Solved

IIS6 Virtual SMTP server resends old email after reboot

Posted on 2016-11-22
13
24 Views
Last Modified: 2016-12-02
After a reboot my Windows Server 2012 Standard starts sending very old emails which have already been sent weeks if not months ago.
As far as I know it only uses the C:\inetpub\mailroot directory for handling all traffic. I've monitored the Queue for days now and nothing strange there (emails getting sent). So I wonder what could cause this behaviour?
0
Comment
Question by:Blue Orange
  • 4
  • 4
  • 3
  • +1
13 Comments
 
LVL 6

Expert Comment

by:Andy
ID: 41897136
Hi,

The best free method would be DNS (round robin) load balancing.
Used this before and it works well, although it can't do any kind of weighted (or intelligent) balancing.
Multiple A records for the same mail DNS name to several IP addresses for CAS servers.

You can also get a free version of the KEMP loadbalancer up to 20Mbps or maybe look at ARR
0
 

Author Comment

by:Blue Orange
ID: 41897144
@Andy, this SMTP server cannot be targeted by outside requests, it only accepts this from local applications who want to send an email.
Therefor having DNS changes will not work, it has to be something local.
0
 
LVL 26

Assisted Solution

by:Dan McFadden
Dan McFadden earned 250 total points
ID: 41897465
When you say you were "...monitoring the queue for days..." do you mean the IIS SMTP queue directory or the actual mail queue?

Emails that cannot be immediately delivered to remote domains are stored in the queue directory and are retried based on the SMTP service configuration.  Also, when the IIS Service (and hence all child services, of which SMTP is one) is restarted, the SMTP service scans thru is queue directory and retries queued up messages.

Have you anaylzed your SMTP logs to see if these emails are for a small number (or 1) remote domains?

Dan
0
 
LVL 26

Assisted Solution

by:skullnobrains
skullnobrains earned 125 total points
ID: 41898691
either exchange is quite heavily bugged ( it is but that is a little too big a bug ) or the problem lies elsewere such as resurgency of files at storage level.

it is also possible that a manual operation produced this : i assume if an admin takes ownership of a bunch of files in the queue and revokes the right IIS has to delete the file, you may end up with such a situation : the queue is scanned only once at boot time so the mail are sent only once but since the files can't be removed... that would probably produce visible errors in the logs.

are you using some kind of SAN ? was the system stopped cleanly ? was a filesystem recovery preformed at boot ?

if you reboot properly now, do you still have sent messages ? the same ones ?
0
 
LVL 6

Assisted Solution

by:Andy
Andy earned 125 total points
ID: 41898696
Have you checked for any scheduled tasks set to run at startup?
There could be a task to send the messages which triggers after a reboot.
0
 

Author Comment

by:Blue Orange
ID: 41898947
@Dan MacFadden:
To which queue are you refering? Is there a different way to access an IIS6 Virtual SMTP queue then its filesystem (mailroot dir)?
The smtp server always tries to make a bulk out of a bunch of email before it tries to sent them.

@SkullNoBrains:
I dont use exchange to send the emails, just the SMTP Server feature of IIS6.
The system had some Windows updates (normal reboot), but it does this every time we reboot the server.
I have check the logs from before and after the reboot and these are just normal send messages; no errors.
One customer refers to an email from september this year.

@Andy:
There are not tasks that start after a reboot.

I wonder where IIS6 SMTP Server could store these messages, apart from the mailroot directory?
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 6

Assisted Solution

by:Andy
Andy earned 125 total points
ID: 41898950
OK, under mailroot is there a pickup folder, if there is are there any files in there?
0
 

Author Comment

by:Blue Orange
ID: 41898957
@Andy; Pickup is empty.
I think it has todo something with a web applicatie accessing the SMTP server, since all those resends come from that single application (origin email is the same).

I'll get back to you guys, maybe it isnt even a SMTP server thing... durr
0
 
LVL 6

Expert Comment

by:Andy
ID: 41898959
My next comment was going to be it could be another server using this as a relay!
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 41898973
@SkullNoBrains:
I dont use exchange to send the emails, just the SMTP Server feature of IIS6.

oops but the same applies, anyway + it most definitely is heavily bugged + i recollect there is a whole mess of temporary queues when you are using virtual IIS containers and the likes. if that is the case, the files must be stuck somewhere in the container.

i'd start by looking at known places for email files and possibly scan the drive(s).
alternatively you can use process monitor (https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx ) and monitor which files are accessed on startup.

--

i don't believe too much a bug in the app would do that right when the server starts up but it is a possibility. but a local queue for the instance running that app seems more likely
0
 
LVL 26

Accepted Solution

by:
Dan McFadden earned 250 total points
ID: 41898978
Do you have SMTP Logging enabled?  Have you analyzed the logs?  Is it always the same emails being resent?  Is the web app local or located on another server?

Dan
0
 

Author Comment

by:Blue Orange
ID: 41908257
Turned out there were items in the Queue, after a reboot the smtp server picked them up again and send em. Strange but it must be something else. Going to run a clean task every day to check if there are items older then the maximum retry time.
0
 
LVL 26

Expert Comment

by:skullnobrains
ID: 41910005
most likely removing them will be good enough : they are probably leftovers from an old migration or possibly manual operation. look at the access rights, it is very likely the server does not have the right to delete the files.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now