We help IT Professionals succeed at work.

SMTP service - bandwidth - queues are empty

johnvlahos
johnvlahos asked
on
312 Views
Last Modified: 2013-11-30
Had a SPAM attack - cleaned out all the smtp queues.
Queues are now empty
However when the smtp server is running - connectivity slows to a crawl and ping times go from the normal 86ms to 2.5 sec.
Connection is 1.5/768 adsl.

Any ideas?

Thanks,
jv
Comment
Watch Question

You probably have some problem with Open Relay.
Force authentification to relay then start smtp services again.

Author

Commented:
* You probably have some problem with Open Relay.
* Force authentification to relay then start smtp services again.


Thanks - I wish that was the case - disabled all relaying and the smtp server is still problematic.
This is probably a DNS Issues

Be sure  that you have internal DNS servers listed in the DNS configuration on the Exchange server

Or you can ADD a smart Host to resolve this DNS problem. The smart Host will foward all outgoing email to your Internet Provider.




Author

Commented:
* This is probably a DNS Issues
* Be sure  that you have internal DNS servers listed in the DNS configuration on the Exchange server
* Or you can ADD a smart Host to resolve this DNS problem. The smart Host will foward all outgoing email to your Internet Provider.

Thanks - the server is a DC and DNS server - it has itself as the only DNS server in its tcp/ip properties.

More info though - there are two smtp queues with no messages that won't drop off the list. Any chance that's where the issue is?

When you start your SMTP services take a look on the INETINFO.exe Process

If he take a huge part of CPU etc...etc... take a look on that folder to been sure hes empty
Program Files\Exchsrvr\Mailroot\vsi 1\Queue

I hope you have restart your server since the Spam Attack

Author

Commented:
* When you start your SMTP services take a look on the INETINFO.exe Process
* If he take a huge part of CPU etc...etc... take a look on that folder to been sure hes empty
* Program Files\Exchsrvr\Mailroot\vsi 1\Queue
* I hope you have restart your server since the Spam Attackback to top

Tahnks - The CPUs are all quiet - inetinfo appears normal - restarted the server several times and the queue folder is empty.
Expert of the Year 2007
Expert of the Year 2006

Commented:
It could be that the attacker continue to attack your server, possibly using the same method as before. Did you work out which attack method was used?

Simon.

--
If your question has been answered, pleased remember to accept the answer and close the question.

Author

Commented:
* It could be that the attacker continue to attack your server, possibly using the same method as before. Did you work out which attack method was used?

Simon - no I didn't - just about 8000+ messages in about 6000 queues destined for various locations. That issue has not recurred though. Just two smtp queues that are empty and won't drop off the list. Thanks.

Author

Commented:
New info - this was the application log...


Event Type:      Warning
Event Source:      MSExchangeIS
Event Category:      General
Event ID:      9665
Date:            10/9/2007
Time:            12:43:26 PM
User:            N/A
Computer:      EMAIL
Description:
The memory settings for this server are not optimal for Exchange.

 For more information, click http://support.microsoft.com?kbid=815372

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 13 00 00 00               ....    

Author

Commented:
More info....

Ran network monitor and sure enough there is traffic going to two IP addresses which match the two active smtp queues. The queues are empty and I can't get them to go away. Any help is appreciated...

Thanks,
jv

Author

Commented:
Yet more info...

A user sent out a large attachment to the two queues in question. Message tracking says it was deleivered to the remote smtp servers - but the recipients didn't get it. Now the queues just stay active with no messages. I tried having the user send another small message to see if it would clear the queues - the message went and now we're back to the two stuck queues.

Is there no way to delete empty, active smtp queues?

Thanks,
jv
Expert of the Year 2007
Expert of the Year 2006
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Simon - thanks - but that didn't work either. There are no visible messages in these queues - but a packet snifer comfirms that traffic is being sent to these two domains. Note -  we thought it might be a black hole router issue - sadly no...

Thanks,
jv

Author

Commented:
More info again...

Message tracking now confirms that there is some kind of loop happening -  I keep seeing "started outbound transfer etc" in the tracking log over and over. I just can't seem to kill it...

jv

Author

Commented:
Simon - it was a loop and I accepted your answer. The final resolution was to freeze the two queues and restart the info-store - that allowed me to 'catch' the message in the queues and delete it before they had a chane to try and send it.

Thanks everyone for the help.

jv
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.