 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Exchange Server / Applications / March 2006System Log Full And BadMail Out Of Hand
Hello, I have an Exchange 2000 Server receiving e-mail from a perimeter server running GFI MailEssentials v12. On my perimeter server, my system log is filling up about every day or two. Also, the BadMail folder in Inetpub\mailroot\badmail is filling up rapidly. It is not uncommon to have 100,000 items in the folder after two days or so. The messages filling my system log are typically like the following: EventID:4000 Message delivery to the remote domain "xxx.xxxxx.xxx" failed for the following reason: The remote server did not respond to a connection attempt. On the perimeter server, I turned on logging with IIS Log Format. I viewed the log file with Excel in a CSV format. I notice all types of bogus addresses in the file. The file also grew at an alarming rate (1000 lines or so after only 5 minutes). I did not understand the columns as they were not labeled with a header row so I was unable to interpret the results of the log file. I used the command line Telnet test to ensure that my mail server was not set up as an open relay. Can anyone give me any ideas or clues as to how to ascertain where the e-mail is originating (internal due to spyware or virus, or coming in from an external source). Also, is there any way to totally dump any messages that are addressed to users that don't exist in my organization such as "fido@mydomain.com" where no user named "fido" exists. Thank you for any help you can give. This is driving me nuts.  SignatureThank you, Robert Hello Robert, if your perimeter server can do an LDAP lookup, it can do this to reject invalid recipients. Enabling this feature on your internal server is no help, because GFI Mail-Essentials is a relay server, AFAIK. Most likely, you are suffering a SPAM attack. Not uncommon. A smarter Anti-spam solution could also help to mititgate the problem. Greetings, Heninng Krause > Hello, > [quoted text clipped - 37 lines] > > Thank you for any help you can give. This is driving me nuts. Henning, If I am understanding you correctly, you wanted me to Enable LDAP routing under the LDAP tab of the Default SMTP Server properties. I set this up as a test. If this is not what you were talking about, please clarify. As a test, I sent a mail to a non-existent user in my domain and received an NDR (sent from a personal e-mail account). Thank you for your help. SignatureThank you, Robert > Hello Robert, > [quoted text clipped - 52 lines] > > > > Thank you for any help you can give. This is driving me nuts. Hello, when I understood you correctly, you are receiving your email on the following way: Internet --> Perimeter Mail server (GFI Mail essentials) --> Internal Exchange Server If you enabled LDAP routing on the perimeter mail server, you are fine. If you enabled LDAP routing on your internal mail server, you have nothing won, because the GFI Mail Essential will still accept all inbound mails, because it does not know which one to reject. Greetings, Henning > Henning, > [quoted text clipped - 72 lines] >> > >> > Thank you for any help you can give. This is driving me nuts. Your assumption was correct. I set the LDAP on the perimeter server. However, my system log on the perimeter server is still growing as well as the IIS Log File on the perimeter server. Would it be helpful if I sent you the log file? SignatureThank you, Robert > Hello, > [quoted text clipped - 89 lines] > >> > > >> > Thank you for any help you can give. This is driving me nuts. Hello, no need to send me those logs. Is your badmail folder still filling up? How many mails are in the Queue folder? Henning Krause > Your assumption was correct. I set the LDAP on the perimeter server. > However, my system log on the perimeter server is still growing as well as [quoted text clipped - 111 lines] >> >> > >> >> > Thank you for any help you can give. This is driving me nuts. Henning, I looked at my queue this morning. I had 2100 messages in it. I have the BadMail script running, so It had cleaned out my BadMail folder. Am I correct in assuming that my Exchange Server (not the perimeter server) sends mail directly to the internet w/o going through the perimeter server? I know how my incoming mail is handled. I am trying to decide whether the "bogus" mail is being originated internally or if I am letting it get through my perimeter server some way or another. SignatureThank you, Robert > Hello, > [quoted text clipped - 120 lines] > >> >> > > >> >> > Thank you for any help you can give. This is driving me nuts. Hello, it depends on the configuration of your Exchange server. Look into the properties of the SMTP virtual server. On the Delivery Tab, select "Advanced". There is an entry called "smarthost". If that entry contains anything, you are sending your mail through that server. Next thing to look is the connectors. Do you have any connectors configured? If yes, you must look there for the smarthost field, too. The mails in your queue... do they all have From: header with your domain name? Or does the FROM: header contain foreign domainnames? If the latter is true, it seems that those mails originate from outside your network... that is, unless you have a rogue computer, which is infected with some sort of malware. Greetings, Henning > Henning, > [quoted text clipped - 153 lines] >> >> >> > >> >> >> > Thank you for any help you can give. This is driving me nuts. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.