• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 299
  • Last Modified:

SMTP service - bandwidth - queues are empty

Had a SPAM attack - cleaned out all the smtp queues.
Queues are now empty
However when the smtp server is running - connectivity slows to a crawl and ping times go from the normal 86ms to 2.5 sec.
Connection is 1.5/768 adsl.

Any ideas?

Thanks,
jv
0
johnvlahos
Asked:
johnvlahos
  • 10
  • 4
  • 2
1 Solution
 
Exchange_SolutionCommented:
You probably have some problem with Open Relay.
Force authentification to relay then start smtp services again.

0
 
johnvlahosAuthor Commented:
* You probably have some problem with Open Relay.
* Force authentification to relay then start smtp services again.


Thanks - I wish that was the case - disabled all relaying and the smtp server is still problematic.
0
 
Exchange_SolutionCommented:
This is probably a DNS Issues

Be sure  that you have internal DNS servers listed in the DNS configuration on the Exchange server

Or you can ADD a smart Host to resolve this DNS problem. The smart Host will foward all outgoing email to your Internet Provider.




0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
johnvlahosAuthor Commented:
* This is probably a DNS Issues
* Be sure  that you have internal DNS servers listed in the DNS configuration on the Exchange server
* Or you can ADD a smart Host to resolve this DNS problem. The smart Host will foward all outgoing email to your Internet Provider.

Thanks - the server is a DC and DNS server - it has itself as the only DNS server in its tcp/ip properties.

More info though - there are two smtp queues with no messages that won't drop off the list. Any chance that's where the issue is?
0
 
Exchange_SolutionCommented:

When you start your SMTP services take a look on the INETINFO.exe Process

If he take a huge part of CPU etc...etc... take a look on that folder to been sure hes empty
Program Files\Exchsrvr\Mailroot\vsi 1\Queue

I hope you have restart your server since the Spam Attack
0
 
johnvlahosAuthor Commented:
* When you start your SMTP services take a look on the INETINFO.exe Process
* If he take a huge part of CPU etc...etc... take a look on that folder to been sure hes empty
* Program Files\Exchsrvr\Mailroot\vsi 1\Queue
* I hope you have restart your server since the Spam Attackback to top

Tahnks - The CPUs are all quiet - inetinfo appears normal - restarted the server several times and the queue folder is empty.
0
 
SembeeCommented:
It could be that the attacker continue to attack your server, possibly using the same method as before. Did you work out which attack method was used?

Simon.

--
If your question has been answered, pleased remember to accept the answer and close the question.
0
 
johnvlahosAuthor Commented:
* It could be that the attacker continue to attack your server, possibly using the same method as before. Did you work out which attack method was used?

Simon - no I didn't - just about 8000+ messages in about 6000 queues destined for various locations. That issue has not recurred though. Just two smtp queues that are empty and won't drop off the list. Thanks.
0
 
johnvlahosAuthor Commented:
New info - this was the application log...


Event Type:      Warning
Event Source:      MSExchangeIS
Event Category:      General
Event ID:      9665
Date:            10/9/2007
Time:            12:43:26 PM
User:            N/A
Computer:      EMAIL
Description:
The memory settings for this server are not optimal for Exchange.

 For more information, click http://support.microsoft.com?kbid=815372

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 13 00 00 00               ....    
0
 
johnvlahosAuthor Commented:
More info....

Ran network monitor and sure enough there is traffic going to two IP addresses which match the two active smtp queues. The queues are empty and I can't get them to go away. Any help is appreciated...

Thanks,
jv
0
 
johnvlahosAuthor Commented:
Yet more info...

A user sent out a large attachment to the two queues in question. Message tracking says it was deleivered to the remote smtp servers - but the recipients didn't get it. Now the queues just stay active with no messages. I tried having the user send another small message to see if it would clear the queues - the message went and now we're back to the two stuck queues.

Is there no way to delete empty, active smtp queues?

Thanks,
jv
0
 
SembeeCommented:
If the users sent out a large message it has probably got stuck and is in a retry loop.
You could try changing the time out to the shortest possible on the SMTP virtual server, restarting the SMTP Server Service. After 10 minutes the timeouts will have expired and you can set it back to the defaults.

Simon.

--
If your question has been answered, pleased remember to accept the answer and close the question.
0
 
johnvlahosAuthor Commented:
Simon - thanks - but that didn't work either. There are no visible messages in these queues - but a packet snifer comfirms that traffic is being sent to these two domains. Note -  we thought it might be a black hole router issue - sadly no...

Thanks,
jv
0
 
johnvlahosAuthor Commented:
More info again...

Message tracking now confirms that there is some kind of loop happening -  I keep seeing "started outbound transfer etc" in the tracking log over and over. I just can't seem to kill it...

jv
0
 
johnvlahosAuthor Commented:
Simon - it was a loop and I accepted your answer. The final resolution was to freeze the two queues and restart the info-store - that allowed me to 'catch' the message in the queues and delete it before they had a chane to try and send it.

Thanks everyone for the help.

jv
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

  • 10
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now