SBS Exchange 2003: too many "Current Sessions" opened

SBS Exchange 2003: too many "Current Sessions" opened
Hello All,

Sometimes (usually it happens over weekends) my Exchange 2003 would stop
receiving external emails because of many active "Curresnt Sessions" and here
is why: our organization isn't big, so I lowered the "Limit number of
connections to:" parameter to 50 (it is done to fight the spam).

Now when somebody reports that he or she is not getting any "outside"
emails, I go to Exchange System Manager -> Servers -> <server> ->Protocols ->
SMTP -> Default SMTP Virtual Server - > Current Sessions and I see a bunch of
.br, .it, .ar, OHIOIJHOJOJI, etc, user names with connected times 98353566,
43543543, 3453453 seconds, or in another words with endless connection times.

I understand, that once the exchange reaches the number of connections of
50, it stops accepting new connections, stops receiving emails and here is my
qustions:
1. Why the "Terminate All" command doesn't remedy the problem with email flow?
As the second option, I try to restart SMTP service, but it freezes in a
stopping mode leaving me with only one option to restart entire server. (BTW,
I've also noticed that it feezes after I update IMF filter and I need to
restart the server)
2. what are those connections and how to protect Exchange from them?

Any advise will be greatly appreciated.
Thanks,

Cris
Wed Aug 13 13:15:53 PDT 2008

This is a multi-part message in MIME format.

------=_NextPart_000_0007_01C8FD57.7A471500
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: quoted-printable

First question is...
How much RAM in the Server?

Second Question is
Do you have Exchange Server 2003 Service Pack 2 installed and IMF =
configured for connection filtering against recognized blacklist =
providers?

--=20
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"Sann" <Sann@discussions.microsoft.com> wrote in message =
news:12FBED5A-99AC-4821-BB29-5602036459BF@microsoft.com...
SBS Exchange 2003: too many "Current Sessions" opened
Hello All,

Sometimes (usually it happens over weekends) my Exchange 2003 would stop =

receiving external emails because of many active "Curresnt Sessions" and =
here=20
is why: our organization isn't big, so I lowered the "Limit number of=20
connections to:" parameter to 50 (it is done to fight the spam).

Now when somebody reports that he or she is not getting any "outside"=20
emails, I go to Exchange System Manager -> Servers -> <server> =
->Protocols ->=20
SMTP -> Default SMTP Virtual Server - > Current Sessions and I see a =
bunch of=20
.br, .it, .ar, OHIOIJHOJOJI, etc, user names with connected times =
98353566,=20
43543543, 3453453 seconds, or in another words with endless connection =
times.

I understand, that once the exchange reaches the number of connections =
of=20
50, it stops accepting new connections, stops receiving emails and here =
is my=20
qustions:=20
1. Why the "Terminate All" command doesn't remedy the problem with email =
flow?
As the second option, I try to restart SMTP service, but it freezes in a =

stopping mode leaving me with only one option to restart entire server. =
(BTW,=20
I've also noticed that it feezes after I update IMF filter and I need =
to=20
restart the server)
2. what are those connections and how to protect Exchange from them?

Any advise will be greatly appreciated.=20
Thanks,
------=_NextPart_000_0007_01C8FD57.7A471500
Content-Type: text/html;
charset="Utf-8"
Content-Transfer-Encoding: quoted-printable

=EF=BB=BF<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8">
<META content=3D"MSHTML 6.00.2900.3354" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>First question is...</DIV>
<DIV>How much RAM in the =
Server?</DIV>
<DIV> </DIV>
<DIV>Second Question is</DIV>
<DIV>Do you have Exchange Server 2003 =
Service Pack 2=20
installed and IMF configured for connection filtering against recognized =

blacklist providers?</DIV>
<DIV> -- Cris Hanna=20
[SBS-MVP] ------------------------------------------------- Microso=
ft=20
MVPs  Independent Experts (MVPs do not work for MS) Real =
World=20
Answers --------------------------------------------------------- P=
lease=20
do not contact me directly regarding issues </DIV>
<DIV>"Sann" <<A=20
href=3D"mailto:Sann@discussions.microsoft.com">Sann@discussions.microsoft=
.com</A>>=20
wrote in message <A=20
href=3D"news:12FBED5A-99AC-4821-BB29-5602036459BF@microsoft.com">news:12F=
BED5A-99AC-4821-BB29-5602036459BF@microsoft.com</A>...</DIV>SBS=20
Exchange 2003: too many "Current Sessions" opened Hello =
All, Sometimes=20
(usually it happens over weekends) my Exchange 2003 would stop =
 receiving=20
external emails because of many active "Curresnt Sessions" and here =
 is why:=20
our organization isn't big, so I lowered the "Limit number of =
 connections=20
to:" parameter to 50 (it is done to fight the spam). Now when =
somebody=20
reports that he or she is not getting any "outside" emails, I go to =
Exchange=20
System Manager -> Servers -> <server> ->Protocols -> =
 SMTP=20
-> Default SMTP Virtual Server - > Current Sessions and I see a =
bunch of=20
 .br, .it, .ar, OHIOIJHOJOJI, etc, user names with connected times =
98353566,=20
 43543543, 3453453 seconds, or in another words with endless =
connection=20
times. I understand, that once the exchange reaches the number of =

connections of 50, it stops accepting new connections, stops =
receiving=20
emails and here is my qustions: 1. Why the "Terminate All" =
command=20
doesn't remedy the problem with email flow? As the second option, I =
try to=20
restart SMTP service, but it freezes in a stopping mode leaving me =
with only=20
one option to restart entire server. (BTW, I've also  noticed =
that it=20
feezes after I update IMF filter and I need to restart the =
server) 2.=20
what are those connections and how to protect Exchange from =
them? Any=20
advise will be greatly appreciated. Thanks,</BODY></HTML>

------=_NextPart_000_0007_01C8FD57.7A471500--

Sann
Wed Aug 13 13:29:00 PDT 2008

Hello Cris, thank you for your prompt reply.

dual core 2.8 GHz with 2 GB memory.
the memory usage averages about 1,5 GB at all times.

Yes, I have installed SP 2 and all latest updates released after, with IMF
and enabled on SMTP.

"Cris Hanna [SBS-MVP]" wrote:

> First question is...
> How much RAM in the Server?
>
> Second Question is
> Do you have Exchange Server 2003 Service Pack 2 installed and IMF configured for connection filtering against recognized blacklist providers?
>
> --
> Cris Hanna [SBS-MVP]
> -------------------------------------------------
> Microsoft MVPs
> Independent Experts (MVPs do not work for MS)
> Real World Answers
> ---------------------------------------------------------
> Please do not contact me directly regarding issues
>
> "Sann" <Sann@discussions.microsoft.com> wrote in message news:12FBED5A-99AC-4821-BB29-5602036459BF@microsoft.com...
> SBS Exchange 2003: too many "Current Sessions" opened
> Hello All,
>
> Sometimes (usually it happens over weekends) my Exchange 2003 would stop
> receiving external emails because of many active "Curresnt Sessions" and here
> is why: our organization isn't big, so I lowered the "Limit number of
> connections to:" parameter to 50 (it is done to fight the spam).
>
> Now when somebody reports that he or she is not getting any "outside"
> emails, I go to Exchange System Manager -> Servers -> <server> ->Protocols ->
> SMTP -> Default SMTP Virtual Server - > Current Sessions and I see a bunch of
> ..br, .it, .ar, OHIOIJHOJOJI, etc, user names with connected times 98353566,
> 43543543, 3453453 seconds, or in another words with endless connection times.
>
> I understand, that once the exchange reaches the number of connections of
> 50, it stops accepting new connections, stops receiving emails and here is my
> qustions:
> 1. Why the "Terminate All" command doesn't remedy the problem with email flow?
> As the second option, I try to restart SMTP service, but it freezes in a
> stopping mode leaving me with only one option to restart entire server. (BTW,
> I've also noticed that it feezes after I update IMF filter and I need to
> restart the server)
> 2. what are those connections and how to protect Exchange from them?
>
> Any advise will be greatly appreciated

Cliff
Wed Aug 13 13:57:22 PDT 2008

Sann:

Try these things, in this order:

1) Enable recipient filtering and only accept messages from users in AD.
The most common reason for ridiculously long connection times is a spambot
trying to do a directory harvest. Since exchange defaults to accepting
*everything* at connect time and rejecting later, you end up with the bot
just sending name after name to the server and never getting a rejection.
It has no reason to disconnect.

2) Once recipient filtering is enabled, you will actually be exposed to a
directory harvest attack instead of exchange just accepting everything. So,
you should enable tarpitting. This is the point you should see those
connections drop down.

3) IF, after a week, you are still seeing some connections, try *DISABLING*
SenderID filtering on the Virtual SMTP server. There is a bug in one of the
SenderID dll's that can falsely hold open connections. MS has quietly
acknowledged its existence, but has not come clean yet (to my knowledge)
what the exact parameters are that cause this behavior. It is not
consistent in my experience. Some servers have it, some don't exhibit it at
all. And I'm told that it is fixed in Exchange 2007. I haven't seen it
surface on 2007 yet myself, so I'm inclined to believe them...but then
again, SBS 2008 isn't released yet....so it could be an odd interaction
there.

To answer your other questions, the SMTP stack does seem to lock up with
these long connections. That is the reason that 'terminate all' does not
resolve the problem AND why the SMTP service stops responding if you try to
restart it. You do *not* need to restart the server, however.

From the command line, you can run this command:

sc queryex smtpsvc

And in the output, find the process ID (PID). Once you have the PID, you
can kill the process in task manager (usually an inetinfo process, which is
why it is so tough to find.) From there, the process is flushed completely
from memory and can be restarted without problem.

-Cliff

"Sann" <Sann@discussions.microsoft.com> wrote in message
news:6894EB2A-E7E0-4AD7-B799-446E28719BFC@microsoft.com...
> Hello Cris, thank you for your prompt reply.
>
> dual core 2.8 GHz with 2 GB memory.
> the memory usage averages about 1,5 GB at all times.
>
> Yes, I have installed SP 2 and all latest updates released after, with IMF
> and enabled on SMTP.
>
> "Cris Hanna [SBS-MVP]" wrote:
>
>> First question is...
>> How much RAM in the Server?
>>
>> Second Question is
>> Do you have Exchange Server 2003 Service Pack 2 installed and IMF
>> configured for connection filtering against recognized blacklist
>> providers?
>>
>> --
>> Cris Hanna [SBS-MVP]
>> -------------------------------------------------
>> Microsoft MVPs
>> Independent Experts (MVPs do not work for MS)
>> Real World Answers
>> ---------------------------------------------------------
>> Please do not contact me directly regarding issues
>>
>> "Sann" <Sann@discussions.microsoft.com> wrote in message
>> news:12FBED5A-99AC-4821-BB29-5602036459BF@microsoft.com...
>> SBS Exchange 2003: too many "Current Sessions" opened
>> Hello All,
>>
>> Sometimes (usually it happens over weekends) my Exchange 2003 would stop
>> receiving external emails because of many active "Curresnt Sessions" and
>> here
>> is why: our organization isn't big, so I lowered the "Limit number of
>> connections to:" parameter to 50 (it is done to fight the spam).
>>
>> Now when somebody reports that he or she is not getting any "outside"
>> emails, I go to Exchange System Manager -> Servers ->
>> <server> ->Protocols ->
>> SMTP -> Default SMTP Virtual Server - > Current Sessions and I see a
>> bunch of
>> ..br, .it, .ar, OHIOIJHOJOJI, etc, user names with connected times
>> 98353566,
>> 43543543, 3453453 seconds, or in another words with endless connection
>> times.
>>
>> I understand, that once the exchange reaches the number of connections of
>> 50, it stops accepting new connections, stops receiving emails and here
>> is my
>> qustions:
>> 1. Why the "Terminate All" command doesn't remedy the problem with email
>> flow?
>> As the second option, I try to restart SMTP service, but it freezes in a
>> stopping mode leaving me with only one option to restart entire server.
>> (BTW,
>> I've also noticed that it feezes after I update IMF filter and I need to
>> restart the server)
>> 2. what are those connections and how to protect Exchange from them?
>>
>> Any advise will be greatly appreciated

Cris
Wed Aug 13 14:24:07 PDT 2008

This is a multi-part message in MIME format.

------=_NextPart_000_004B_01C8FD61.029A49A0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: quoted-printable

And if you only have 2GB of RAM, RAM is cheap!! bump it to 4GB

And my spam has dropped so much using SBS 2008 RC1 it's a non-issue any =
more

--=20
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"Cliff Galiher" <cgaliher@gmail.com> wrote in message =
news:Bfmdnb4hrr4v1z7VnZ2dnUVZ_gOdnZ2d@bresnan.com...
Sann:

Try these things, in this order:

1) Enable recipient filtering and only accept messages from users in AD. =

The most common reason for ridiculously long connection times is a =
spambot=20
trying to do a directory harvest. Since exchange defaults to accepting=20
*everything* at connect time and rejecting later, you end up with the =
bot=20
just sending name after name to the server and never getting a =
rejection.=20
It has no reason to disconnect.

2) Once recipient filtering is enabled, you will actually be exposed to =
a=20
directory harvest attack instead of exchange just accepting everything. =
So,=20
you should enable tarpitting. This is the point you should see those=20
connections drop down.

3) IF, after a week, you are still seeing some connections, try =
*DISABLING*=20
SenderID filtering on the Virtual SMTP server. There is a bug in one of =
the=20
SenderID dll's that can falsely hold open connections. MS has quietly=20
acknowledged its existence, but has not come clean yet (to my knowledge) =

what the exact parameters are that cause this behavior. It is not=20
consistent in my experience. Some servers have it, some don't exhibit =
it at=20
all. And I'm told that it is fixed in Exchange 2007. I haven't seen it =

surface on 2007 yet myself, so I'm inclined to believe them...but then=20
again, SBS 2008 isn't released yet....so it could be an odd interaction=20
there.

To answer your other questions, the SMTP stack does seem to lock up with =

these long connections. That is the reason that 'terminate all' does =
not=20
resolve the problem AND why the SMTP service stops responding if you try =
to=20
restart it. You do *not* need to restart the server, however.

From the command line, you can run this command:

sc queryex smtpsvc

And in the output, find the process ID (PID). Once you have the PID, =
you=20
can kill the process in task manager (usually an inetinfo process, which =
is=20
why it is so tough to find.) From there, the process is flushed =
completely=20
from memory and can be restarted without problem.

-Cliff

"Sann" <Sann@discussions.microsoft.com> wrote in message=20
news:6894EB2A-E7E0-4AD7-B799-446E28719BFC@microsoft.com...
> Hello Cris, thank you for your prompt reply.
>
> dual core 2.8 GHz with 2 GB memory.
> the memory usage averages about 1,5 GB at all times.
>
> Yes, I have installed SP 2 and all latest updates released after, with =
IMF
> and enabled on SMTP.
>
> "Cris Hanna [SBS-MVP]" wrote:
>
>> First question is...
>> How much RAM in the Server?
>>
>> Second Question is
>> Do you have Exchange Server 2003 Service Pack 2 installed and IMF=20
>> configured for connection filtering against recognized blacklist=20
>> providers?
>>
>> --=20
>> Cris Hanna [SBS-MVP]
>> -------------------------------------------------
>> Microsoft MVPs
>> Independent Experts (MVPs do not work for MS)
>> Real World Answers
>> ---------------------------------------------------------
>> Please do not contact me directly regarding issues
>>
>> "Sann" <Sann@discussions.microsoft.com> wrote in message=20
>> news:12FBED5A-99AC-4821-BB29-5602036459BF@microsoft.com...
>> SBS Exchange 2003: too many "Current Sessions" opened
>> Hello All,
>>
>> Sometimes (usually it happens over weekends) my Exchange 2003 would =
stop
>> receiving external emails because of many active "Curresnt Sessions" =
and=20
>> here
>> is why: our organization isn't big, so I lowered the "Limit number of
>> connections to:" parameter to 50 (it is done to fight the spam).
>>
>> Now when somebody reports that he or she is not getting any "outside"
>> emails, I go to Exchange System Manager -> Servers ->=20
>> <server> ->Protocols ->
>> SMTP -> Default SMTP Virtual Server - > Current Sessions and I see a=20
>> bunch of
>> ..br, .it, .ar, OHIOIJHOJOJI, etc, user names with connected times=20
>> 98353566,
>> 43543543, 3453453 seconds, or in another words with endless =
connection=20
>> times.
>>
>> I understand, that once the exchange reaches the number of =
connections of
>> 50, it stops accepting new connections, stops receiving emails and =
here=20
>> is my
>> qustions:
>> 1. Why the "Terminate All" command doesn't remedy the problem with =
email=20
>> flow?
>> As the second option, I try to restart SMTP service, but it freezes =
in a
>> stopping mode leaving me with only one option to restart entire =
server.=20
>> (BTW,
>> I've also noticed that it feezes after I update IMF filter and I =
need to
>> restart the server)
>> 2. what are those connections and how to protect Exchange from them?
>>
>> Any advise will be greatly appreciated=20

------=_NextPart_000_004B_01C8FD61.029A49A0
Content-Type: text/html;
charset="Utf-8"
Content-Transfer-Encoding: quoted-printable

=EF=BB=BF<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8">
<META content=3D"MSHTML 6.00.2900.3354" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>And if you only have 2GB of RAM,  =
RAM is=20
cheap!!  bump it to 4GB</DIV>
<DIV> </DIV>
<DIV>And my spam has dropped so much using =
SBS 2008=20
RC1  it's a non-issue any more</DIV>
<DIV> -- Cris Hanna=20
[SBS-MVP] ------------------------------------------------- Microso=
ft=20
MVPs  Independent Experts (MVPs do not work for MS) Real =
World=20
Answers --------------------------------------------------------- P=
lease=20
do not contact me directly regarding issues </DIV>
<DIV>"Cliff Galiher" <<A=20
href=3D"mailto:cgaliher@gmail.com">cgaliher@gmail.com</A>> wrote in =
message <A=20
href=3D"news:Bfmdnb4hrr4v1z7VnZ2dnUVZ_gOdnZ2d@bresnan.com">news:Bfmdnb4hr=
r4v1z7VnZ2dnUVZ_gOdnZ2d@bresnan.com</A>...</DIV>Sann: Try=20
these things, in this order: 1) Enable recipient filtering and =
only=20
accept messages from users in AD. The most common reason for =
ridiculously=20
long connection times is a spambot trying to do a directory harvest. =
Since=20
exchange defaults to accepting *everything* at connect time and =
rejecting=20
later, you end up with the bot just sending name after name to the =
server=20
and never getting a rejection. It has no reason to =
disconnect. 2)=20
Once recipient filtering is enabled, you will actually be exposed to a=20
 directory harvest attack instead of exchange just accepting=20
everything.  So, you should enable tarpitting.  This is =
the point=20
you should see those connections drop down. 3) IF, after a =
week, you=20
are still seeing some connections, try *DISABLING* SenderID =
filtering on the=20
Virtual SMTP server.  There is a bug in one of the SenderID =
dll's that=20
can falsely hold open connections.  MS has quietly acknowledged =
its=20
existence, but has not come clean yet (to my knowledge) what the =
exact=20
parameters are that cause this behavior.  It is not consistent =
in my=20
experience.  Some servers have it, some don't exhibit it at =
 all. =20
And I'm told that it is fixed in Exchange 2007.  I haven't seen it=20
 surface on 2007 yet myself, so I'm inclined to believe them...but =
then=20
 again, SBS 2008 isn't released yet....so it could be an odd =
interaction=20
 there. To answer your other questions, the SMTP stack does =
seem to=20
lock up with these long connections.  That is the reason that=20
'terminate all' does not resolve the problem AND why the SMTP =
service stops=20
responding if you try to restart it.  You do *not* need to =
restart the=20
server, however. From the command line, you can run this=20
command: sc queryex smtpsvc And in the output, find the =
process ID=20
(PID).  Once you have the PID, you can kill the process in task =
manager=20
(usually an inetinfo process, which is why it is so tough to =
find.) =20
From there, the process is flushed completely from memory and can be =

restarted without problem. -Cliff "Sann" <<A=20
href=3D"mailto:Sann@discussions.microsoft.com">Sann@discussions.microsoft=
.com</A>>=20
wrote in message <A=20
href=3D"news:6894EB2A-E7E0-4AD7-B799-446E28719BFC@microsoft.com">news:689=
4EB2A-E7E0-4AD7-B799-446E28719BFC@microsoft.com</A>... >=20
Hello Cris, thank you for your prompt reply. > > dual core =
2.8 GHz=20
with 2 GB memory. > the memory usage averages about 1,5 GB at all=20
times. > > Yes, I have installed SP 2 and all latest updates =

released after, with IMF > and enabled on SMTP. > > =
"Cris=20
Hanna [SBS-MVP]" wrote: > >> First question =
is... >> How=20
much RAM in the Server? >> >> Second Question =
is >>=20
Do you have Exchange Server 2003 Service Pack 2 installed and IMF =
 >>=20
configured for connection filtering against recognized blacklist =
 >>=20
providers? >> >> -- >> Cris Hanna=20
[SBS-MVP] >>=20
------------------------------------------------- >> Microsoft=20
MVPs >>  Independent Experts (MVPs do not work for =
MS) >>=20
Real World Answers >>=20
--------------------------------------------------------- >> =
Please do=20
not contact me directly regarding issues >> >> "Sann" =
<<A=20
href=3D"mailto:Sann@discussions.microsoft.com">Sann@discussions.microsoft=
.com</A>>=20
wrote in message >> <A=20
href=3D"news:12FBED5A-99AC-4821-BB29-5602036459BF@microsoft.com">news:12F=
BED5A-99AC-4821-BB29-5602036459BF@microsoft.com</A>... >>=20
SBS Exchange 2003: too many "Current Sessions" opened >> Hello=20
All, >> >> Sometimes (usually it happens over =
weekends) my=20
Exchange 2003 would stop >> receiving external emails because =
of many=20
active "Curresnt Sessions" and >> here >> is why: our =

organization isn't big, so I lowered the "Limit number of >>=20
connections to:" parameter to 50 (it is done to fight the=20
spam). >> >> Now when somebody reports that he or she =
is not=20
getting any "outside" >> emails, I go to Exchange System =
Manager ->=20
Servers -> >> <server> ->Protocols =
-> >> SMTP=20
-> Default SMTP Virtual Server - > Current Sessions and I see a=20
 >> bunch of >> ..br, .it, .ar, OHIOIJHOJOJI, etc, =
user names=20
with connected times >> 98353566, >> 43543543, =
3453453=20
seconds, or in another words with endless connection >>=20
times. >> >> I understand, that once the exchange =
reaches the=20
number of connections of >> 50, it stops accepting new =
connections,=20
stops receiving emails and here >> is my >>=20
qustions: >> 1. Why the "Terminate All" command doesn't remedy =
the=20
problem with email >> flow? >> As the second option, =
I try to=20
restart SMTP service, but it freezes in a >> stopping mode =
leaving me=20
with only one option to restart entire server. >> =
(BTW, >>=20
I've also  noticed that it feezes after I update IMF filter and I =
need=20
to >> restart the server) >> 2. what are those =
connections and=20
how to protect Exchange from them? >> >> Any advise =
will be=20
greatly appreciated </BODY></HTML>

------=_NextPart_000_004B_01C8FD61.029A49A0--

Sann
Thu Aug 14 06:28:05 PDT 2008

Thanks a lot for your advices and information - will start experimenting....

btw, a quick side question to Cris: how did you move your users to SBS2008:
using migration tool in exchange or csv, ldi tools? I'm asking this question
in responce to your suggestion to bump the RAM to 4 GB. I'm installing a new
server hardware: 2x4 proc-s, 4 GB, RAID 10 on SAS, etc...

"Cris Hanna [SBS-MVP]" wrote:

> And if you only have 2GB of RAM, RAM is cheap!! bump it to 4GB
>
> And my spam has dropped so much using SBS 2008 RC1 it's a non-issue any more
>
> --
> Cris Hanna [SBS-MVP]
> -------------------------------------------------
> Microsoft MVPs
> Independent Experts (MVPs do not work for MS)
> Real World Answers
> ---------------------------------------------------------
> Please do not contact me directly regarding issues
>
> "Cliff Galiher" <cgaliher@gmail.com> wrote in message news:Bfmdnb4hrr4v1z7VnZ2dnUVZ_gOdnZ2d@bresnan.com...
> Sann:
>
> Try these things, in this order:
>
> 1) Enable recipient filtering and only accept messages from users in AD.
> The most common reason for ridiculously long connection times is a spambot
> trying to do a directory harvest. Since exchange defaults to accepting
> *everything* at connect time and rejecting later, you end up with the bot
> just sending name after name to the server and never getting a rejection.
> It has no reason to disconnect.
>
> 2) Once recipient filtering is enabled, you will actually be exposed to a
> directory harvest attack instead of exchange just accepting everything. So,
> you should enable tarpitting. This is the point you should see those
> connections drop down.
>
> 3) IF, after a week, you are still seeing some connections, try *DISABLING*
> SenderID filtering on the Virtual SMTP server. There is a bug in one of the
> SenderID dll's that can falsely hold open connections. MS has quietly
> acknowledged its existence, but has not come clean yet (to my knowledge)
> what the exact parameters are that cause this behavior. It is not
> consistent in my experience. Some servers have it, some don't exhibit it at
> all. And I'm told that it is fixed in Exchange 2007. I haven't seen it
> surface on 2007 yet myself, so I'm inclined to believe them...but then
> again, SBS 2008 isn't released yet....so it could be an odd interaction
> there.
>
> To answer your other questions, the SMTP stack does seem to lock up with
> these long connections. That is the reason that 'terminate all' does not
> resolve the problem AND why the SMTP service stops responding if you try to
> restart it. You do *not* need to restart the server, however.
>
> From the command line, you can run this command:
>
> sc queryex smtpsvc
>
> And in the output, find the process ID (PID). Once you have the PID, you
> can kill the process in task manager (usually an inetinfo process, which is
> why it is so tough to find.) From there, the process is flushed completely
> from memory and can be restarted without problem.
>
> -Cliff
>
> "Sann" <Sann@discussions.microsoft.com> wrote in message
> news:6894EB2A-E7E0-4AD7-B799-446E28719BFC@microsoft.com...
> > Hello Cris, thank you for your prompt reply.
> >
> > dual core 2.8 GHz with 2 GB memory.
> > the memory usage averages about 1,5 GB at all times.
> >
> > Yes, I have installed SP 2 and all latest updates released after, with IMF
> > and enabled on SMTP.
> >
> > "Cris Hanna [SBS-MVP]" wrote:
> >
> >> First question is...
> >> How much RAM in the Server?
> >>
> >> Second Question is
> >> Do you have Exchange Server 2003 Service Pack 2 installed and IMF
> >> configured for connection filtering against recognized blacklist
> >> providers?
> >>
> >> --
> >> Cris Hanna [SBS-MVP]
> >> -------------------------------------------------
> >> Microsoft MVPs
> >> Independent Experts (MVPs do not work for MS)
> >> Real World Answers
> >> ---------------------------------------------------------
> >> Please do not contact me directly regarding issues
> >>
> >> "Sann" <Sann@discussions.microsoft.com> wrote in message
> >> news:12FBED5A-99AC-4821-BB29-5602036459BF@microsoft.com...
> >> SBS Exchange 2003: too many "Current Sessions" opened
> >> Hello All,
> >>
> >> Sometimes (usually it happens over weekends) my Exchange 2003 would stop
> >> receiving external emails because of many active "Curresnt Sessions" and
> >> here
> >> is why: our organization isn't big, so I lowered the "Limit number of
> >> connections to:" parameter to 50 (it is done to fight the spam).
> >>
> >> Now when somebody reports that he or she is not getting any "outside"
> >> emails, I go to Exchange System Manager -> Servers ->
> >> <server> ->Protocols ->
> >> SMTP -> Default SMTP Virtual Server - > Current Sessions and I see a
> >> bunch of
> >> ..br, .it, .ar, OHIOIJHOJOJI, etc, user names with connected times
> >> 98353566,
> >> 43543543, 3453453 seconds, or in another words with endless connection
> >> times.
> >>
> >> I understand, that once the exchange reaches the number of connections of
> >> 50, it stops accepting new connections, stops receiving emails and here
> >> is my
> >> qustions:
> >> 1. Why the "Terminate All" command doesn't remedy the problem with email
> >> flow?
> >> As the second option, I try to restart SMTP service, but it freezes in a
> >> stopping mode leaving me with only one option to restart entire server.
> >> (BTW,
> >> I've also noticed that it feezes after I update IMF filter and I need to
> >> restart the server)
> >> 2. what are those connections and how to protect Exchange from them?
> >>
> >> Any advise will be greatly appreciated
>

Cris
Thu Aug 14 08:01:03 PDT 2008

This is a multi-part message in MIME format.

------=_NextPart_000_004F_01C8FDF4.A9607E60
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: quoted-printable

SBS 2008 is not a production server since it only RC1...its my test =
server and I'm the only user...so there was no "migration" as such

SBS 2008 does include the option during installation, to install fresh =
or to perform a migration installation, which allows you to introduce it =
into an existing SBS 2003 organizations.

--=20
Cris Hanna [SBS-MVP]
Co-Author, Windows Small Business Server 2008 Unleashed=20
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/06723295=
73/ref=3Dpd_bbs_sr_1?ie=3DUTF8&s=3Dbooks&qid=3D1217269967&sr=3D8-1
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues

"Sann" <Sann@discussions.microsoft.com> wrote in message =
news:19118D7F-6331-44AF-A64B-58E77F8F43B2@microsoft.com...
Thanks a lot for your advices and information - will start =
experimenting....

btw, a quick side question to Cris: how did you move your users to =
SBS2008:=20
using migration tool in exchange or csv, ldi tools? I'm asking this =
question=20
in responce to your suggestion to bump the RAM to 4 GB. I'm installing a =
new=20
server hardware: 2x4 proc-s, 4 GB, RAID 10 on SAS, etc...

"Cris Hanna [SBS-MVP]" wrote:

> And if you only have 2GB of RAM, RAM is cheap!! bump it to 4GB
>=20
> And my spam has dropped so much using SBS 2008 RC1 it's a non-issue =
any more
>=20
> --=20
> Cris Hanna [SBS-MVP]
> -------------------------------------------------
> Microsoft MVPs
> Independent Experts (MVPs do not work for MS)
> Real World Answers
> ---------------------------------------------------------
> Please do not contact me directly regarding issues
>=20
> "Cliff Galiher" <cgaliher@gmail.com> wrote in message =
news:Bfmdnb4hrr4v1z7VnZ2dnUVZ_gOdnZ2d@bresnan.com...
> Sann:
>=20
> Try these things, in this order:
>=20
> 1) Enable recipient filtering and only accept messages from users in =
AD.=20
> The most common reason for ridiculously long connection times is a =
spambot=20
> trying to do a directory harvest. Since exchange defaults to accepting =

> *everything* at connect time and rejecting later, you end up with the =
bot=20
> just sending name after name to the server and never getting a =
rejection.=20
> It has no reason to disconnect.
>=20
> 2) Once recipient filtering is enabled, you will actually be exposed =
to a=20
> directory harvest attack instead of exchange just accepting =
everything. So,=20
> you should enable tarpitting. This is the point you should see those=20
> connections drop down.
>=20
> 3) IF, after a week, you are still seeing some connections, try =
*DISABLING*=20
> SenderID filtering on the Virtual SMTP server. There is a bug in one =
of the=20
> SenderID dll's that can falsely hold open connections. MS has quietly =

> acknowledged its existence, but has not come clean yet (to my =
knowledge)=20
> what the exact parameters are that cause this behavior. It is not=20
> consistent in my experience. Some servers have it, some don't exhibit =
it at=20
> all. And I'm told that it is fixed in Exchange 2007. I haven't seen =
it=20
> surface on 2007 yet myself, so I'm inclined to believe them...but then =

> again, SBS 2008 isn't released yet....so it could be an odd =
interaction=20
> there.
>=20
> To answer your other questions, the SMTP stack does seem to lock up =
with=20
> these long connections. That is the reason that 'terminate all' does =
not=20
> resolve the problem AND why the SMTP service stops responding if you =
try to=20
> restart it. You do *not* need to restart the server, however.
>=20
> From the command line, you can run this command:
>=20
> sc queryex smtpsvc
>=20
> And in the output, find the process ID (PID). Once you have the PID, =
you=20
> can kill the process in task manager (usually an inetinfo process, =
which is=20
> why it is so tough to find.) From there, the process is flushed =
completely=20
> from memory and can be restarted without problem.
>=20
> -Cliff
>=20
> "Sann" <Sann@discussions.microsoft.com> wrote in message=20
> news:6894EB2A-E7E0-4AD7-B799-446E28719BFC@microsoft.com...
> > Hello Cris, thank you for your prompt reply.
> >
> > dual core 2.8 GHz with 2 GB memory.
> > the memory usage averages about 1,5 GB at all times.
> >
> > Yes, I have installed SP 2 and all latest updates released after, =
with IMF
> > and enabled on SMTP.
> >
> > "Cris Hanna [SBS-MVP]" wrote:
> >
> >> First question is...
> >> How much RAM in the Server?
> >>
> >> Second Question is
> >> Do you have Exchange Server 2003 Service Pack 2 installed and IMF=20
> >> configured for connection filtering against recognized blacklist=20
> >> providers?
> >>
> >> --=20
> >> Cris Hanna [SBS-MVP]
> >> -------------------------------------------------
> >> Microsoft MVPs
> >> Independent Experts (MVPs do not work for MS)
> >> Real World Answers
> >> ---------------------------------------------------------
> >> Please do not contact me directly regarding issues
> >>
> >> "Sann" <Sann@discussions.microsoft.com> wrote in message=20
> >> news:12FBED5A-99AC-4821-BB29-5602036459BF@microsoft.com...
> >> SBS Exchange 2003: too many "Current Sessions" opened
> >> Hello All,
> >>
> >> Sometimes (usually it happens over weekends) my Exchange 2003 would =
stop
> >> receiving external emails because of many active "Curresnt =
Sessions" and=20
> >> here
> >> is why: our organization isn't big, so I lowered the "Limit number =
of
> >> connections to:" parameter to 50 (it is done to fight the spam).
> >>
> >> Now when somebody reports that he or she is not getting any =
"outside"
> >> emails, I go to Exchange System Manager -> Servers ->=20
> >> <server> ->Protocols ->
> >> SMTP -> Default SMTP Virtual Server - > Current Sessions and I see =
a=20
> >> bunch of
> >> ..br, .it, .ar, OHIOIJHOJOJI, etc, user names with connected times=20
> >> 98353566,
> >> 43543543, 3453453 seconds, or in another words with endless =
connection=20
> >> times.
> >>
> >> I understand, that once the exchange reaches the number of =
connections of
> >> 50, it stops accepting new connections, stops receiving emails and =
here=20
> >> is my
> >> qustions:
> >> 1. Why the "Terminate All" command doesn't remedy the problem with =
email=20
> >> flow?
> >> As the second option, I try to restart SMTP service, but it freezes =
in a
> >> stopping mode leaving me with only one option to restart entire =
server.=20
> >> (BTW,
> >> I've also noticed that it feezes after I update IMF filter and I =
need to
> >> restart the server)
> >> 2. what are those connections and how to protect Exchange from =
them?
> >>
> >> Any advise will be greatly appreciated=20
>
------=_NextPart_000_004F_01C8FDF4.A9607E60
Content-Type: text/html;
charset="Utf-8"
Content-Transfer-Encoding: quoted-printable

=EF=BB=BF<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8">
<META content=3D"MSHTML 6.00.2900.3354" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>SBS 2008 is not a production server =
since it only=20
RC1...its my test server and I'm the only user...so there was no =
"migration" as=20
such</DIV>
<DIV> </DIV>
<DIV>SBS 2008 does include the option during =

installation, to install fresh or to perform a migration installation, =
which=20
allows you to introduce it into an existing SBS 2003 =
organizations.</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> -- Cris Hanna [SBS-MVP]</DIV>
<DIV>Co-Author, Windows Small Business Server =
2008=20
Unleashed </DIV>
<DIV><A=20
href=3D"https://mail.cpuservices.net/owa/redir.aspx?C=3D48b50e97f1d34273a=
bb875fd9e053a75&URL=3Dhttp%3a%2f%2fwww.amazon.com%2fWindows-Small-Bus=
iness-Server-Unleashed%2fdp%2f0672329573%2fref%3dpd_bbs_sr_1%3fie%3dUTF8%=
26s%3dbooks%26qid%3d1217269967%26sr%3d8-1"=20
target=3D_blank>http://www.amazon.com/Windows-Small-Business-Server-Unlea=
shed/dp/0672329573/ref=3Dpd_bbs_sr_1?ie=3DUTF8&s=3Dbooks&qid=3D12=
17269967&sr=3D8-1</A> --------------------------------------------=
----- Microsoft=20
MVPs  Independent Experts (MVPs do not work for MS) Real =
World=20
Answers --------------------------------------------------------- P=
lease=20
do not contact me directly regarding issues </DIV>
<DIV>"Sann" <<A=20
href=3D"mailto:Sann@discussions.microsoft.com">Sann@discussions.microsoft=
.com</A>>=20
wrote in message <A=20
href=3D"news:19118D7F-6331-44AF-A64B-58E77F8F43B2@microsoft.com">news:191=
18D7F-6331-44AF-A64B-58E77F8F43B2@microsoft.com</A>...</DIV>Thanks=20
a lot for your advices and information - will start=20
experimenting.... btw, a quick side question to Cris: how did you =
move=20
your users to SBS2008: using migration tool in exchange or csv, ldi =
tools?=20
I'm asking this question in responce to your suggestion to bump the =
RAM to 4=20
GB. I'm installing a new server hardware: 2x4 proc-s, 4 GB, RAID 10 =
on SAS,=20
etc... "Cris Hanna [SBS-MVP]" wrote: > And if you only =
have 2GB=20
of RAM,  RAM is cheap!!  bump it to 4GB > > And =
my spam=20
has dropped so much using SBS 2008 RC1  it's a non-issue any =
more >=20
 > -- > Cris Hanna [SBS-MVP] >=20
------------------------------------------------- > Microsoft=20
MVPs >  Independent Experts (MVPs do not work for MS) > =
Real=20
World Answers >=20
--------------------------------------------------------- > Please =
do not=20
contact me directly regarding issues > > "Cliff Galiher" =
<<A=20
href=3D"mailto:cgaliher@gmail.com">cgaliher@gmail.com</A>> wrote in =
message <A=20
href=3D"news:Bfmdnb4hrr4v1z7VnZ2dnUVZ_gOdnZ2d@bresnan.com">news:Bfmdnb4hr=
r4v1z7VnZ2dnUVZ_gOdnZ2d@bresnan.com</A>... >=20
Sann: > > Try these things, in this order: > > =
1)=20
Enable recipient filtering and only accept messages from users in AD. =
 >=20
The most common reason for ridiculously long connection times is a =
spambot=20
 > trying to do a directory harvest. Since exchange defaults to =
accepting=20
 > *everything* at connect time and rejecting later, you end up =
with the=20
bot > just sending name after name to the server and never =
getting a=20
rejection. > It has no reason to disconnect. > > 2) =
Once=20
recipient filtering is enabled, you will actually be exposed to a =
 >=20
directory harvest attack instead of exchange just accepting =
everything. =20
So, > you should enable tarpitting.  This is the point you =
should=20
see those > connections drop down. > > 3) IF, after =
a week,=20
you are still seeing some connections, try *DISABLING* > SenderID =

filtering on the Virtual SMTP server.  There is a bug in one of the =

 > SenderID dll's that can falsely hold open connections.  MS =
has=20
quietly > acknowledged its existence, but has not come clean yet =
(to my=20
knowledge) > what the exact parameters are that cause this=20
behavior.  It is not > consistent in my experience.  =
Some=20
servers have it, some don't exhibit it at > all.  And I'm =
told that=20
it is fixed in Exchange 2007.  I haven't seen it > surface =
on 2007=20
yet myself, so I'm inclined to believe them...but then > again, =
SBS 2008=20
isn't released yet....so it could be an odd interaction > =
there. >=20
 > To answer your other questions, the SMTP stack does seem to =
lock up=20
with > these long connections.  That is the reason that =
'terminate=20
all' does not > resolve the problem AND why the SMTP service =
stops=20
responding if you try to > restart it.  You do *not* need to =
restart=20
the server, however. > > From the command line, you can run =
this=20
command: > > sc queryex smtpsvc > > And in the =
output,=20
find the process ID (PID).  Once you have the PID, you > can =
kill=20
the process in task manager (usually an inetinfo process, which is =
 > why=20
it is so tough to find.)  From there, the process is flushed =
completely=20
 > from memory and can be restarted without problem. > =
 >=20
-Cliff > > "Sann" <<A=20
href=3D"mailto:Sann@discussions.microsoft.com">Sann@discussions.microsoft=
.com</A>>=20
wrote in message > <A=20
href=3D"news:6894EB2A-E7E0-4AD7-B799-446E28719BFC@microsoft.com">news:689=
4EB2A-E7E0-4AD7-B799-446E28719BFC@microsoft.com</A>... >=20
> Hello Cris, thank you for your prompt reply. > > > =
> dual=20
core 2.8 GHz with 2 GB memory. > > the memory usage averages =
about 1,5=20
GB at all times. > > > > Yes, I have installed SP 2 =
and all=20
latest updates released after, with IMF > > and enabled on=20
SMTP. > > > > "Cris Hanna [SBS-MVP]" wrote: >=20
> > >> First question is... > >> How much RAM =
in the=20
Server? > >> > >> Second Question is > =
>> Do=20
you have Exchange Server 2003 Service Pack 2 installed and IMF > =
>>=20
configured for connection filtering against recognized blacklist =
 >=20
>> providers? > >> > >> -- > =
>> Cris=20
Hanna [SBS-MVP] > >>=20
------------------------------------------------- > >> =
Microsoft=20
MVPs > >>  Independent Experts (MVPs do not work for=20
MS) > >> Real World Answers > >>=20
--------------------------------------------------------- > =
>>=20
Please do not contact me directly regarding issues > =
>> >=20
>> "Sann" <<A=20
href=3D"mailto:Sann@discussions.microsoft.com">Sann@discussions.microsoft=
.com</A>>=20
wrote in message > >> <A=20
href=3D"news:12FBED5A-99AC-4821-BB29-5602036459BF@microsoft.com">news:12F=
BED5A-99AC-4821-BB29-5602036459BF@microsoft.com</A>... >=20
>> SBS Exchange 2003: too many "Current Sessions" opened > =
>>=20
Hello All, > >> > >> Sometimes (usually it =
happens over=20
weekends) my Exchange 2003 would stop > >> receiving =
external emails=20
because of many active "Curresnt Sessions" and > >> =
here >=20
>> is why: our organization isn't big, so I lowered the "Limit =
number=20
of > >> connections to:" parameter to 50 (it is done to =
fight the=20
spam). > >> > >> Now when somebody reports that =
he or=20
she is not getting any "outside" > >> emails, I go to =
Exchange=20
System Manager -> Servers -> > >> <server>=20
->Protocols -> > >> SMTP -> Default SMTP Virtual =
Server -=20
> Current Sessions and I see a > >> bunch of > =
>>=20
..br, .it, .ar, OHIOIJHOJOJI, etc, user names with connected times =
 >=20
>> 98353566, > >> 43543543, 3453453 seconds, or in =
another=20
words with endless connection > >> times. > =
>> >=20
>> I understand, that once the exchange reaches the number of =
connections=20
of > >> 50, it stops accepting new connections, stops =
receiving=20
emails and here > >> is my > >> =
qustions: >=20
>> 1. Why the "Terminate All" command doesn't remedy the problem =
with=20
email > >> flow? > >> As the second option, I =
try to=20
restart SMTP service, but it freezes in a > >> stopping mode =
leaving=20
me with only one option to restart entire server. > >>=20
(BTW, > >> I've also  noticed that it feezes after I =
update IMF=20
filter and I need to > >> restart the server) > =
>> 2.=20
what are those connections and how to protect Exchange from =
them? >=20
>> > >> Any advise will be greatly appreciated=20
 ></BODY></HTML>

------=_NextPart_000_004F_01C8FDF4.A9607E60--

Sann
Thu Aug 14 08:23:01 PDT 2008

I see.
And for the current topic (as a quick report), to kill the "current
sessions" and make sure SMTP is running I created and scheduled to run on a
daily basis a small batch, that kills inetinfo.exe and starts SMTP - should
work for now until I put into production new server hardware with sbs 2003 r2.
And if I won't be able to resolve my problem in the new enviroment, I will
be bugging you guys again. :))

"Cris Hanna [SBS-MVP]" wrote:

> SBS 2008 is not a production server since it only RC1...its my test server and I'm the only user...so there was no "migration" as such
>
> SBS 2008 does include the option during installation, to install fresh or to perform a migration installation, which allows you to introduce it into an existing SBS 2003 organizations.
>
>
>
> --
> Cris Hanna [SBS-MVP]
> Co-Author, Windows Small Business Server 2008 Unleashed
> http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1
> -------------------------------------------------
> Microsoft MVPs
> Independent Experts (MVPs do not work for MS)
> Real World Answers
> ---------------------------------------------------------
> Please do not contact me directly regarding issues
>
> "Sann" <Sann@discussions.microsoft.com> wrote in message news:19118D7F-6331-44AF-A64B-58E77F8F43B2@microsoft.com...
> Thanks a lot for your advices and information - will start experimenting....
>
> btw, a quick side question to Cris: how did you move your users to SBS2008:
> using migration tool in exchange or csv, ldi tools? I'm asking this question
> in responce to your suggestion to bump the RAM to 4 GB. I'm installing a new
> server hardware: 2x4 proc-s, 4 GB, RAID 10 on SAS, etc...
>
> "Cris Hanna [SBS-MVP]" wrote:
>
> > And if you only have 2GB of RAM, RAM is cheap!! bump it to 4GB
> >
> > And my spam has dropped so much using SBS 2008 RC1 it's a non-issue any more
> >
> > --
> > Cris Hanna [SBS-MVP]
> > -------------------------------------------------
> > Microsoft MVPs
> > Independent Experts (MVPs do not work for MS)
> > Real World Answers
> > ---------------------------------------------------------
> > Please do not contact me directly regarding issues
> >
> > "Cliff Galiher" <cgaliher@gmail.com> wrote in message news:Bfmdnb4hrr4v1z7VnZ2dnUVZ_gOdnZ2d@bresnan.com...
> > Sann:
> >
> > Try these things, in this order:
> >
> > 1) Enable recipient filtering and only accept messages from users in AD.
> > The most common reason for ridiculously long connection times is a spambot
> > trying to do a directory harvest. Since exchange defaults to accepting
> > *everything* at connect time and rejecting later, you end up with the bot
> > just sending name after name to the server and never getting a rejection.
> > It has no reason to disconnect.
> >
> > 2) Once recipient filtering is enabled, you will actually be exposed to a
> > directory harvest attack instead of exchange just accepting everything. So,
> > you should enable tarpitting. This is the point you should see those
> > connections drop down.
> >
> > 3) IF, after a week, you are still seeing some connections, try *DISABLING*
> > SenderID filtering on the Virtual SMTP server. There is a bug in one of the
> > SenderID dll's that can falsely hold open connections. MS has quietly
> > acknowledged its existence, but has not come clean yet (to my knowledge)
> > what the exact parameters are that cause this behavior. It is not
> > consistent in my experience. Some servers have it, some don't exhibit it at
> > all. And I'm told that it is fixed in Exchange 2007. I haven't seen it
> > surface on 2007 yet myself, so I'm inclined to believe them...but then
> > again, SBS 2008 isn't released yet....so it could be an odd interaction
> > there.
> >
> > To answer your other questions, the SMTP stack does seem to lock up with
> > these long connections. That is the reason that 'terminate all' does not
> > resolve the problem AND why the SMTP service stops responding if you try to
> > restart it. You do *not* need to restart the server, however.
> >
> > From the command line, you can run this command:
> >
> > sc queryex smtpsvc
> >
> > And in the output, find the process ID (PID). Once you have the PID, you
> > can kill the process in task manager (usually an inetinfo process, which is
> > why it is so tough to find.) From there, the process is flushed completely
> > from memory and can be restarted without problem.
> >
> > -Cliff
> >
> > "Sann" <Sann@discussions.microsoft.com> wrote in message
> > news:6894EB2A-E7E0-4AD7-B799-446E28719BFC@microsoft.com...
> > > Hello Cris, thank you for your prompt reply.
> > >
> > > dual core 2.8 GHz with 2 GB memory.
> > > the memory usage averages about 1,5 GB at all times.
> > >
> > > Yes, I have installed SP 2 and all latest updates released after, with IMF
> > > and enabled on SMTP.
> > >
> > > "Cris Hanna [SBS-MVP]" wrote:
> > >
> > >> First question is...
> > >> How much RAM in the Server?
> > >>
> > >> Second Question is
> > >> Do you have Exchange Server 2003 Service Pack 2 installed and IMF
> > >> configured for connection filtering against recognized blacklist
> > >> providers?
> >

SBS Exchange 2003: too many "Current Sessions" opened

Re: SBS Exchange 2003: too many "Current Sessions" opened by Cris

Re: SBS Exchange 2003: too many "Current Sessions" opened by Sann

Re: SBS Exchange 2003: too many "Current Sessions" opened by Cliff

Re: SBS Exchange 2003: too many "Current Sessions" opened by Cris

Re: SBS Exchange 2003: too many "Current Sessions" opened by Sann

Re: SBS Exchange 2003: too many "Current Sessions" opened by Cris

Re: SBS Exchange 2003: too many "Current Sessions" opened by Sann