General discussion

Locked

Xchange 2k delay sending/receiving email

By REZUMA ·
I dont know what else to do. My exchange server is sends and receives emails with a few hours delay, i though it was a question of all the spamming i am getting but know i doub it. Yesterday when i took a look into the smtp queue i realize i had like 7000 msg in the "awaiting for diretory lookup" queue, now i am tryin to look in the smtp queue but it takes for ever to show me the screen...any help, guide... or fast way of killing my self!!!
thanks

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by mbr In reply to Xchange 2k delay sending/ ...

Check to see if you have an open relay, Port 25, or install a pix firewall with an ACL

Collapse -

by mbr In reply to

I had the same problem, except my relay was closed, we had someone come in with a sniffer and he tolds us that someone was coming in threw port25 which is not possible if you have a closed relay. so I installed a Pix 501 with an ACL and my problem is no more. If you don't do something about this soon you might get black listed.

Collapse -

by REZUMA In reply to Xchange 2k delay sending/ ...

thanks for your asnwer, we are not open relay according to microsoft way of configuring exchange 2k. I have also test my server in several online places, i know that's not the problem. We also have a checkpoint firewall.
At this point i am looking into 2 posibilities
Reverse NDR Attack
http://www.cmsconnect.com/Praetor/WebHelp/zAppendix_B_-_Message_tests/Thwarting_reverse_NDR_attacks.htm
or one of our password have been compromised and somebody is using it to spam...although i just unchecked windows authetification in the exchange configuration...

Collapse -

by duwaned In reply to Xchange 2k delay sending/ ...

Hi.

Do you have a pinhole for port 80 inbound configured on your firewall for Outlook Web Access pointing directly to your mail server? If so, then it could be that someone has hacked your IIS installation, and relaying from your Exchange server. This happened to me at one of my client sites last week. All the latest hotfixes and service packs were installed (Win2K & Exch 2K) and still the messages rolled in. I had done relay test on the box, and all these failed. The only way I knew that it had happened was that their ISP had blocked mail from them (blocked due to spamming), and the queues built up on the Exchange server. The only way to stop this was to close off port 80 inbound for a while, and then publish the OWA through a firewall of some sort (like ISA server, Astaro, etc).

There must be another IIS weakness known by the spammers, but not by MS yet ;-)

If you don't have OWA publish outside your firewall, the I have really wasted your time and mine. Sorry if this is the case!

Hope this helps.
Regards.
Duwane

Collapse -

by REZUMA In reply to

Poster rated this answer.

Collapse -

by REZUMA In reply to Xchange 2k delay sending/ ...

This question was closed by the author

Back to Windows Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums