?
Solved

SMTP service - bandwidth - queues are empty

Posted on 2007-10-09
16
Medium Priority
?
296 Views
Last Modified: 2013-11-30
Had a SPAM attack - cleaned out all the smtp queues.
Queues are now empty
However when the smtp server is running - connectivity slows to a crawl and ping times go from the normal 86ms to 2.5 sec.
Connection is 1.5/768 adsl.

Any ideas?

Thanks,
jv
0
Comment
Question by:johnvlahos
  • 10
  • 4
  • 2
16 Comments
 
LVL 2

Expert Comment

by:Exchange_Solution
ID: 20042457
You probably have some problem with Open Relay.
Force authentification to relay then start smtp services again.

0
 

Author Comment

by:johnvlahos
ID: 20042585
* You probably have some problem with Open Relay.
* Force authentification to relay then start smtp services again.


Thanks - I wish that was the case - disabled all relaying and the smtp server is still problematic.
0
 
LVL 2

Expert Comment

by:Exchange_Solution
ID: 20043071
This is probably a DNS Issues

Be sure  that you have internal DNS servers listed in the DNS configuration on the Exchange server

Or you can ADD a smart Host to resolve this DNS problem. The smart Host will foward all outgoing email to your Internet Provider.




0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 

Author Comment

by:johnvlahos
ID: 20043185
* This is probably a DNS Issues
* Be sure  that you have internal DNS servers listed in the DNS configuration on the Exchange server
* Or you can ADD a smart Host to resolve this DNS problem. The smart Host will foward all outgoing email to your Internet Provider.

Thanks - the server is a DC and DNS server - it has itself as the only DNS server in its tcp/ip properties.

More info though - there are two smtp queues with no messages that won't drop off the list. Any chance that's where the issue is?
0
 
LVL 2

Expert Comment

by:Exchange_Solution
ID: 20043489

When you start your SMTP services take a look on the INETINFO.exe Process

If he take a huge part of CPU etc...etc... take a look on that folder to been sure hes empty
Program Files\Exchsrvr\Mailroot\vsi 1\Queue

I hope you have restart your server since the Spam Attack
0
 

Author Comment

by:johnvlahos
ID: 20043607
* When you start your SMTP services take a look on the INETINFO.exe Process
* If he take a huge part of CPU etc...etc... take a look on that folder to been sure hes empty
* Program Files\Exchsrvr\Mailroot\vsi 1\Queue
* I hope you have restart your server since the Spam Attackback to top

Tahnks - The CPUs are all quiet - inetinfo appears normal - restarted the server several times and the queue folder is empty.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20043877
It could be that the attacker continue to attack your server, possibly using the same method as before. Did you work out which attack method was used?

Simon.

--
If your question has been answered, pleased remember to accept the answer and close the question.
0
 

Author Comment

by:johnvlahos
ID: 20043950
* It could be that the attacker continue to attack your server, possibly using the same method as before. Did you work out which attack method was used?

Simon - no I didn't - just about 8000+ messages in about 6000 queues destined for various locations. That issue has not recurred though. Just two smtp queues that are empty and won't drop off the list. Thanks.
0
 

Author Comment

by:johnvlahos
ID: 20043977
New info - this was the application log...


Event Type:      Warning
Event Source:      MSExchangeIS
Event Category:      General
Event ID:      9665
Date:            10/9/2007
Time:            12:43:26 PM
User:            N/A
Computer:      EMAIL
Description:
The memory settings for this server are not optimal for Exchange.

 For more information, click http://support.microsoft.com?kbid=815372

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 13 00 00 00               ....    
0
 

Author Comment

by:johnvlahos
ID: 20044388
More info....

Ran network monitor and sure enough there is traffic going to two IP addresses which match the two active smtp queues. The queues are empty and I can't get them to go away. Any help is appreciated...

Thanks,
jv
0
 
LVL 2

Expert Comment

by:Exchange_Solution
ID: 20044596
0
 

Author Comment

by:johnvlahos
ID: 20044686
Yet more info...

A user sent out a large attachment to the two queues in question. Message tracking says it was deleivered to the remote smtp servers - but the recipients didn't get it. Now the queues just stay active with no messages. I tried having the user send another small message to see if it would clear the queues - the message went and now we're back to the two stuck queues.

Is there no way to delete empty, active smtp queues?

Thanks,
jv
0
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 20044793
If the users sent out a large message it has probably got stuck and is in a retry loop.
You could try changing the time out to the shortest possible on the SMTP virtual server, restarting the SMTP Server Service. After 10 minutes the timeouts will have expired and you can set it back to the defaults.

Simon.

--
If your question has been answered, pleased remember to accept the answer and close the question.
0
 

Author Comment

by:johnvlahos
ID: 20045223
Simon - thanks - but that didn't work either. There are no visible messages in these queues - but a packet snifer comfirms that traffic is being sent to these two domains. Note -  we thought it might be a black hole router issue - sadly no...

Thanks,
jv
0
 

Author Comment

by:johnvlahos
ID: 20045562
More info again...

Message tracking now confirms that there is some kind of loop happening -  I keep seeing "started outbound transfer etc" in the tracking log over and over. I just can't seem to kill it...

jv
0
 

Author Comment

by:johnvlahos
ID: 20045673
Simon - it was a loop and I accepted your answer. The final resolution was to freeze the two queues and restart the info-store - that allowed me to 'catch' the message in the queues and delete it before they had a chane to try and send it.

Thanks everyone for the help.

jv
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses
Course of the Month13 days, 12 hours left to enroll

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question