Solved

Ex2010 - Tarpit for '0.00:00:01.028' due to 'DelayedAck',Delivered

Posted on 2015-02-11
3
1,091 Views
Last Modified: 2015-02-12
Hi,

First of all I have read some of the material on this and I have seen some people suggesting to change the MaxAcknowledgementDelay on the Receive Connector to zero but some of those were in reference to coexistence with an Exchange 2003 server.  I have also seen a suggestion stating that you could create a special receive connector for the particular domain and put all the IPs in it that send mail for that domain.  I'm interested in getting some opinions on my particular situation.

I have a single Exchange 2010 server receiving email from the internet using a single "Internet Receive Connector".  Usually I only see this in the SMTP Receive Log with spammers but occasionally it happens with legitimate email.  Today it is happening with a new client and I would like to get it resolved.  So the emails in question are never received by our users and the following is the end of the transmission in the Receive Log for one of the missing emails.  Can anyone offer up some suggestions?

2015-02-11T20:22:46.477Z,EPTMAIL10\Internet Receive Connector,08D1C5ED19C2349D,27,LOCAL_IP:25, REMOTE_IP:45222,>,250 2.6.0 <!&!AAAAAAAAAAAYAAAAAAAAADcX//EdsDVGvdVvMvwfDP/CgAAAEAAAAGs9kWHPps5MrK7DOR3DVo8BAAAAAA==@REMOTEDOMAIN.ca> [InternalId=118165] Queued mail for delivery,
2015-02-11T20:22:46.499Z,EPTMAIL10\Internet Receive Connector,08D1C5ED19C2349D,28,LOCAL_IP:25, REMOTE_IP:45222,<,QUIT,
2015-02-11T20:22:46.499Z,EPTMAIL10\Internet Receive Connector,08D1C5ED19C2349D,29,LOCAL_IP:25, REMOTE_ip:45222,>,221 2.0.0 Service closing transmission channel,
2015-02-11T20:22:46.499Z,EPTMAIL10\Internet Receive Connector,08D1C5ED19C2349D,30,LOCAL_IP:25, REMOTE_IP:45222,-,,Local
0
Comment
Question by:robertgibson
  • 2
3 Comments
 
LVL 37

Accepted Solution

by:
Jamie McKillop earned 500 total points
ID: 40605480
Hello,

Ideally, you should have some type of spam filtering device in front of your Exchange server. When that isn't possible, the tarpit feature can help guard against directory harvest spam attacks. The problem, as you have discovered, is that this feature can sometimes have an impact on legitimate email. You really only have three options to deal with this issue.

1. Put a spam filtering device in front of your Exchange servers. This is the preferred solution but there are obviously costs involved.
2. You can create a new receive connector that has this feature turned off and specify the IPs of the senders that are having issues with tarpitting. The main issue with this solution is that it requires a bit of management and anytime the sender's IPs change, you need to update the connector.
3. You can just turn off the tarpitting feature on your current internet receive connector and just accept the possibility that spammers will be able to perform directory harvest.

Personally, my preference would be options 1 then 2 then 3.

-JJ
0
 

Author Comment

by:robertgibson
ID: 40605516
Thanks Jamie.  We do have a Watchguard box that handles some of the SPAM but it definitely isn't near what I would consider an excellent solution. In fact I believe I had better success with the free version of Untangle as far as the SPAM goes. I was thinking of trying to turn the Watchguard SPAM filter off and redirect the email to an Untangle box in a test lab but I just haven't had the time.

Any recommendations as far as SPAM filters?

I will start with option 2 and see how that goes.  I will stay away from option 3 as I still see SPAM email being dropped in the logs Acknowledgement Delay.

Thanks
Rob
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 40605528
For free options Untangled and mailcleaner are good options.

-JJ
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question