Solved

Ex2010 - Tarpit for '0.00:00:01.028' due to 'DelayedAck',Delivered

Posted on 2015-02-11
3
778 Views
Last Modified: 2015-02-12
Hi,

First of all I have read some of the material on this and I have seen some people suggesting to change the MaxAcknowledgementDelay on the Receive Connector to zero but some of those were in reference to coexistence with an Exchange 2003 server.  I have also seen a suggestion stating that you could create a special receive connector for the particular domain and put all the IPs in it that send mail for that domain.  I'm interested in getting some opinions on my particular situation.

I have a single Exchange 2010 server receiving email from the internet using a single "Internet Receive Connector".  Usually I only see this in the SMTP Receive Log with spammers but occasionally it happens with legitimate email.  Today it is happening with a new client and I would like to get it resolved.  So the emails in question are never received by our users and the following is the end of the transmission in the Receive Log for one of the missing emails.  Can anyone offer up some suggestions?

2015-02-11T20:22:46.477Z,EPTMAIL10\Internet Receive Connector,08D1C5ED19C2349D,27,LOCAL_IP:25, REMOTE_IP:45222,>,250 2.6.0 <!&!AAAAAAAAAAAYAAAAAAAAADcX//EdsDVGvdVvMvwfDP/CgAAAEAAAAGs9kWHPps5MrK7DOR3DVo8BAAAAAA==@REMOTEDOMAIN.ca> [InternalId=118165] Queued mail for delivery,
2015-02-11T20:22:46.499Z,EPTMAIL10\Internet Receive Connector,08D1C5ED19C2349D,28,LOCAL_IP:25, REMOTE_IP:45222,<,QUIT,
2015-02-11T20:22:46.499Z,EPTMAIL10\Internet Receive Connector,08D1C5ED19C2349D,29,LOCAL_IP:25, REMOTE_ip:45222,>,221 2.0.0 Service closing transmission channel,
2015-02-11T20:22:46.499Z,EPTMAIL10\Internet Receive Connector,08D1C5ED19C2349D,30,LOCAL_IP:25, REMOTE_IP:45222,-,,Local
0
Comment
Question by:robertgibson
  • 2
3 Comments
 
LVL 37

Accepted Solution

by:
Jamie McKillop earned 500 total points
Comment Utility
Hello,

Ideally, you should have some type of spam filtering device in front of your Exchange server. When that isn't possible, the tarpit feature can help guard against directory harvest spam attacks. The problem, as you have discovered, is that this feature can sometimes have an impact on legitimate email. You really only have three options to deal with this issue.

1. Put a spam filtering device in front of your Exchange servers. This is the preferred solution but there are obviously costs involved.
2. You can create a new receive connector that has this feature turned off and specify the IPs of the senders that are having issues with tarpitting. The main issue with this solution is that it requires a bit of management and anytime the sender's IPs change, you need to update the connector.
3. You can just turn off the tarpitting feature on your current internet receive connector and just accept the possibility that spammers will be able to perform directory harvest.

Personally, my preference would be options 1 then 2 then 3.

-JJ
0
 

Author Comment

by:robertgibson
Comment Utility
Thanks Jamie.  We do have a Watchguard box that handles some of the SPAM but it definitely isn't near what I would consider an excellent solution. In fact I believe I had better success with the free version of Untangle as far as the SPAM goes. I was thinking of trying to turn the Watchguard SPAM filter off and redirect the email to an Untangle box in a test lab but I just haven't had the time.

Any recommendations as far as SPAM filters?

I will start with option 2 and see how that goes.  I will stay away from option 3 as I still see SPAM email being dropped in the logs Acknowledgement Delay.

Thanks
Rob
0
 
LVL 37

Expert Comment

by:Jamie McKillop
Comment Utility
For free options Untangled and mailcleaner are good options.

-JJ
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now