Re: SBS Exchange 2003: too many "Current Sessions" opened

Sann:

Try these things, in this order:

1) Enable recipient filtering and only accept messages from users in AD. The most common reason for ridiculously long connection times is a spambot trying to do a directory harvest. Since exchange defaults to accepting *everything* at connect time and rejecting later, you end up with the bot just sending name after name to the server and never getting a rejection. It has no reason to disconnect.

2) Once recipient filtering is enabled, you will actually be exposed to a directory harvest attack instead of exchange just accepting everything. So, you should enable tarpitting. This is the point you should see those connections drop down.

3) IF, after a week, you are still seeing some connections, try *DISABLING* SenderID filtering on the Virtual SMTP server. There is a bug in one of the SenderID dll's that can falsely hold open connections. MS has quietly acknowledged its existence, but has not come clean yet (to my knowledge) what the exact parameters are that cause this behavior. It is not consistent in my experience. Some servers have it, some don't exhibit it at all. And I'm told that it is fixed in Exchange 2007. I haven't seen it surface on 2007 yet myself, so I'm inclined to believe them...but then again, SBS 2008 isn't released yet....so it could be an odd interaction there.

To answer your other questions, the SMTP stack does seem to lock up with these long connections. That is the reason that 'terminate all' does not resolve the problem AND why the SMTP service stops responding if you try to restart it. You do *not* need to restart the server, however.

From the command line, you can run this command:

sc queryex smtpsvc

And in the output, find the process ID (PID). Once you have the PID, you can kill the process in task manager (usually an inetinfo process, which is why it is so tough to find.) From there, the process is flushed completely from memory and can be restarted without problem.

-Cliff

"Sann" <Sann@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:6894EB2A-E7E0-4AD7-B799-446E28719BFC@xxxxxxxxxxxxxxxx
Hello Cris, thank you for your prompt reply.

dual core 2.8 GHz with 2 GB memory.
the memory usage averages about 1,5 GB at all times.

Yes, I have installed SP 2 and all latest updates released after, with IMF
and enabled on SMTP.

"Cris Hanna [SBS-MVP]" wrote:

First question is...
How much RAM in the Server?

Second Question is
Do you have Exchange Server 2003 Service Pack 2 installed and IMF configured for connection filtering against recognized blacklist providers?

--
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"Sann" <Sann@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:12FBED5A-99AC-4821-BB29-5602036459BF@xxxxxxxxxxxxxxxx
SBS Exchange 2003: too many "Current Sessions" opened
Hello All,

Sometimes (usually it happens over weekends) my Exchange 2003 would stop
receiving external emails because of many active "Curresnt Sessions" and here
is why: our organization isn't big, so I lowered the "Limit number of
connections to:" parameter to 50 (it is done to fight the spam).

Now when somebody reports that he or she is not getting any "outside"
emails, I go to Exchange System Manager -> Servers -> <server> ->Protocols ->
SMTP -> Default SMTP Virtual Server - > Current Sessions and I see a bunch of
..br, .it, .ar, OHIOIJHOJOJI, etc, user names with connected times 98353566,
43543543, 3453453 seconds, or in another words with endless connection times.

I understand, that once the exchange reaches the number of connections of
50, it stops accepting new connections, stops receiving emails and here is my
qustions:
1. Why the "Terminate All" command doesn't remedy the problem with email flow?
As the second option, I try to restart SMTP service, but it freezes in a
stopping mode leaving me with only one option to restart entire server. (BTW,
I've also noticed that it feezes after I update IMF filter and I need to
restart the server)
2. what are those connections and how to protect Exchange from them?

Any advise will be greatly appreciated

.

Relevant Pages

  • Re: SBS Exchange 2003: too many "Current Sessions" opened
    ... SBS 2008 does include the option during installation, to install fresh or to perform a migration installation, which allows you to introduce it into an existing SBS 2003 organizations. ... Windows Small Business Server 2008 Unleashed ... Since exchange defaults to accepting ... IF, after a week, you are still seeing some connections, try *DISABLING* ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS Exchange 2003: too many "Current Sessions" opened
    ... that kills inetinfo.exe and starts SMTP - should ... Windows Small Business Server 2008 Unleashed ... Since exchange defaults to accepting ... IF, after a week, you are still seeing some connections, try *DISABLING* ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS Exchange 2003: too many "Current Sessions" opened
    ... Since exchange defaults to accepting ... IF, after a week, you are still seeing some connections, try *DISABLING* ... SenderID filtering on the Virtual SMTP server. ... You do *not* need to restart the server, ...
    (microsoft.public.windows.server.sbs)
  • RE: Event ID 402
    ... Open Server Management. ... On the Exchange 2003 server, ... click Outbound connections button. ... click to check the "Hide All Microsoft Services" ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 IIS BASED SERVICES FAIL INTERMITTENTLY
    ... If I read your post correctly, you have a switch where the SBS ... Run DHCP server on your SBS, and set all client machine nics to dynamic. ... Once you have your nics configured, run the Connect to the Internet wizard, ... QUESTION1 - what is REFUSING CONNECTIONS? ...
    (microsoft.public.windows.server.sbs)