Re: SBS Exchange 2003: too many "Current Sessions" opened

I see.
And for the current topic (as a quick report), to kill the "current
sessions" and make sure SMTP is running I created and scheduled to run on a
daily basis a small batch, that kills inetinfo.exe and starts SMTP - should
work for now until I put into production new server hardware with sbs 2003 r2.
And if I won't be able to resolve my problem in the new enviroment, I will
be bugging you guys again. :))

"Cris Hanna [SBS-MVP]" wrote:

SBS 2008 is not a production server since it only RC1...its my test server and I'm the only user...so there was no "migration" as such

SBS 2008 does include the option during installation, to install fresh or to perform a migration installation, which allows you to introduce it into an existing SBS 2003 organizations.



--
Cris Hanna [SBS-MVP]
Co-Author, Windows Small Business Server 2008 Unleashed
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"Sann" <Sann@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:19118D7F-6331-44AF-A64B-58E77F8F43B2@xxxxxxxxxxxxxxxx
Thanks a lot for your advices and information - will start experimenting....

btw, a quick side question to Cris: how did you move your users to SBS2008:
using migration tool in exchange or csv, ldi tools? I'm asking this question
in responce to your suggestion to bump the RAM to 4 GB. I'm installing a new
server hardware: 2x4 proc-s, 4 GB, RAID 10 on SAS, etc...

"Cris Hanna [SBS-MVP]" wrote:

And if you only have 2GB of RAM, RAM is cheap!! bump it to 4GB

And my spam has dropped so much using SBS 2008 RC1 it's a non-issue any more

--
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"Cliff Galiher" <cgaliher@xxxxxxxxx> wrote in message news:Bfmdnb4hrr4v1z7VnZ2dnUVZ_gOdnZ2d@xxxxxxxxxxxxxx
Sann:

Try these things, in this order:

1) Enable recipient filtering and only accept messages from users in AD.
The most common reason for ridiculously long connection times is a spambot
trying to do a directory harvest. Since exchange defaults to accepting
*everything* at connect time and rejecting later, you end up with the bot
just sending name after name to the server and never getting a rejection.
It has no reason to disconnect.

2) Once recipient filtering is enabled, you will actually be exposed to a
directory harvest attack instead of exchange just accepting everything. So,
you should enable tarpitting. This is the point you should see those
connections drop down.

3) IF, after a week, you are still seeing some connections, try *DISABLING*
SenderID filtering on the Virtual SMTP server. There is a bug in one of the
SenderID dll's that can falsely hold open connections. MS has quietly
acknowledged its existence, but has not come clean yet (to my knowledge)
what the exact parameters are that cause this behavior. It is not
consistent in my experience. Some servers have it, some don't exhibit it at
all. And I'm told that it is fixed in Exchange 2007. I haven't seen it
surface on 2007 yet myself, so I'm inclined to believe them...but then
again, SBS 2008 isn't released yet....so it could be an odd interaction
there.

To answer your other questions, the SMTP stack does seem to lock up with
these long connections. That is the reason that 'terminate all' does not
resolve the problem AND why the SMTP service stops responding if you try to
restart it. You do *not* need to restart the server, however.

From the command line, you can run this command:

sc queryex smtpsvc

And in the output, find the process ID (PID). Once you have the PID, you
can kill the process in task manager (usually an inetinfo process, which is
why it is so tough to find.) From there, the process is flushed completely
from memory and can be restarted without problem.

-Cliff

"Sann" <Sann@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6894EB2A-E7E0-4AD7-B799-446E28719BFC@xxxxxxxxxxxxxxxx
Hello Cris, thank you for your prompt reply.

dual core 2.8 GHz with 2 GB memory.
the memory usage averages about 1,5 GB at all times.

Yes, I have installed SP 2 and all latest updates released after, with IMF
and enabled on SMTP.

"Cris Hanna [SBS-MVP]" wrote:

First question is...
How much RAM in the Server?

Second Question is
Do you have Exchange Server 2003 Service Pack 2 installed and IMF
configured for connection filtering against recognized blacklist
providers?

--
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"Sann" <Sann@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:12FBED5A-99AC-4821-BB29-5602036459BF@xxxxxxxxxxxxxxxx
SBS Exchange 2003: too many "Current Sessions" opened
Hello All,

Sometimes (usually it happens over weekends) my Exchange 2003 would stop
receiving external emails because of many active "Curresnt Sessions" and
here
is why: our organization isn't big, so I lowered the "Limit number of
connections to:" parameter to 50 (it is done to fight the spam).

Now when somebody reports that he or she is not getting any "outside"
emails, I go to Exchange System Manager -> Servers ->
<server> ->Protocols ->
SMTP -> Default SMTP Virtual Server - > Current Sessions and I see a
bunch of
..br, .it, .ar, OHIOIJHOJOJI, etc, user names with connected times
98353566,
43543543, 3453453 seconds, or in another words with endless connection
times.

I understand, that once the exchange reaches the number of connections of
50, it stops accepting new connections, stops receiving emails and here
is my
qustions:
1. Why the "Terminate All" command doesn't remedy the problem with email
flow?
As the second option, I try to restart SMTP service, but it freezes in a
stopping mode leaving me with only one option to restart entire server.
(BTW,
I've also noticed that it feezes after I update IMF filter and I need to
restart the server)
2. what are those connections and how to protect Exchange from them?

Any advise will be greatly appreciated

.

Relevant Pages

  • [NT] Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (MS03-046)
    ... Get your security news from a reliable source. ... In Exchange Server 5.5, a security vulnerability exists in the Internet ... an unauthenticated attacker to connect to the SMTP port on an Exchange ...
    (Securiteam)
  • RE: SMTP error (only from Outlook)
    ... This issue appeared on specify user or all SMTP clients? ... If yes, in Exchange System ... Is there any local bridgehead server listed in "Local ... to over three dozen open relay block lists. ...
    (microsoft.public.windows.server.sbs)
  • RE: strange email errors
    ... you to check the relay configuration on the SBS server. ... please restart the SMTP virtue server and Exchange ... Please also refer to the following steps to create a new SMTP Connector to ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS Exchange 2003: too many "Current Sessions" opened
    ... So far everything is good and now I'm just monitoring my exchange. ... get the SMTP service to stop hanging in the first place. ... won't have dead connections. ... work for now until I put into production new server hardware with sbs 2003 ...
    (microsoft.public.windows.server.sbs)
  • Re: Exchange issues
    ... Are you up to date on all your Service Packs, both Windows and Exchange? ... > all traffic on port 25 to the SBS Exhange server. ... I suspected SMTP relaying becuase ... > You should verify that the server really isn't an open relay: ...
    (microsoft.public.exchange2000.admin)
Loading