Richw221
asked on
SMTP Connections Staying Open with Exchange 5.5 IMC
OK, here is the latest crazy problem...
Over the past few weeks our Exchange Server has been getting bogged down with SMTP connections, it seems that they are connecting and doing what they have to but it's just taking forever, so the connections are getting to the MAX of 100 that we have set! Slowly but surly they clear up and the connection count returns to normal. While this is happening you can telnet to port 25 and you can see everything just seems to be moving slowly. We have the diagnostics logging turned on and it rarely shows that any of the connection are timing out. We are also looking and comparing the inbound connections to see if it is a particular server's) causing the problem. There have been no correlations thus far!
It's your typical Exchange 5.5 with IMC running, we also use Antigen v6, it's also being ported through ISA server.
Sometimes it goes for days and everything is fine, then all of the sudden the connections just keep building. If we don't try to fix it by rebooting or stopping the IMC everything usually just works itself out in about an hour.
The machine is regularly defragged, nothing else running on it, and it is a dual Xeon with 2GB of RAM... I'm at a loss...
It's running a Intel Pro Copper Gigabit card at 1Gb as well.
During the phenomena the CPU is almost idle, and the Hard Drives are chugging, but not extensively?!
Any input would be greatly appreciated!
Rich
Over the past few weeks our Exchange Server has been getting bogged down with SMTP connections, it seems that they are connecting and doing what they have to but it's just taking forever, so the connections are getting to the MAX of 100 that we have set! Slowly but surly they clear up and the connection count returns to normal. While this is happening you can telnet to port 25 and you can see everything just seems to be moving slowly. We have the diagnostics logging turned on and it rarely shows that any of the connection are timing out. We are also looking and comparing the inbound connections to see if it is a particular server's) causing the problem. There have been no correlations thus far!
It's your typical Exchange 5.5 with IMC running, we also use Antigen v6, it's also being ported through ISA server.
Sometimes it goes for days and everything is fine, then all of the sudden the connections just keep building. If we don't try to fix it by rebooting or stopping the IMC everything usually just works itself out in about an hour.
The machine is regularly defragged, nothing else running on it, and it is a dual Xeon with 2GB of RAM... I'm at a loss...
It's running a Intel Pro Copper Gigabit card at 1Gb as well.
During the phenomena the CPU is almost idle, and the Hard Drives are chugging, but not extensively?!
Any input would be greatly appreciated!
Rich
ASKER
That's exactly what we first expected, however upon packet inspection through the firewall, I can not seem to find a smoking gun as far as seeing the same servers appearing in the connections list. It could still be random attempts to relay though...
ASKER
p.s. ..and there is NOT an open relay...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well it seems that a majority of the traffic was from a group of SPAM servers that were not black listed by antigen... so we just blocked them DIRECTLY from the Exchange 5.5 SMTP connections properties by adding the following IP addresses and ranges...
69.59.0.0 using MASK 255.255.192.0
69.6.0.0 using MASK 255.255.192.0
This has cut down on the Antigen Incidences DRAMATICALLY and we have not seen the problem reoccur as of yet.
Thank you all for your input and I will let you know if anything changes!
Rich
69.59.0.0 using MASK 255.255.192.0
69.6.0.0 using MASK 255.255.192.0
This has cut down on the Antigen Incidences DRAMATICALLY and we have not seen the problem reoccur as of yet.
Thank you all for your input and I will let you know if anything changes!
Rich
ASKER
Well as it turns out it was the Antigen software on the Exchange server trying to lookup the Inbound SMTP server on the SPAM LIST server, there is not a decent timeout set for the Lookup to fail and thus it would keep the SMTP connections open while trying to resolve the name and match it to the list of spam servers. We disabled the DNS resolution of Antigen and subscribed to their Spamcure feature. Tey are aweare of the problem... Thanks to all!
cheers