Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Hard Drive constantly writing when SMTP is enabled 3

Status
Not open for further replies.
webmastadj84

webmastadj84

IS-IT--Management
Joined
Aug 23, 2006
Messages
86
Location
US
I have this problem. The server is runng 2003 exchange and every time I turn on the SMTP server service, the system is constantly writing to the hard drive...so much so it slows the system down a great deal. Once I stop the service, the system stops writting to the hard drive and then goes back to normal opperation. Any ideas with this problem? It has been working fine until this happened a few weeks ago.
 
Sort by date Sort by votes
PS: just checked, it does now.

Marc
If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC!
 
Upvote 0 Downvote
Upvote 0 Downvote
Now, when I go to the SMTP Server and then on current sessions, I got the max of 5 users connected to the server. An ideas with this?
 
Upvote 0 Downvote
My thought is that there is so many things not right with this system that you should consult with someone that can dedicate their time to audit your system and correct the misconfigurations (if any).

 
Upvote 0 Downvote
there is nothing to audit. I have users using the server to send spam. I can not believe more people don't have this problem. Everything on the server is set to default. I have not changed any other settings becides the Exchange and IIS services. There has got to be some way to stop people from connecting to a server like this.
 
Upvote 0 Downvote
On a normally configured Exchange 2003 server, anonymous users can connect to the server only to deliver mail destined for internal users (which are defined by the recipient policy). If an unauthenticated user tries to send spam to an address that isn't in the local recipient policy list, the smtp connection is dropped.

If users are able to connect to your system, and, without authenticating, send email through your server to other external recipients, your system is misconfigured. Either that or one of your user accounts is compromised and an authenticated user is generating all the spam.

But since an external test said that you have an open relay, then you must be allowing unauthenticated users to relay.

Here's one more thing to check: go down into your Connectors, not under Servers -> Protocols. Look at the main SMTP connector there, and check the Address Space tab. It should have a * in the big field. Now look at the bottom. There is a checkbox that says "Allow messages to be relayed to these domains." Make sure that it is NOT checked.

ShackDaddy
 
Upvote 0 Downvote
It looks like it has stopped. Now sure if the people trying to connect stopped or the settings worked. I tried to block all the ip address ranges that I saw connecting. If someone could confirm this, that would be great.
 
Upvote 0 Downvote
You can run the test as well as we can. Re-running the relay test from - it now states that the system is NOT an open relay.

Congratulations! That is the most important step that needed to be accomplished to protect your system.
 
Upvote 0 Downvote
Also. check your ISP is not blocking your emails. Once it sees that you are acting as a relay, it may blcok all email from your domain. you may be blacklisted. Worth checking anyway even if you have emails back.
 
Upvote 0 Downvote
Good idea. I ran a check and found uptechusa.net IS blacklisted. See below:

Target Reason(s) for being Blacklisted URL
uptechusa.net (207.30.146.150) Blacklisted by 3 servers
Not Just Another Bogus List Received 1 reason dnsbl.njabl.org
127.0.0.2 Open SMTP relay 1156194785


DNS Blacklist Australia - Type 1 SPAM sources Received 1 reason 127.0.0.2 Open SMTP relay see and

DNS Blacklist Australia - Open Single-Level Relay Received 1 reason 127.0.0.2 Open SMTP relay see and
 
Upvote 0 Downvote
Ok, I completed the removal process on those lists.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Brent Fletcher
  • Locked
  • Question Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
3K
Brent Fletcher
Brent Fletcher
DrB0b
  • Locked
  • Question Question
Issue removing large deleted items folder's contents
Replies
1
Views
3K
DrB0b
DrB0b
sreejay2211
  • Locked
  • Question Question
email issue
Replies
0
Views
3K
sreejay2211
sreejay2211
sreejay2211
  • Locked
  • Question Question
Group issue
Replies
0
Views
3K
sreejay2211
sreejay2211
sreejay2211
  • Locked
  • Question Question
0365 Group issue
Replies
0
Views
3K
sreejay2211
sreejay2211

Part and Inventory Search

Sponsor

Back
Top