SMTP greylisting problem on Exchange Server 2003 SP2

"Greylisting" is a relatively new spam-fighting technique that filters out spam by

VIEW MEMBER FEEDACK TO THIS ANTISPAM TIP

causing the first delivery attempt from any given mail server to fail. Since most spam servers are too busy trying to crank through a delivery queue of hundreds of thousands of email messages, they don't tend to retry. A legit mail server will retry after a certain interval.

The SMTP greylisting problem on Exchange Server 2003 SP2 is extremely bad news if you're delivering email regularly to other servers that implement greylisting, since it could mean a lot of email stacking up in your SMTP queues and not getting sent.

So far, there appear to be three workarounds:

1. Stop and restart the SMTP service on a schedule.

   This is extremely easy to implement -- just create a batch file with the two lines:

   net stop smtpsvc
   net start smtpsvc

   Run this once a day using Scheduled Tasks, preferably during off-peak hours. (The downtime incurred by doing this will probably not be too large, but it's still best to set it to happen during a time when not much will be affected.)

2. Use a smart host to deliver email.

   This isn't always feasible, unfortunately, but it does seem to help avoid this problem when implemented.

3. Set the Glitch Retry key in the registry.

   If a delivery fails in the Exchange Server SMTP queue for any reason, it's placed into what's called a "glitch retry state" for 60 seconds. This is done so that if whatever is preventing email delivery is only transient -- for instance, a network patch cable fell out of its socket for a second, but was quickly plugged back in -- the mail in question won't get sidelined for too long.

Related antispam and greylisting resources: Freeware 'greylisting' for Exchange Server Migrating antispam settings from Exchange 2003 to Exchange 2007 How to determine if you're the target of a 'reverse NDR attack' Step-by-Step Guide: How to use ISA Server as an SMTP filter Exchange Antispam Software Resource Center

People have theorized that the glitch retry interval mechanism may not work under certain conditions unless the timeouts are explicitly set in the registry.

To do this, create the DWORD value GlitchRetrySeconds in HKLM\System\CurrentControlSet\
Services\SMTPSVC\Queuing (you may need to create this key as well) and set it to 60. Then, stop and restart the SMTP service. Some folks have reported getting good results with values up to 120 seconds as well.

Note that the GlitchRetrySeconds value is usually set lower, to prevent massive amounts of email messages from queuing up. If conditions gets worse across the board when you put this fix into place (you may want to give it a few days to see how it plays out), chances are something else may be causing a bottleneck.

About the author: Serdar Yegulalp is editor of Windows Insight, a newsletter devoted to hints, tips, tricks, news and goodies for all flavors of Windows users.

MEMBER FEEDBACK TO THIS ANTISPAM TIP

Thank you for the article on greylisting. We have been having some issues within the past several weeks that this article seems to explain perfectly.

Keep up the good work…
—David J.

******************************************

What about the hotfix from Microsoft? It also looks like a call to PSS could solve the issue. The following Microsoft KB article has more information, too:

On a Windows Server 2003-based SMTP gateway server, some messages may remain in the queue folder until the SMTP service is restarted.

We use XWall with Exchange 2003 for all of our SMTP email, so we do not have this problem. I guess that could be considered a workaround as well.
—Mike S.

******************************************

I have the same issue. Restarting the SMTP service resends the 'queued' messages again and again. It is not a valid option, since too many messages get resent.
—Ron B.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Antispam Software and Spam Filtering Secure Edge Transport servers using the Security Configuration Wizard Create a global Safe Senders List in Exchange 2007 to filter spam Migrating antispam settings from Exchange 2003 to Exchange 2007 The six-layered secret of effective Exchange Server email filtering Top 10 Exchange, Microsoft Outlook and OWA email security tips of 2007 Troubleshoot Microsoft Outlook email delivery problems Microsoft Outlook and Exchange Server 2003 Email Security Guide Top 5 Exchange Intelligent Message Filter add-on tools Locate 'missing' SPF record on an external DNS domain Native Exchange Server 2003 antispam solutions Antispam Software and Spam Filtering Research Microsoft Exchange Server 2003 Why Exchange ActiveSync fails with NAT firewalls Is it time to upgrade users' Windows Mobile devices? Top 10 Microsoft Exchange Server 2003 registry hacks Use Performance Monitor to detect Exchange 2003 message queue problems How to set up email disclaimers on a single, back-end Exchange server How to customize OWA authentication logon in Exchange Server 2003 Can a deleted transaction log be restored in Exchange Server 2003? Improve Exchange 2003 Internet connectivity, mail flow and performance Can I selectively archive Exchange Server 2003 email messages? How to back up and restore Exchange data with recovery storage groups Microsoft Exchange Server 2003 Research SMTP Reconfigure an existing Exchange Server user account for a new user Improve Exchange 2003 Internet connectivity, mail flow and performance Troubleshoot Exchange 2003 email that gets stuck in the SMTP queue Perform an SMTP Telnet to test an outgoing Exchange server connection A primer on SMTP and ESMTP servers and commands How to use SMTP queues to troubleshoot mail flow How to retrieve email from an SMTP server using POP3 SMTP 550 relay error when sending large attachments Sending email to an Exchange distribution list containing SMTP and EX addresses Exchange Server email not being sent externally through the SMTP server RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary greylist  (SearchExchange.com) hash buster  (SearchExchange.com) image spam  (SearchExchange.com) KnujOn  (SearchExchange.com) Sender ID  (SearchExchange.com) spam confidence level  (SearchExchange.com) spamblock  (SearchExchange.com) spim  (SearchExchange.com) tarpitting  (SearchExchange.com) teergrube  (SearchExchange.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.