gets infected. A Virus on the file system could
> send through your server (becasuse it is on the local network) and
> consumpt
> your bandwith.
>
> Regards,
>
> Dejan Foro
> Exchange MVP
> dejan.foro@xxxxxxxxxxxxxxxxxx
> www.exchangemaster.net
>
>
> Comment from capitalpro
> Date: 07/20/2005 01:10PM PDT
> Your Comment
>
>
> Thanks all, I will try emptying the queues.
>
> Dejan, there is Mcafee Enterprise V. 7.0.0 installed for filesystem
> protection.
>
> Comment from capitalpro
> Date: 07/20/2005 02:55PM PDT
> Your Comment
>
>
> I have deleted the queues and have ensured the SMTP vitual server is
> configured not to relay messages. Now I can send and receive internal mail
> and I can send out but no mail is getting in. I can't even telnet to port
> 25
> from the server it's self. I get a 'connection to host lost' error
> although I
> can telnet to port 110.
>
> How do I fix the 'unable to telnet to port 25' issue? I presume this is
> the
> cause of it not receiving mail from the SMTP feed? I have checked the MX
> record is pointing to the correct address.
>
> Another thing is that earlier I disabled the SMTP service as a test to see
> if it would increase the bandwidth but still the server is hogging all the
> bandwidth??? Something on the server is sending out sh*t loads of cr*p!!
> If
> I disconnect the server from the network the bandwidth is ok.
>
>
>
>
>
>
>
> Comment from eholland99
> Date: 07/20/2005 03:00PM PDT
> Comment
>
>
> Well if you disabled the SMTP service you're not going to be able to
> telnet
> to port 25. You're also not going to be able to receive external email.
>
> If something is still hogging all the bandwidth after you shut down SMTP,
> then it's not a relay problem. I would start shutting down services one
> at a
> time until you find the culprit.
>
> Comment from Dejan_Foro
> Date: 07/20/2005 03:15PM PDT
> Comment
>
>
> The fact that your server is sending out data consuming bandwith is quite
> a
> good reason to believe that your computer might be infected with a virus.
> This can happen althogh you have an antivirus installed.
>
> Did you try to do a check with another antivirus for example Norton
> Antivirus?
>
> I would also suggest you run some antispyware tools to make sure that
> your
> server is not hacked and used for attacks on other computers on the
> Internet
> because this would quickly get you filtered and/or blacklisted.
>
> Regards,
>
> Dejan Foro
> Exchange MVP
> dejan.foro@xxxxxxxxxxxxxxxxxx
> www.exchangemaster.net
>
> Comment from gpriceee
> Date: 07/20/2005 06:38PM PDT
> Comment
>
>
> hi.
> Did you have a chance to verify all of the settings in
> http://support.microsoft.com/default.aspx?scid=kb;en-us;324958
>
> Comment from capitalpro
> Date: 07/21/2005 12:26AM PDT
> Your Comment
>
>
> gpriceee: I did verify the setting in the link you provived....thanks.
> Although part of the tests were to telnet to port 25 which I was unable to
> do, so I carried on to the next part which was to lock down relaying and
> clean the queues. As a result of this I can now send and receive locally
> and
> send externally but not receive external mail (I think it has something to
> do
> with that fact that I can't telnet to port 25, not evan from the server
> it's
> self!). MX record is ok.
>
> eholland99: I was not trying to telnet to port 25 whan SMTP was disabled,
> disabling SMTP was a seaparate test to find out what is consuming all the
> banwidth.
>
> Dejan Foro: I have run Adaware Pro which couldn't find any problems, I
> will
> try another antivirus.
>
> My main concern is to get the exchange server to receive mail, once
> exchange
> is back I will try and sort out the bandwidth problem.
>
> Thanks for your suggestions people..........I will battle on!
>
> Comment from capitalpro
> Date: 07/21/2005 01:07AM PDT
> Your Comment
>
>
> I can now telnet to port 25. I had to add the subnet in to the SMTP
> virtual
> connection but I still can't get the server to receive external mail.
>
> Comment from capitalpro
> Date: 07/21/2005 02:45AM PDT
> Your Comment
>
>
> Now I think it is an SMTP relaying problem although I have checked that
> SMTP
> is locked down. I have disabled SMTP when the intrenet is slow and it
> instantly speeds up. I am in the process of seeting up a POP box to
> download
> all the mail using a POP connector, this way I can close port 25 (as a
> temp
> fix)
>
>
>
.
- References:
- Exchange issues
- From: Ashi
- Exchange issues
- Prev by Date: Trace internal emails
- Next by Date: Re: recreate DC
- Previous by thread: Exchange issues
- Next by thread: Trace internal emails
- Index(es):
Relevant Pages
|
