|
Home > Archive > IIS and SMTP > April 2004 > SMTPSVC Warnings
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| I have SMTP running on 2003 Server and I started getting thousands of system
event warnings in the logs with an SMTPSVC source of messages similar to the
following:
-------------
Message delivery to the remote domain 'korea.com' failed for the following
reason: The remote server did not respond to a connection attempt.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
-------------
The domain 'korea.com' above is replaced by anything under the sun for each
warning.
SMTP Properties are as follows:
Relay (only the list below) with an empty list, with allow authentications
to relay checked
Connection (only the list below) with an empty list
I have stopped the SMTP service until I can get this resolved. I have even
waited several days and when I start SMTP, the drive floods with activity
and the log starts to populate with new warnings every few seconds.
I have installed TDS-3 trojan detection which has not found anything. I
disconnected the ethernet and started the SMTP again and SMTP is flooded
again... Making me think that it is coming from inside the box.
Any advice on this situation would be much appreciated.
Bruce
| |
|
| I also meant to say that all the EventIDs are 4000.
"Bruce" <newsgroup1@whatever.com> wrote in message
news:Qs1fc.1065$Ad4.615@news02.roc.ny...
> I have SMTP running on 2003 Server and I started getting thousands of
system
> event warnings in the logs with an SMTPSVC source of messages similar to
the
> following:
>
> -------------
> Message delivery to the remote domain 'korea.com' failed for the following
> reason: The remote server did not respond to a connection attempt.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
> -------------
>
> The domain 'korea.com' above is replaced by anything under the sun for
each
> warning.
>
> SMTP Properties are as follows:
> Relay (only the list below) with an empty list, with allow authentications
> to relay checked
> Connection (only the list below) with an empty list
>
> I have stopped the SMTP service until I can get this resolved. I have even
> waited several days and when I start SMTP, the drive floods with activity
> and the log starts to populate with new warnings every few seconds.
>
> I have installed TDS-3 trojan detection which has not found anything. I
> disconnected the ethernet and started the SMTP again and SMTP is flooded
> again... Making me think that it is coming from inside the box.
>
> Any advice on this situation would be much appreciated.
>
> Bruce
>
>
| |
| Jenny Frye [MSFT] 2004-04-14, 2:47 pm |
| Bruce,
If you don't have any POP clients or other hosts that need to use the server
as a relay, then uncheck the "allow computers which successfully
authenticate to relay..." Disabling this will prevent hackers from using
SMTP AUTH to relay off the server. This will cut down on the event ID
4000 - assuming that the problem is relay-related. This could also be SPAM
related so, if you don't already use a spam filtering program you may want
to consider doing so.
--
Jenny Frye
Microsoft PSS
This posting is provided 'AS IS' with no warranties and confers no rights.
Please do not send email directly to this alias. This alias is for
newsgroup purposes only.
|
|
|
|
|