inetinfo.exe affecting exchange delivery

Hello cstephen100,

If the exchange logs are eating up HD space, do you have a backup working on the server? If so the backup program should delete the logs automatically.
What do you see in the eventlogs actually?
Where is the inetinfio.exe file located on the HD?
http://www.symantec.com/security_response/writeup.jsp?docid=2005-102514-0353-99&tabid=2
it should be about 14k in size normally, and should be located under C:\WINDOWS\System32\inetsrv

Regards,

suppsaws

cstephen100,

btw, what about you mail flow, are there any mail in the exchange queue?
You mean it's eating up all memory or HD space?

suppsaws

Run the Exchange Performance Troubleshooting analyzer (EXPTA) when the issue reoccurs and it will help in pointing to the root cause of the issue.

btw, when it's memory you mean, read following post:
http://www.smallbizserver.net/tabid/53/forumid/11/postid/2226/view/topic/Default.aspx

hi thanks for your assistance the inet info file is in the correct location :C:\WINDOWS\System32\inetsrv i noticed that there was also a inetinfo dump file on the c drive  & if i check the processes tab under task manager i see that the inet.info process is taking  up 254,655k memory usage this figure fluctuates and has doubled since i checked it earlier today, the reason i think that this is related to the mail flow ia i read article: http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q291248 which states ""XIMS: High CPU Use by Inetinfo.exe Process Degrades E-mail Delivery""
I dont see any errors in event viewer or queed msgs but they are definatly delayed when sending , i ran EXPTA which pointed to an smtp routing error stating smtp instance name did not match dns server resolved name i changed them to match but it didnt  make any difference........

sorry i am just after noticing in queues in system manager that there are msgs in the smtp connector as attached

queues.doc

thanks on further research i ran filemon and targeted the inetinfo.exe  the acivity is very high i dont think this is normal activity but do not know whats causing it, would attached file of inetinfo activity give any clue
inetinfo-activity.doc

Thanks suppsaws im nearly there,tried lots from the links you sent, deleting queues from command prompt etc, im nearly there, the only trouble is i still cannot stop the queues from building up, whether it is an ndr attack or not, the exchange Q's build up rapidly i searched experts exchange knowledge base and found how to turn of non delivery reports but the queues still keep piling up, thus causing store .exe and inet info .exe to demand lots of memory usage, is there any way i can stop them.....

you should just follow that guide, it can take a LONG time to empty up the queues.
There can be over 100.000 mails in the queue.
Also check if you aren't an open relay.

i can empty them fine using cmd prompt but cant stop the message queues builing up rapidly , i have carried out the steps to check if its open relay & Its not if we cant stop this msg attack we may have to reinstall exchange

thanks for your answers suppssaws, i finally was able to clear the queues using the info you provided exchange is now functioning properly