We're using the SMTP server in a W2K server.  This SMTP server acts as a rel
ay.

Recently, we've got problem sending and receiving mails, esp receiving.  I
looked into the "event log" and found a lot of error messages saying that
connection can't be established (or something like that - honestly, I didn't
jot down the exact sentence).

Within IIS manager, when we unfold the SMTP branch, there're two subnodes:
"Domains" and "Current Sessions".  When I looked in the "current sessions"
branch, I could see a lot of established connections.  There's the "Connecte
d
Time" column on the right.  Some of them climbed up to more than 200000
seconds!!!

As soon as I kicked out some of those long-time connections, ie terminate
them, we were able to receive mails immediately!  So I finally decided to
kick everybody out.  One day later, when I came back to this place, I could
see there're some long-time connections again!

So, I have two questions:
1. Is this a sign that IIS SMTP server is compromized and spammers or
hackers are connected to it to send spams?  Or a security flaw?  I think so
because 200000 seconds equal to more than 2 days!!  I can't see how a mail
delivery could last so long.  So the remote client is probably "hooked" to
IIS SMTP server to do something bad.

2. No where can I see how I could limit the connection time.  I think that
if a mail can't be delivered within 6 hours, be it normal or spam mail, it's
better cut the connection and free it for other mails.  Is there any tweak i
n
the registry to set this?

TIA

[ Post a follow-up to this message ]