• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 286
  • Last Modified:

Upload maxed out

We have a T1 line and someone was trying to ftp a file and it showed 5 hours remaining. I checked the graph usage from our internet site and it shows 280 download and 22 upload (we usually have 1.5 download and 700 upload. I don't know what is going on. I rebooted the PIX firewall and the Cisco router and for a moment it went down but 15 min later it went all the way up again. Do you have any idea what I could do at this point? The internet provider sayd it is internally. ANy hint is appreaciated. Thanks.
0
Bob Macpherson
Asked:
Bob Macpherson
1 Solution
 
jabiiiCommented:
do you have someone using a file share or something?
0
 
Bob MacphersonAuthor Commented:
You mean like Kazaa or Limewire? I don't think so, I hope not!
0
 
jabiiiCommented:
what do the pix logs tell you?
do you have logging on all your polcies?
see any unknown traffic, or spam traffic?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Bob MacphersonAuthor Commented:
I found out that is the Exchange server, when I turn it off and disconnect it everything goes back to normal, as soon as I sign back in and start the services, the T1 line goes crazy. What should I do, how do I stop it, what can be in there that creates this problem? Thanks.
0
 
lrmooreCommented:
You need to scrub your Exchange server. It may be setup as a mail relay host and is sending out tons of spam without your knowlege. It could be infected with virus or worm..

http://www.slipstick.com/exs/relay.htm

0
 
Bob MacphersonAuthor Commented:
It wasn't spam there were 256 SMTP queues retrying for 48 hours. I deleted them and everything is fine now.
0
 
jabiiiCommented:
Good catch :)
0
 
bstrauss3Commented:
I've had clients with the same problem.

There is a tool you should look into, MailBasketMD - http://www.turbogeeks.com/products/mailbasket.asp.

Technically, it breaks the SMTP standards by accepting ANY address and throwing away mail that doesn't match up with a valid userid.  This prevents the build up of a huge # of failure messages to bogus servers.



------Burton
0
 
DarthModCommented:
PAQed with points refunded (500)

DarthMod
Community Support Moderator
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now