Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Ex2010 - Tarpit for '0.00:00:01.028' due to 'DelayedAck',Delivered

Posted on 2015-02-11
3
1,028 Views
Last Modified: 2015-02-12
Hi,

First of all I have read some of the material on this and I have seen some people suggesting to change the MaxAcknowledgementDelay on the Receive Connector to zero but some of those were in reference to coexistence with an Exchange 2003 server.  I have also seen a suggestion stating that you could create a special receive connector for the particular domain and put all the IPs in it that send mail for that domain.  I'm interested in getting some opinions on my particular situation.

I have a single Exchange 2010 server receiving email from the internet using a single "Internet Receive Connector".  Usually I only see this in the SMTP Receive Log with spammers but occasionally it happens with legitimate email.  Today it is happening with a new client and I would like to get it resolved.  So the emails in question are never received by our users and the following is the end of the transmission in the Receive Log for one of the missing emails.  Can anyone offer up some suggestions?

2015-02-11T20:22:46.477Z,EPTMAIL10\Internet Receive Connector,08D1C5ED19C2349D,27,LOCAL_IP:25, REMOTE_IP:45222,>,250 2.6.0 <!&!AAAAAAAAAAAYAAAAAAAAADcX//EdsDVGvdVvMvwfDP/CgAAAEAAAAGs9kWHPps5MrK7DOR3DVo8BAAAAAA==@REMOTEDOMAIN.ca> [InternalId=118165] Queued mail for delivery,
2015-02-11T20:22:46.499Z,EPTMAIL10\Internet Receive Connector,08D1C5ED19C2349D,28,LOCAL_IP:25, REMOTE_IP:45222,<,QUIT,
2015-02-11T20:22:46.499Z,EPTMAIL10\Internet Receive Connector,08D1C5ED19C2349D,29,LOCAL_IP:25, REMOTE_ip:45222,>,221 2.0.0 Service closing transmission channel,
2015-02-11T20:22:46.499Z,EPTMAIL10\Internet Receive Connector,08D1C5ED19C2349D,30,LOCAL_IP:25, REMOTE_IP:45222,-,,Local
0
Comment
Question by:robertgibson
  • 2
3 Comments
 
LVL 37

Accepted Solution

by:
Jamie McKillop earned 500 total points
ID: 40605480
Hello,

Ideally, you should have some type of spam filtering device in front of your Exchange server. When that isn't possible, the tarpit feature can help guard against directory harvest spam attacks. The problem, as you have discovered, is that this feature can sometimes have an impact on legitimate email. You really only have three options to deal with this issue.

1. Put a spam filtering device in front of your Exchange servers. This is the preferred solution but there are obviously costs involved.
2. You can create a new receive connector that has this feature turned off and specify the IPs of the senders that are having issues with tarpitting. The main issue with this solution is that it requires a bit of management and anytime the sender's IPs change, you need to update the connector.
3. You can just turn off the tarpitting feature on your current internet receive connector and just accept the possibility that spammers will be able to perform directory harvest.

Personally, my preference would be options 1 then 2 then 3.

-JJ
0
 

Author Comment

by:robertgibson
ID: 40605516
Thanks Jamie.  We do have a Watchguard box that handles some of the SPAM but it definitely isn't near what I would consider an excellent solution. In fact I believe I had better success with the free version of Untangle as far as the SPAM goes. I was thinking of trying to turn the Watchguard SPAM filter off and redirect the email to an Untangle box in a test lab but I just haven't had the time.

Any recommendations as far as SPAM filters?

I will start with option 2 and see how that goes.  I will stay away from option 3 as I still see SPAM email being dropped in the logs Acknowledgement Delay.

Thanks
Rob
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 40605528
For free options Untangled and mailcleaner are good options.

-JJ
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Read this checklist to learn more about the 15 things you should never include in an email signature.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
The goal of the tutorial is to teach the user how to instant message and make a video call in Skype.

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question