SMTP greylisting problem on Exchange Server 2003 SP2

"Greylisting" is a relatively new spam-fighting technique that filters out spam by causing the first delivery attempt from any given mail server to fail. Since most spam servers are too busy trying to crank through a delivery queue of hundreds of thousands of email messages, they don't tend to retry. A legit mail server will retry after a certain interval.

The SMTP greylisting problem on Exchange Server 2003 SP2 is extremely bad news if you're delivering email regularly to other servers that implement greylisting, since it could mean a lot of email stacking up in your SMTP queues and not getting sent.

So far, there appear to be three workarounds:

1. Stop and restart the SMTP service on a schedule.

   This is extremely easy to implement -- just create a batch file with the two lines:

   net stop smtpsvc
   net start smtpsvc

   Run this once a day using Scheduled Tasks, preferably during off-peak hours. (The downtime incurred by doing this will probably not be too large, but it's still best to set it to happen during a time when not much will be affected.)

2. Use a smart host to deliver email.

   This isn't always feasible, unfortunately, but it does seem to help avoid this problem when implemented.

3. Set the Glitch Retry key in the registry.

   If a delivery fails in the Exchange Server SMTP queue for any reason, it's placed into what's called a "glitch retry state" for 60 seconds. This is done so that if whatever is preventing email delivery is only transient -- for instance, a network patch cable fell out of its socket for a second, but was quickly plugged back in -- the mail in question won't get sidelined for too long.

...

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Spam and virus protection How to install Forefront Security for Exchange Server Block Web beacons and protect OWA users from spam Controlling spam in Exchange 2007 at the edge transport server level How file-level antivirus software can harm your Exchange Server Problems with email spoofing on SBS 2003 Exchange Insider e-zine Securing your Exchange Server 2007 journaling archives Troubleshooting Outlook Web Access issues on a 64-bit system Microsoft Exchange Server security dos and don'ts Troubleshooting Microsoft Exchange Server Event ID error 6009 Spam and virus protection Research Microsoft Exchange Server 2003 Remove Exchange 2003 objects from AD to install Exchange 2010 Leapfrogging from Exchange 2003 to Exchange 2010 Top 5 Exchange ActiveSync tips Exchange Mailbag: POP3 settings and Outlook issues Migrating to Exchange 2007 with correct permissions Problems receiving email from outside a Exchange Server 2003 domain Exchange admins: Is it time to rethink your email address policy? Exchange Server 2003 collects email from only specific POP3 domains Changing email address formats in Exchange Server 2003 Should you remove .STM files from Exchange Server 2003? Microsoft Exchange Server 2003 Research Exchange Security Tips How to install Forefront Security for Exchange Server Is full email encryption the solution to Exchange security? Lock down direct file access and protect OWA users Controlling spam in Exchange 2007 at the edge transport server level When to use a self-signed certificate with Exchange Server 2007 Obtaining and verifying SSL certificates in Exchange Server How file-level antivirus software can harm your Exchange Server Understanding Exchange Server 2007 SP1 mobile security settings Which ActiveSync authentication method is best for your mobile device? Why you should secure Exchange 2007 using administrative policies

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary backscatter spam  (SearchExchange.com) greylist  (SearchExchange.com) image spam  (SearchExchange.com) KnujOn  (SearchExchange.com) Sender ID  (SearchExchange.com) spam confidence level  (SearchExchange.com) spamblock  (SearchExchange.com) spim  (SearchExchange.com) tarpitting  (SearchExchange.com) Vouch by Reference (VBR)  (SearchExchange.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

People have theorized that the glitch retry interval mechanism may not work under certain conditions unless the timeouts are explicitly set in the registry.

To do this, create the DWORD value GlitchRetrySeconds in HKLM\System\CurrentControlSet\
Services\SMTPSVC\Queuing (you may need to create this key as well) and set it to 60. Then, stop and restart the SMTP service. Some folks have reported getting good results with values up to 120 seconds as well.

Note that the GlitchRetrySeconds value is usually set lower, to prevent massive amounts of email messages from queuing up. If conditions gets worse across the board when you put this fix into place (you may want to give it a few days to see how it plays out), chances are something else may be causing a bottleneck.

About the author: Serdar Yegulalp is editor of Windows Insight, a newsletter devoted to hints, tips, tricks, news and goodies for all flavors of Windows users.

MEMBER FEEDBACK TO THIS ANTISPAM TIP

Thank you for the article on greylisting. We have been having some issues within the past several weeks that this article seems to explain perfectly.

Keep up the good work…
—David J.

******************************************

What about the hotfix from Microsoft? It also looks like a call to PSS could solve the issue. The following Microsoft KB article has more information, too:

On a Windows Server 2003-based SMTP gateway server, some messages may remain in the queue folder until the SMTP service is restarted.

We use XWall with Exchange 2003 for all of our SMTP email, so we do not have this problem. I guess that could be considered a workaround as well.
—Mike S.

******************************************

I have the same issue. Restarting the SMTP service resends the 'queued' messages again and again. It is not a valid option, since too many messages get resent.
—Ron B.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.