IIS 5 & IIS 6
strange smtp action..
Last post Nov 21, 2007 09:17 AM by morph
Nov 20, 2007 10:45 AM|morph|LINK
Hi guys, sorry if this has already come up. Wasn't too sure what to search on..
We have IIS6 setup as a perimeter server which is running gfi mailsecurity / essentials. For the best part we have no problems, but on certain occasions (which suspiciously seem to co-inside with heavy loads) the smtp service miss directs emails. So basically,
is someone from our local domain sends a bulk email out, some how IIS is seeing the email as incoming which trips the gfi. This then classifies the email as spam (due to wording used) and sends it back to exchange. No errors, no event logs, nothing. Very strange
Any help gratefully accepted.
Nov 21, 2007 08:48 AMemail@example.com|LINK
I'll suggest that you use Exchange for outbound and IIS /SMTP for inbound, or bgetter, a second Exchange server. The base SMTP server is kind of limited.
That said, your description sounds strange. I couldn't even guess what's happening here, it shouldn't be possible, especially in something as simple as SMTP. Have you checked the SMTP logs?
Nov 21, 2007 09:17 AM|morph|LINK
hi Jeff, thanks for getting back to me.....
Our setup is this:
We have two sites with an exchange box in each (call it excA and excB). ExcA sends all messages via the smtp connector to the iis/gfi (gf1) box which then delivers the messages. Gf1 is set as the mx server to stop reverse dns lookups from failing.
When a mail out is sent the header looks like this:
Microsoft Mail Internet Headers Version 2.0
Received: from GF1 ([10.0.0.1]) by excA with Microsoft SMTPSVC(6.0.3790.1830);
Received: from mail pickup service by GF1 with Microsoft SMTPSVC;
Received: from excA ([10.0.0.5]) by GF1 with Microsoft SMTPSVC(6.0.3790.3959);
Received: from excB ([10.0.1.1]) by excA with Microsoft SMTPSVC(6.0.3790.1830);
So, as far as gf1 is concerned it has acted accordingly. Yet all I see is the pickup service ignoring any local sites that had been configured. Why it does this only under heavy work load I don't know..
Due to pressure from above, I had to reinstall IIS and the gfi software which so far seems to have fixed the problem. But I'd love to know exactly why it was doing this..