Solved

Exchange 2000 running Extremely Slow

Posted on 2004-08-23
18
542 Views
Last Modified: 2008-02-01
Windows2000 Server SP4/had 256 now has 768 ram/DC/Exchange2000 SP3/Mcaffee Groupshield/Virus Scan 7.0
As of 4 days ago, my exchange server has started acting strange and now is taking 5+ hours to send mail and up to 8 to recieve. I have ran a complete scan of the system thinking that perhaps a virus slipped through and that was clear. I then ran stinger this was clean as well. I have verifed all latest patches and upgrades installed. I have added memory thinking perhaps it was getting overloaded. When I can view the que it shows that it is over a Gig. Mail is backing up in a magor way. Any assistance with this would be greatly appreciated. New to this, so if anyone needs more info just let me know.

Thanks

0
Comment
Question by:mcse63
  • 6
  • 6
  • 3
  • +2
18 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 11869846
This is saying mail relay.
Either you are an open relay or you are being used for an NDR attack.

If you look at the queues are they all from "postmaster@yourdomain"?

If so then this will confirm it.

Take a look at this article from MSKB on how to clear up the queues. Don't worry about the versions - the techniques are pretty much the same: http://support.microsoft.com/default.aspx?kbid=324958

It could also be an authenticated user attack on SMTP. Do you allow your users to send email through your SMTP server? If so you may want to consider disabling that feature for now.

Simon.
0
 

Author Comment

by:mcse63
ID: 11871331
I have followed the instructions in the MS Article and ran the relay test and here are the results? I haven't recieved the mail but this is still bad.

To: cowandave%hotmail.com@mail.shop4zero.com
From: spamtest@mail.shop4zero.com
<<< 250 2.0.0 Resetting
>>>> MAIL FROM:
<<< 250 2.1.0 spamtest@mail.shop4zero.com....Sender OK
>>>> RCPT TO:
<<< 250 2.1.5 cowandave%hotmail.com@mail.shop4zero.com
>>>> DATA
<<< 354 Start mail input; end with .
>>>> MESSAGE
<<< 250 2.6.0 Queued mail for delivery
SUCCESS

I see no other settings to check. Any other ideas.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 11871611
Put your domain in to dnsreport.com and see what it comes back with.

Have you made any changes to the configuration of the machine? Exchange 2000 is relay secure "out of the box" but you can change settings to turn it in to a relay.

Simon.
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 

Author Comment

by:mcse63
ID: 11872283
Came back with I don't have an spf record and a few dns issues. I have worked those out, Is a smtp connector necessary to send and recieve mail. Let me explain a bit more. I have a external dc that forwards all mail to the exchange server behind the firewall and the the exchange uses the edc as the smart host. I have configured the firewall to accept mail to my exchange box directly. So do I need the smart host and the connector?
0
 
LVL 5

Expert Comment

by:Steve M
ID: 11872364
I think you may have an extreamly large message that cannot be sent, due to message size restrictions at both ends (sender and recipient)

I've seen the same senario before, what happened was we had no outbound limits set, but we did have inbound limits set.  someone tryed to send a 400MB attachment and the recipeints mailserver rejected it with a copy of the message attached to the NDR, our system then rejected it as well and back and forth it went...  

the message must be huge due to the amount of time it takes to send the message, in your case 5 hours or so.  This is what you need to do to check for that.  

1. first stop SMTP services
2. open your exchange server queue folder (default location is c:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue)
3. is there mail in that folder?  if there is then change the view to details and sort it by size.  Find out if there is a large message in there and delete or move it.  if not proceed to next step...
4. open the ESM (Exchange System Manager) and drill down to your queues (server/protocols/SMTP/default) for that server and you can also view those queues and sort by message size.
5. If you find a mail queue that is huge, enumerate the messagea and double click the queue to see what messages are waiting in the queue.  If you find a big one in there that you feel is the culprit, you can delete it right from there with "NO NDR!".
6. start your SMTP service back up of course.. ;)

Hope this helps ya, cheers. :)
0
 

Author Comment

by:mcse63
ID: 11872559
I appreciate the input jsk-ck, I thought something like that as well and checked that yesterday. I didn't mention that in my first description as I am just getting the hang of this posting stuff. Thanks again.
0
 
LVL 5

Expert Comment

by:Steve M
ID: 11872576
No prob, you might want to check your mail gateway (smarthost) for the same thing as I mentioned if you haven't done so already.

Good luck
0
 
LVL 104

Expert Comment

by:Sembee
ID: 11874214
SMTP Connector is not required for receiving email. Sometimes you need one for sending email. An SMTP connector usually directs email to another place - one that is different to what Exchange can find itself - for example you need to send email through the ISPs server (smart host).

If you are not sending email directly - and wish to send it through another machine - a relay - then you will need an SMTP connector, change it to smart host mode and enter the IP address or dns name of the relay machine.

Simon.
0
 

Author Comment

by:mcse63
ID: 11875710
Simon,

You have been a great help and are in the lead for the points, I have finally been able to open the que and it is all postmaster@mydomain.com. Is there a way to prevent Reverse NDR attacks which is what I think this is.

Thanks,
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 11876415
Reverse NDRs ... those are what got me banned from AOL.  :)  

In Exchange 2000...

System Manager -> Global Settings -> Internet Message Formats...

Right click on your Default and choose Properties. In the Advanced tab there is a check box 'Allow non-delivery reports'. By unchecking this you basically turn off NDRs for incoming emails... Now there is a caveat to this. If anyone sends a legit email to your company using a wrong email address, your server will not respond back saying the user does not exist.

Nevertheless, look to getting an email filter that blocks non-existent users on your domain by doing directory lookups (such as ORF).  Sembee should get the points, not me...
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 11879890
"LimeSMJ" has it right. I would have responded earlier but I was asleep.

The problem with turning off NDRs is that the legitimate NDRs (misspelling of names of legitimate users) will not be sent back to the users. Getting a filter to put in front of your Exchange server is a much better solution as it will stop the communication at the SMTP level.
Exchange 2003 has this feature built in.

Simon.
0
 

Author Comment

by:mcse63
ID: 11880210
I just wantedt to say thanks for all the help. By accepting your answer Simon that meant that you recieved the points right? If not let me know what I need to do and I will make sure that you get them. I am going to look into some decent spam blocking apps. 26-50 users. Any thoughts?

Thanks again
0
 
LVL 104

Expert Comment

by:Sembee
ID: 11880327
Straight spam I would look at "I Hate Spam". I have that running on a number of clients with Exchange 2003.
However in this case I think the first product you should look at is Mail Essentials from GFI. http://www.gfi.com/ 

I have the points - thank you.

Simon.
0
 
LVL 5

Expert Comment

by:Steve M
ID: 11880341
Good answer, well done!

I use NetIQ's MailMarshal SMTP in front of my mailservers.  It works very well, is extreamly configurable and automatically updated.  The price wasn't too bad either I thought.  It runs on a Windows Server, and uses very little resources for what it does...  it really is a complete smtp gateway that scans for not only spam but content and of course Viruses as well.

http://www.netiq.com/products/mma/default.asp

Cheers

/Steve
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 11887899
I have GFI running on my mailserevr now.  Price is nice BUT the latest release (v10) still does not have the email directory lookup check that you (and I) are having problems with - basically SPAM is one thing but being emailed random names@mydomain.com can even be more annoying.  ORF is a product that I have never used but the specs look great.  It seems to do all the major stuff that GFI does PLUS the email directory checking to prevent DHA and the Dictionary attacks.

http://www.vamsoft.com/orf/orfee_prodspec.asp

Priced at $99 per server (no user license fees - amazing...) this is pennies to even use.  I am seriously considering just buying this product just to block unknown user emails.
0
 

Author Comment

by:mcse63
ID: 11891720
Thanks for the input LimeSMJ

I have downloaded both and will install them today and let you know how it goes.
0
 

Expert Comment

by:BrownLumber
ID: 14077585
I have ndr in exg 2k turned off but if I put in an address to send them to they still are created and sent?  
 Do they end up in the badmail folder if no notification was sent?   We are involved in cealning up A reverse NDR attack.  Is there a product that deals with this effectively.  
0
 
LVL 104

Expert Comment

by:Sembee
ID: 14079293
BrownLumber - This is a closed question. As such the experts will not see your question.
You should post a new question in the main Exchange topic area, the other experts will then pick up the question and answer.

Simon.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
530 5.7.1 client was not authenticated (Office 365) 5 59
exchange 2007 5 34
Skype for Business server 6 38
query all mailbox rules 5 20
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In-place Upgrading Dirsync to Azure AD Connect
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question