We're experiencing some issues after installing Kaspersky Security for Exchange 2003. We have several devices (document scanners, mailing list servers) that send email via our Exchange server. Shortly after installing the product we started getting reports of these devices no longer being able to send.
Looking into the issue revealed that during communication, there is an unusually long delay (just under 2 minutes) after sending the RCPT TO: verb. After 2 minutes, we get the 250 2.1.5 "OK" response. Unfortunately, for many applications 2 minutes is too long and a RSET is sent or the connection is dropped. When using some form of authentication (tested AUTH LOGIN), there is no delay and the emails get through fine. All of the devices' IP addresses are listed in the allowed relayers in the SMTP server properties pages.
Is there a mechanism in Security for Exchange that would delay the response to a RCPT TO: command for non-authenticated SMTP connections? Is it tunable? We did not experience issues before installing the product. We do not have recipient filtering enabled in exchange, and manually setting the TarpitTime registry key to a low value did not change anything (the tarpit feaute is only supposed to delay 5XX "bad recipient" responses if you have recipient filtering enabled).
Joel
Full Version: Security for Exchange 2003 - SMTP Tarpit?
QUOTE(Alexander Ilin @ 22.04.2009 01:06) 
Try to switch off Anti Spam plug-in and testing for delay.
Also please read this articles: First Second
Also please read this articles: First Second
First tried disabling Anti-Spam through GUI.
Next tried disabling the Kaspersky Anti-Spam Service
Finally tried setting HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\VirusScan "Enabled" to 0 and "ReloadNow" to 1. Waited for 1 minute (and saw processes exit)
Tried telnet test after each attempt, still experienced large delay immediately after issuing RCPT TO: command. The first support URL listed looks like it's for email that has been received and queued (we are not getting this far). We have AV scanning on all storages enabled.
Checked with Wireshark and the server does receive the command, and sends timely ACK, but then nothing for 2 minutes. Finally sends 250 2.1.5 response after delay.
Thanks -
Joel
I just added one of the servers to the Connection Filtering Global Accept list (Exchange System Manager -> Global Settings -> Message Delivery -> Connection Filtering ->Accept
And the delay is gone.
It must be one of my connection filters.
On further inspection it looks like it was one of our Country-Level black lists (via blackholes.us). Disabling these connection filter lists has brought everything back to normal. Thanks again for taking the time. Wish I had checked the connection filter page sooner.
Here's where I got my clue: http://support.powerdnn.com/index.php?_m=k...kbarticleid=183
And the delay is gone.
It must be one of my connection filters.
On further inspection it looks like it was one of our Country-Level black lists (via blackholes.us). Disabling these connection filter lists has brought everything back to normal. Thanks again for taking the time. Wish I had checked the connection filter page sooner.
Here's where I got my clue: http://support.powerdnn.com/index.php?_m=k...kbarticleid=183
Thanks for so nice reply 
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.