RE: IIS SMTP relay for Exchange - Is my relay being used by others?
Have you made sure to secure this IIS SMTP box against relay? Ed Crowley MCSE+Internet MVP Tech Consultant Compaq Computer Corporation (soon to be HP) All your base are belong to us. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jesse Rink Sent: Tuesday, November 20, 2001 12:23 PM To: Exchange Discussions Subject: IIS SMTP relay for Exchange - Is my relay being used by others? Okay. Here's the low-down. I have an Exchange 5.5 server on the inside interface of our firewall and and IIS SMTP relay server on the DMZ interface of our firewall. This has been running for several months without any problems. Yesterday I reviewed the daily network bandwidth chart for our T1 line out the to internet and found the inbound traffic was WAY higher (my eyes almost popped out of my sockets) than usual. This was highly noticeable in that the inbound traffic continued into the late hours of the night. Normally, after 5pm, network inbound/outbound traffic is dead. I tried figuring out what all of a sudden is causing this increased traffic and am beginning to suspect the IIS SMTP relay box. Performance analysis on the box shows that the CPU utilization is much higher than usual (mainly from inetinfo.exe). After further investigating, I noticed that the c:\inetpub\mailroot\queue directory is suddenly full (1500 messages) of .rtr and .eml files (can someone explain the difference between these?). Not only are there 1500+ .rtr and .eml files in the queue, but the messages themselves are not originating from or destined to whitnall.com (my domain). I'm assuming someone (most of the messages are from hotmail.com accounts and contain PORN links) is using our smtp relay... Can someone please help me address this problem? Not sure how to proceed. Thanks reply here or via email [EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
IIS SMTP relay for Exchange - Is my relay being used by others?
Okay. Here's the low-down. I have an Exchange 5.5 server on the inside interface of our firewall and and IIS SMTP relay server on the DMZ interface of our firewall. This has been running for several months without any problems. Yesterday I reviewed the daily network bandwidth chart for our T1 line out the to internet and found the inbound traffic was WAY higher (my eyes almost popped out of my sockets) than usual. This was highly noticeable in that the inbound traffic continued into the late hours of the night. Normally, after 5pm, network inbound/outbound traffic is dead. I tried figuring out what all of a sudden is causing this increased traffic and am beginning to suspect the IIS SMTP relay box. Performance analysis on the box shows that the CPU utilization is much higher than usual (mainly from inetinfo.exe). After further investigating, I noticed that the c:\inetpub\mailroot\queue directory is suddenly full (1500 messages) of .rtr and .eml files (can someone explain the difference between these?). Not only are there 1500+ .rtr and .eml files in the queue, but the messages themselves are not originating from or destined to whitnall.com (my domain). I'm assuming someone (most of the messages are from hotmail.com accounts and contain PORN links) is using our smtp relay... Can someone please help me address this problem? Not sure how to proceed. Thanks reply here or via email [EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: IIS SMTP relay for Exchange - Is my relay being used by others?
What version of IIS? the following article is for IIS 5 http://support.microsoft.com/support/kb/articles/q310/3/56.asp From: Jesse Rink [EMAIL PROTECTED] Reply-To: Exchange Discussions [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Subject: IIS SMTP relay for Exchange - Is my relay being used by others? Date: Tue, 20 Nov 2001 14:23:00 -0600 Okay. Here's the low-down. I have an Exchange 5.5 server on the inside interface of our firewall and and IIS SMTP relay server on the DMZ interface of our firewall. This has been running for several months without any problems. Yesterday I reviewed the daily network bandwidth chart for our T1 line out the to internet and found the inbound traffic was WAY higher (my eyes almost popped out of my sockets) than usual. This was highly noticeable in that the inbound traffic continued into the late hours of the night. Normally, after 5pm, network inbound/outbound traffic is dead. I tried figuring out what all of a sudden is causing this increased traffic and am beginning to suspect the IIS SMTP relay box. Performance analysis on the box shows that the CPU utilization is much higher than usual (mainly from inetinfo.exe). After further investigating, I noticed that the c:\inetpub\mailroot\queue directory is suddenly full (1500 messages) of .rtr and .eml files (can someone explain the difference between these?). Not only are there 1500+ .rtr and .eml files in the queue, but the messages themselves are not originating from or destined to whitnall.com (my domain). I'm assuming someone (most of the messages are from hotmail.com accounts and contain PORN links) is using our smtp relay... Can someone please help me address this problem? Not sure how to proceed. Thanks reply here or via email [EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Re: IIS SMTP relay for Exchange - Is my relay being used by others?
Version 4.0 so the Q article doesn't apply.. Thanks anyway. Is there a comparable Q article for IIS4? Also, I should mention that on my IIS relay box, under the Remote Domain properties, the box labeled Allow incoming mail to be relayed to this domain *IS* checked. Not sure why. Would this be the cause? Or would it still be a virus as some are saying? Thanks What version of IIS? the following article is for IIS 5 http://support.microsoft.com/support/kb/articles/q310/3/56.asp From: Jesse Rink [EMAIL PROTECTED] Reply-To: Exchange Discussions [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Subject: IIS SMTP relay for Exchange - Is my relay being used by others? Date: Tue, 20 Nov 2001 14:23:00 -0600 Okay. Here's the low-down. I have an Exchange 5.5 server on the inside interface of our firewall and and IIS SMTP relay server on the DMZ interface of our firewall. This has been running for several months without any problems. Yesterday I reviewed the daily network bandwidth chart for our T1 line out the to internet and found the inbound traffic was WAY higher (my eyes almost popped out of my sockets) than usual. This was highly noticeable in that the inbound traffic continued into the late hours of the night. Normally, after 5pm, network inbound/outbound traffic is dead. I tried figuring out what all of a sudden is causing this increased traffic and am beginning to suspect the IIS SMTP relay box. Performance analysis on the box shows that the CPU utilization is much higher than usual (mainly from inetinfo.exe). After further investigating, I noticed that the c:\inetpub\mailroot\queue directory is suddenly full (1500 messages) of .rtr and .eml files (can someone explain the difference between these?). Not only are there 1500+ .rtr and .eml files in the queue, but the messages themselves are not originating from or destined to whitnall.com (my domain). I'm assuming someone (most of the messages are from hotmail.com accounts and contain PORN links) is using our smtp relay... Can someone please help me address this problem? Not sure how to proceed. Thanks reply here or via email [EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]