Solved

Lots of traffic between server and internet causing very slow surfing.

Posted on 2004-09-25
5
230 Views
Last Modified: 2010-03-18
Hi,

I have a windows 2000 server with Exchange 2000 installed. Users have experienced very slow internet surfing recently.

The network connects to the Internet via an ADSL Draytek router. I have shut down all machines and what I notice is that there are lots of packets being sent and received between the server and router. In fact the server is sending twice as many packets as it is receving. This is contineous and never stops

So far I have:
shut down all the exchange services
Virus scanned the server
Rebooted
All security updates have being installed

I have used network monitor to capture some packets and I always see the source or destination port as SMTP. Our Exchange server downloads via POP3 so I am unsure why I keep seeing this. Does anyone have any further ideas on how I can solve this?

0
Comment
Question by:Danbrasco
  • 3
  • 2
5 Comments
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12152444
Sounds most definately like a virus. Try the following:

1. Make sure your virus definition files are up to date (Viruses may kill the update process)
2. Reboot into safe mode and run a system scan again
3. Get a 2nd Opinion from an online virus scanning system like http://housecall.trendmicro.com
4. Run AdAware http://lavasoftusa.com and SpyBot http://www.safer-networking.org/en/index.html to check for other types of nasties
5. Run HijackThis http://www.majorgeeks.com/download3155.html and get the log file analyzed here:
http://hijackthis.de/index.php?langselect=english
0
 
LVL 15

Expert Comment

by:adamdrayer
ID: 12152449
sorry, the AdAware URL should have been http://www.lavasoftusa.com
0
 

Author Comment

by:Danbrasco
ID: 12156527
I think the problem is to do with the SMTP connector. Under Default SMTP Virtual Server \ Queues there are hundreds of SMTP connectors. I guess these are messages of some sort but I am unsure. They all say Small Business SMTP connector - (website name).

It seems at first glance that my server is being used to relay spam but the I disabled relaying when I first set it up. How do you think all these messages got here? Is there a way of manually deleting them?
0
 
LVL 15

Accepted Solution

by:
adamdrayer earned 250 total points
ID: 12156539
How To Block Open SMTP Relaying and Clean Up Exchange Server SMTP Queues on SBS
http://support.microsoft.com/default.aspx?kbid=324958&product=sbserv2003
0
 

Author Comment

by:Danbrasco
ID: 12158529
Many thanks for this.

I spent a lot of time on this but finally managed to get it solved. Problem is, I still don't know how they managed to use my server since I had all the settings for relaying disabled.

Will have to do some further research.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question