• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 174
  • Last Modified:

General SPAM question - load on Exchange - separate filter

I have a client who has had a domain for a long time now.  Due to this, they receive mountains and mountains of SPAM (about 40 per minute on average, 24/7).

I have Exchange 2003 running on its own server (a pretty good Hp Proliant).  I used to have GFI Mail Essentials running on the same server.  I found though that the filter put so much load on the server, due to the volume of spam, it was impacting the performance of the server.

I installed GFI on a separate box, and that takes care of SPAM before it gets to the mail server.  The firewall routes mail to the 'GFI box', and then a connector forwards it to the email server.  However, I am facing a new challenge, and I am worried I created it.

It appears, when SPAM flow is at its highest (sometimes multiple spams a second), 'real' emails get queued and take up to an hour to get delivered.

Does having this filter put limitations on the amount of connections I can accept at one time?
Will the performance of the GFI box put limitations on things (it is a std P4 box).
Would something like a Barracuda help matters?

Any other general thoughts/ideas?

Help much appreciated,

  • 2
1 Solution
Assuming this other box is a standard Windows 2003 IIS SMTP Relay, then it may be limiting - but that is off by default -> http://www.helpline4it.com/lab_practices-d277.html

If it is not limiting like that, then it could just be processing slow, which would not surprise me with GFI.

What I tend to do is use a relay server for the really obvious spam - get it to drop the connection instantly, that usually gets rid of 80% of it, then forward the rest to Exchange where it gets scanned again, this time it is scanning less mail, with less rules, so it is not so intensive.

The barracuda would probably have more success at this, simply because it would be configured better - but there is something you could try right now, for free.

Install Vamsoft ORF on the relay server, http://www.vamsoft.com enable greylisting and recipient filtering (directory harvest).  That should drop a stack of your connections immediately, you could even move this to a second relay server (for the purpose of the test).
tnormanAuthor Commented:
Kieran...thanks for that...pretty good stuff.

What you describe is basically what I have GFI doing (just blacklists and DH).

However, it is running on Windows XP.

When I try to change the maximum connections (which is currently set at 10), it defaults back to 10.
Also, I am unable to turn it off.

Is this a limitation of the XP connector?

Windows XP itself has a limit of 10 network connections - not just SMTP connection, ALL network connections :)

You need to upgrade that to Server to resolve it.

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now