|
Home > Archive > IIS and SMTP > April 2007 > SMTP Blasted
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| SteveT 2007-03-28, 1:19 am |
| This question never gets answered but I'll give it another try.
Windows server 2003, set up smtp and pop3.
As soon as I start smtp (from IIS) I am hit with literally hundreds of
warnings (Events viewer) about sent email being blocked.
But not only have I not even tried it yet (sent a message) but the damn port
is blocked on my firewall - 25 is closed!
What the heck is this? Not only do I not want to fill the log with this crap
but it takes my bandwidth as well.
How could it be accessed if the port is closed? I tried several port test
sites and all confirmed it was closed.
I can't be the only one who has this issue. Is there anyway to run a pop3
mail server and block this crap?
Thanks,
Steve
| |
| Steve Schofield 2007-03-29, 1:20 am |
| Can you post the error? I would verify you don't have a virus on your local
network trying to send email. I've seen malware send 30,000 messages in just
a few minutes. Please post the error message. That would help. Also enable
logging on the smtp server, this can help determine where the message are
coming from.
--
Thank you,
Steve Schofield
Windows Server MVP - IIS
ASPInsider Member - MCP
http://www.orcsweb.com/
Managed Complex Hosting
#1 in Service and Support
"SteveT" <dev@seametrix.com> wrote in message
news:O$0Th7OcHHA.4004@TK2MSFTNGP06.phx.gbl...
> This question never gets answered but I'll give it another try.
> Windows server 2003, set up smtp and pop3.
> As soon as I start smtp (from IIS) I am hit with literally hundreds of
> warnings (Events viewer) about sent email being blocked.
> But not only have I not even tried it yet (sent a message) but the damn
> port
> is blocked on my firewall - 25 is closed!
>
> What the heck is this? Not only do I not want to fill the log with this
> crap
> but it takes my bandwidth as well.
> How could it be accessed if the port is closed? I tried several port test
> sites and all confirmed it was closed.
>
> I can't be the only one who has this issue. Is there anyway to run a pop3
> mail server and block this crap?
>
> Thanks,
> Steve
>
>
| |
| SteveT 2007-03-29, 1:20 am |
| Hi Steve,
Thanks for the response. Here is a sample of the smtp log
2007-03-27 19:40:03 66.197.142.165 OutboundConnectionResponse SMTPSVC1
SMX2003 -
2007-03-27 19:40:03 66.197.142.165 OutboundConnectionCommand SMTPSVC1
SMX2003 -
2007-03-27 19:40:03 216.220.58.155 OutboundConnectionResponse SMTPSVC1
SMX2003 -
2007-03-27 19:40:03 216.220.58.155 OutboundConnectionCommand SMTPSVC1
SMX2003 -
2007-03-27 19:40:03 84.246.6.9 OutboundConnectionResponse SMTPSVC1 SMX2003 -
2007-03-27 19:40:03 66.197.142.165 OutboundConnectionResponse SMTPSVC1
SMX2003 -
2007-03-27 19:40:03 216.220.58.155 OutboundConnectionResponse SMTPSVC1
SMX2003 -
2007-03-27 19:40:03 216.220.58.155 OutboundConnectionCommand SMTPSVC1
SMX2003 -
2007-03-27 19:40:04 216.220.58.155 OutboundConnectionResponse SMTPSVC1
SMX2003 -
2007-03-27 19:40:04 216.220.58.155 OutboundConnectionCommand SMTPSVC1
SMX2003 -
2007-03-27 19:40:04 216.220.58.155 OutboundConnectionResponse SMTPSVC1
SMX2003 -
2007-03-27 19:40:04 216.220.58.155 OutboundConnectionCommand SMTPSVC1
SMX2003 -
2007-03-27 19:40:06 204.10.1.19 OutboundConnectionResponse SMTPSVC1
SMX2003 -
Here is a sample of the error, they were happening like several a second
The description for Event ID ( 4006 ) in Source ( smtpsvc ) cannot be found.
The local computer may not have the necessary registry information or
message DLL files to display messages from a remote computer. You may be
able to use the /AUXSOURCE= flag to retrieve this description; see Help and
Support for details. The following information is part of the event:
81.19.72.31, uzhe.net, The connection was dropped by the remote host.
I ran a virus check on all of the files from my computer. I don't have a
virus checker on the server - anyone know of a decently priced anti-virus
software for a server?
Steve
..
"Steve Schofield" <steve@orcsweb.com> wrote in message
news:%23iGhZeacHHA.3632@TK2MSFTNGP02.phx.gbl...
> Can you post the error? I would verify you don't have a virus on your
local
> network trying to send email. I've seen malware send 30,000 messages in
just
> a few minutes. Please post the error message. That would help. Also
enable
> logging on the smtp server, this can help determine where the message are
> coming from.
>
> --
>
> Thank you,
>
> Steve Schofield
> Windows Server MVP - IIS
> ASPInsider Member - MCP
>
> http://www.orcsweb.com/
> Managed Complex Hosting
> #1 in Service and Support
>
> "SteveT" <dev@seametrix.com> wrote in message
> news:O$0Th7OcHHA.4004@TK2MSFTNGP06.phx.gbl...
test[vbcol=seagreen]
pop3[vbcol=seagreen]
>
| |
| PeterD 2007-03-29, 1:23 pm |
| On Wed, 28 Mar 2007 22:20:11 -0800, "SteveT" <dev@seametrix.com>
wrote:
>I ran a virus check on all of the files from my computer. I don't have a
>virus checker on the server - anyone know of a decently priced anti-virus
>software for a server?
>
Re-read Schofield's reply... Do a scan on *all* the computers on your
network. Also make 100% sure you do not have an open relay configured.
| |
| SteveT 2007-03-29, 1:23 pm |
| Peter thanks for helping the blind :-) but ALL of our computers have
continuous running Anti-virus software.
We also run Spybot and we are behind a hardware firewall.
Is your response due to the fact you saw something in the info I posted?
Thanks,
Steve
"PeterD" <peter2@hipson.net> wrote in message
news:6hen03l3hl3g0agd3rhp6ionqmkuah269k@
4ax.com...
> On Wed, 28 Mar 2007 22:20:11 -0800, "SteveT" <dev@seametrix.com>
> wrote:
>
>
> Re-read Schofield's reply... Do a scan on *all* the computers on your
> network. Also make 100% sure you do not have an open relay configured.
| |
| Steve Schofield 2007-03-29, 1:23 pm |
| Do you have a bunch of files on in the Queue or Pickup folder? When you
enable the service it could be retrying them. Also, please review my blog
for enabling all settings for SMTP logs. This can help track down where
they are coming from.
http://weblogs.asp.net/steveschofie...le-logging.aspx
Also, when it is occurring, type netstat -an -p tcp from a command prompt.
Please paste these results too.
You can use http://DNSStuff.com to track down where the ip's listed on port
25. Hope that helps.
--
Thank you,
Steve Schofield
Windows Server MVP - IIS
ASPInsider Member - MCP
http://www.orcsweb.com/
Managed Complex Hosting
#1 in Service and Support
"SteveT" <dev@seametrix.com> wrote in message
news:OJZlaZhcHHA.4684@TK2MSFTNGP06.phx.gbl...
> Peter thanks for helping the blind :-) but ALL of our computers have
> continuous running Anti-virus software.
> We also run Spybot and we are behind a hardware firewall.
>
> Is your response due to the fact you saw something in the info I posted?
>
> Thanks,
> Steve
>
> "PeterD" <peter2@hipson.net> wrote in message
> news:6hen03l3hl3g0agd3rhp6ionqmkuah269k@
4ax.com...
>
>
| |
| SteveT 2007-03-29, 1:23 pm |
| Yes I did see your blog. My samples were from yesterday and I had already
setup the log but was trying to figure out where they were coming from so I
hadn't checked all of the options. And since it was taking resources I shut
it down and don't have current data.
I guess I really need to know if this is common - smtp servers being
bombarded?
Do I really want to use the 2003 server POP3 for email or is it just too
unsecure?
If people do use it what exactly is the best setup? I have searched high and
low and set all the relay, authentication, etc properties but still could
not get rid of this.
Is it worth it?
Thanks,
Steve
"Steve Schofield" <steve@orcsweb.com> wrote in message
news:OiUbWphcHHA.3960@TK2MSFTNGP04.phx.gbl...
> Do you have a bunch of files on in the Queue or Pickup folder? When you
> enable the service it could be retrying them. Also, please review my blog
> for enabling all settings for SMTP logs. This can help track down where
> they are coming from.
>
>
http://weblogs.asp.net/steveschofie...le-logging.aspx
>
> Also, when it is occurring, type netstat -an -p tcp from a command prompt.
> Please paste these results too.
>
> You can use http://DNSStuff.com to track down where the ip's listed on
port
> 25. Hope that helps.
>
> --
>
> Thank you,
>
> Steve Schofield
> Windows Server MVP - IIS
> ASPInsider Member - MCP
>
> http://www.orcsweb.com/
> Managed Complex Hosting
> #1 in Service and Support
>
> "SteveT" <dev@seametrix.com> wrote in message
> news:OJZlaZhcHHA.4684@TK2MSFTNGP06.phx.gbl...
a[vbcol=seagreen]
>
| |
| SteveT 2007-03-29, 1:23 pm |
| PS Yes there were a bunch of files in the queue as well. But how did they
get there? I think that may be the real issue here.
Steve
"Steve Schofield" <steve@orcsweb.com> wrote in message
news:OiUbWphcHHA.3960@TK2MSFTNGP04.phx.gbl...
> Do you have a bunch of files on in the Queue or Pickup folder? When you
> enable the service it could be retrying them. Also, please review my blog
> for enabling all settings for SMTP logs. This can help track down where
> they are coming from.
>
>
http://weblogs.asp.net/steveschofie...le-logging.aspx
>
> Also, when it is occurring, type netstat -an -p tcp from a command prompt.
> Please paste these results too.
>
> You can use http://DNSStuff.com to track down where the ip's listed on
port
> 25. Hope that helps.
>
> --
>
> Thank you,
>
> Steve Schofield
> Windows Server MVP - IIS
> ASPInsider Member - MCP
>
> http://www.orcsweb.com/
> Managed Complex Hosting
> #1 in Service and Support
>
> "SteveT" <dev@seametrix.com> wrote in message
> news:OJZlaZhcHHA.4684@TK2MSFTNGP06.phx.gbl...
a[vbcol=seagreen]
>
| |
| Steve Schofield 2007-03-29, 1:23 pm |
| Personally. I use the free version of Smartermail.
http://www.smartertools.com It allows for one domain (several domain
aliases) and 10 users. It is written in .NET and scales rather well. I've
used the IIS SMTP Service too for relaying, but never used the POP3 service.
Regarding smtp servers getting bombarded, if you are an open relay, yes
you'll get continually probed. Post the email headers and we can figure out
where they came from. You can turn off the service and manually move the
files to another folder, then open them in notepad.
--
Thank you,
Steve Schofield
Windows Server MVP - IIS
ASPInsider Member - MCP
http://www.orcsweb.com/
Managed Complex Hosting
#1 in Service and Support
"SteveT" <dev@seametrix.com> wrote in message
news:eN9PH4hcHHA.1508@TK2MSFTNGP06.phx.gbl...
> Yes I did see your blog. My samples were from yesterday and I had already
> setup the log but was trying to figure out where they were coming from so
> I
> hadn't checked all of the options. And since it was taking resources I
> shut
> it down and don't have current data.
>
> I guess I really need to know if this is common - smtp servers being
> bombarded?
>
> Do I really want to use the 2003 server POP3 for email or is it just too
> unsecure?
>
> If people do use it what exactly is the best setup? I have searched high
> and
> low and set all the relay, authentication, etc properties but still could
> not get rid of this.
>
> Is it worth it?
>
> Thanks,
> Steve
>
>
>
> "Steve Schofield" <steve@orcsweb.com> wrote in message
> news:OiUbWphcHHA.3960@TK2MSFTNGP04.phx.gbl...
> http://weblogs.asp.net/steveschofie...le-logging.aspx
> port
> a
>
>
| |
| SteveT 2007-03-30, 7:17 am |
| SmarterMail has the option of using SMTP or not. How is yours setup?
Steve
"Steve Schofield" <steve@orcsweb.com> wrote in message
news:%23CaxlLicHHA.4216@TK2MSFTNGP02.phx.gbl...
> Personally. I use the free version of Smartermail.
> http://www.smartertools.com It allows for one domain (several domain
> aliases) and 10 users. It is written in .NET and scales rather well.
I've
> used the IIS SMTP Service too for relaying, but never used the POP3
service.
> Regarding smtp servers getting bombarded, if you are an open relay, yes
> you'll get continually probed. Post the email headers and we can figure
out
> where they came from. You can turn off the service and manually move the
> files to another folder, then open them in notepad.
>
> --
>
> Thank you,
>
> Steve Schofield
> Windows Server MVP - IIS
> ASPInsider Member - MCP
>
> http://www.orcsweb.com/
> Managed Complex Hosting
> #1 in Service and Support
>
> "SteveT" <dev@seametrix.com> wrote in message
> news:eN9PH4hcHHA.1508@TK2MSFTNGP06.phx.gbl...
already[vbcol=seagreen]
so[vbcol=seagreen]
could[vbcol=seagreen]
you[vbcol=seagreen]
where[vbcol=seagreen]
http://weblogs.asp.net/steveschofie...le-logging.aspx[vbcol=seagreen]
your[vbcol=seagreen]
configured.[vbcol=seagreen]
>
| |
| Steve Schofield 2007-03-31, 1:24 am |
| I use SMTP, IMAP and POP3 portions of it. It handles my personal email.
--
Thank you,
Steve Schofield
Windows Server MVP - IIS
ASPInsider Member - MCP
http://www.orcsweb.com/
Managed Complex Hosting
#1 in Service and Support
"SteveT" <dev@seametrix.com> wrote in message
news:ebbFKJpcHHA.4468@TK2MSFTNGP03.phx.gbl...
> SmarterMail has the option of using SMTP or not. How is yours setup?
>
> Steve
>
>
> "Steve Schofield" <steve@orcsweb.com> wrote in message
> news:%23CaxlLicHHA.4216@TK2MSFTNGP02.phx.gbl...
> I've
> service.
> out
> already
> so
> could
> you
> where
> http://weblogs.asp.net/steveschofie...le-logging.aspx
> your
> configured.
>
>
| |
|
|
Obviously you do not have the skills needed to run an emails erver securely,
please stop what you a e doing and hire someone or signup with a managed
hosting solution where they can configure things for you.
KL.
"SteveT" <dev@seametrix.com> skrev i meddelandet
news:OnKzW5hcHHA.4720@TK2MSFTNGP04.phx.gbl...
> PS Yes there were a bunch of files in the queue as well. But how did they
> get there? I think that may be the real issue here.
>
> Steve
>
>
> "Steve Schofield" <steve@orcsweb.com> wrote in message
> news:OiUbWphcHHA.3960@TK2MSFTNGP04.phx.gbl...
> http://weblogs.asp.net/steveschofie...le-logging.aspx
> port
> a
>
>
|
|
|
|
|