Hard Drive constantly writing when SMTP is enabled 3

[webmastadj84]

I have this problem. The server is runng 2003 exchange and every time I turn on the SMTP server service, the system is constantly writing to the hard drive...so much so it slows the system down a great deal. Once I stop the service, the system stops writting to the hard drive and then goes back to normal opperation. Any ideas with this problem? It has been working fine until this happened a few weeks ago.

 

[Marcs41]

PS: just checked, it does now.

Marc
_{If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all.
Free Tip: The F1 Key does NOT destroy your PC!}

 

[kbing]

Looks like you have an open relay...first thing I would do is lock it down so that it is not an open relay.

Here's a Microsoft document that tells you how to reset SMTP settings back to default so it isn't an open relay.

http://www.microsoft.com/technet/pr...c82-bcc2-4261-a30d-90536577c873.mspx?mfr=true

http://www.spamhelp.org/shopenrelay/shopenrelaytest.php

SMTP Open Relay Test
207.30.146.150 is an open relay

 

[webmastadj84]

On that

http://www.spamhelp.org/shopenrelay/shopenrelaytest.php

it states that it could not connect on port 25. I did reset it I believe to the default.

 

[webmastadj84]

Now, when I go to the SMTP Server and then on current sessions, I got the max of 5 users connected to the server. An ideas with this?

 

[kbing]

My thought is that there is so many things not right with this system that you should consult with someone that can dedicate their time to audit your system and correct the misconfigurations (if any).

 

[webmastadj84]

there is nothing to audit. I have users using the server to send spam. I can not believe more people don't have this problem. Everything on the server is set to default. I have not changed any other settings becides the Exchange and IIS services. There has got to be some way to stop people from connecting to a server like this.

 

[ShackDaddy]

On a normally configured Exchange 2003 server, anonymous users can connect to the server only to deliver mail destined for internal users (which are defined by the recipient policy). If an unauthenticated user tries to send spam to an address that isn't in the local recipient policy list, the smtp connection is dropped.

If users are able to connect to your system, and, without authenticating, send email through your server to other external recipients, your system is misconfigured. Either that or one of your user accounts is compromised and an authenticated user is generating all the spam.

But since an external test said that you have an open relay, then you must be allowing unauthenticated users to relay.

Here's one more thing to check: go down into your Connectors, not under Servers -> Protocols. Look at the main SMTP connector there, and check the Address Space tab. It should have a * in the big field. Now look at the bottom. There is a checkbox that says "Allow messages to be relayed to these domains." Make sure that it is NOT checked.

ShackDaddy

 

[webmastadj84]

It looks like it has stopped. Now sure if the people trying to connect stopped or the settings worked. I tried to block all the ip address ranges that I saw connecting. If someone could confirm this, that would be great.

 

[kbing]

You can run the test as well as we can. Re-running the relay test from

http://spamhelp.org

- it now states that the system is NOT an open relay.

Congratulations! That is the most important step that needed to be accomplished to protect your system.

 

[prha]

Also. check your ISP is not blocking your emails. Once it sees that you are acting as a relay, it may blcok all email from your domain. you may be blacklisted. Worth checking anyway even if you have emails back.

 

[kbing]

Good idea. I ran a check and found uptechusa.net IS blacklisted. See below:

Target Reason(s) for being Blacklisted URL
uptechusa.net (207.30.146.150) Blacklisted by 3 servers
Not Just Another Bogus List Received 1 reason dnsbl.njabl.org
127.0.0.2 Open SMTP relay 1156194785


DNS Blacklist Australia - Type 1 SPAM sources Received 1 reason

http://www.dnsbl.net.au/types

127.0.0.2 Open SMTP relay see

http://dnsbl.net.au/osrs/

and

http://dnsbl.net.au/lookup/?207.30.146.150

DNS Blacklist Australia - Open Single-Level Relay Received 1 reason

http://dnsbl.net.au/

127.0.0.2 Open SMTP relay see

http://dnsbl.net.au/osrs/

and

http://dnsbl.net.au/lookup/?207.30.146.150

 

[webmastadj84]

Ok, I completed the removal process on those lists.