Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Ex2010 - Tarpit for '0.00:00:01.028' due to 'DelayedAck',Delivered

Posted on 2015-02-11
3
Medium Priority
?
1,377 Views
Last Modified: 2015-02-12
Hi,

First of all I have read some of the material on this and I have seen some people suggesting to change the MaxAcknowledgementDelay on the Receive Connector to zero but some of those were in reference to coexistence with an Exchange 2003 server.  I have also seen a suggestion stating that you could create a special receive connector for the particular domain and put all the IPs in it that send mail for that domain.  I'm interested in getting some opinions on my particular situation.

I have a single Exchange 2010 server receiving email from the internet using a single "Internet Receive Connector".  Usually I only see this in the SMTP Receive Log with spammers but occasionally it happens with legitimate email.  Today it is happening with a new client and I would like to get it resolved.  So the emails in question are never received by our users and the following is the end of the transmission in the Receive Log for one of the missing emails.  Can anyone offer up some suggestions?

2015-02-11T20:22:46.477Z,EPTMAIL10\Internet Receive Connector,08D1C5ED19C2349D,27,LOCAL_IP:25, REMOTE_IP:45222,>,250 2.6.0 <!&!AAAAAAAAAAAYAAAAAAAAADcX//EdsDVGvdVvMvwfDP/CgAAAEAAAAGs9kWHPps5MrK7DOR3DVo8BAAAAAA==@REMOTEDOMAIN.ca> [InternalId=118165] Queued mail for delivery,
2015-02-11T20:22:46.499Z,EPTMAIL10\Internet Receive Connector,08D1C5ED19C2349D,28,LOCAL_IP:25, REMOTE_IP:45222,<,QUIT,
2015-02-11T20:22:46.499Z,EPTMAIL10\Internet Receive Connector,08D1C5ED19C2349D,29,LOCAL_IP:25, REMOTE_ip:45222,>,221 2.0.0 Service closing transmission channel,
2015-02-11T20:22:46.499Z,EPTMAIL10\Internet Receive Connector,08D1C5ED19C2349D,30,LOCAL_IP:25, REMOTE_IP:45222,-,,Local
0
Comment
Question by:robertgibson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 37

Accepted Solution

by:
Jamie McKillop earned 2000 total points
ID: 40605480
Hello,

Ideally, you should have some type of spam filtering device in front of your Exchange server. When that isn't possible, the tarpit feature can help guard against directory harvest spam attacks. The problem, as you have discovered, is that this feature can sometimes have an impact on legitimate email. You really only have three options to deal with this issue.

1. Put a spam filtering device in front of your Exchange servers. This is the preferred solution but there are obviously costs involved.
2. You can create a new receive connector that has this feature turned off and specify the IPs of the senders that are having issues with tarpitting. The main issue with this solution is that it requires a bit of management and anytime the sender's IPs change, you need to update the connector.
3. You can just turn off the tarpitting feature on your current internet receive connector and just accept the possibility that spammers will be able to perform directory harvest.

Personally, my preference would be options 1 then 2 then 3.

-JJ
0
 

Author Comment

by:robertgibson
ID: 40605516
Thanks Jamie.  We do have a Watchguard box that handles some of the SPAM but it definitely isn't near what I would consider an excellent solution. In fact I believe I had better success with the free version of Untangle as far as the SPAM goes. I was thinking of trying to turn the Watchguard SPAM filter off and redirect the email to an Untangle box in a test lab but I just haven't had the time.

Any recommendations as far as SPAM filters?

I will start with option 2 and see how that goes.  I will stay away from option 3 as I still see SPAM email being dropped in the logs Acknowledgement Delay.

Thanks
Rob
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 40605528
For free options Untangled and mailcleaner are good options.

-JJ
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Popular third-party chat platforms like Slack, Discord, and Telegram are just a few of the many new productivity applications that are being hijacked by cybercriminals to create command-and-control (C&C) communications infrastructures for their malw…
On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video discusses moving either the default database or any database to a new volume.

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question