這個問題會顯示於system log

smtp xxx error event id 2012 2013 一起會跑出

還有一個黃色警告會再dns server log

我找了兩周終於找到解法, 跟大家分享一下

沒有隨時更新的server 不會遇到這問題, 最近的某個patch造成的

因為我東轉轉西轉轉忘記原post的網站了, 但原post者有留email

我實行了兩天, 再也沒遇到這問題了, 懂英文的可以寫信 謝謝當初原post的作者
下面是他提出的原因跟解法.



1. I have at least found the reasons for the errors (SMTP 2012 & 2013) and here is how I fixed the errors completely. The errors seem to be caused because of excessive UDP packet traffic to the DNS server (internal in most cases) due to a large number of NDR messages waiting to be sent from the exchange queue – read the details below.
2. It appears the errors are coming from getting DNS info for NDR records (non delivery reports). Each time a spam is sent to your server to an unknown address the server swallows the message and then attempts to send the original sender back a message saying no such person exists.
3. Look under C:\Program Files\Exchsrvr\Mailroot\vsi1\Queue and you will probably see 1,000 to thousands of messages waiting to be sent out of the queue. Unless you have a very busy server or low bandwidth all messages that are in the queue are trying to be delivered to a server that does not exist (fake FROM addresses from spammers). You can open these with Outlook express and see they are just NDR reports being sent back to e-mail spammers informing them that the user does not exist on the server. The reason these are in the queue is because the server cannot deliver the messages because there are no servers at these fake spammer FROM addresses.
4. So I think the exchange server is creating too much UDP packet traffic to the DNS to get these NDR reports delivered (these errors in most cases are thereby harmless). The NDR reports cannot be delivered because spammers use fake FROM addresses so your server attempts to send these for up to 48 hours and then gives up and erases them. So much spam continues day after day to be sent to unknown users that this queue just keeps staying at a very large size - below is how you get exchange to no longer accept messages to users that do not exist on your domains. This will reduce traffic on your server and eliminate your SMTP errors on your server.

1. Exchange by default produces a NDR report for every e-mail sent to an incorrect address - example is if a person sends an e-mail to [email protected] then the server actually takes the message sees that it cannot be delivered then sends an NDR (non delivery report) to the senders FROM address telling them that the e-mail address does not exist. Now what is important here is that the server can tell the other server it can not find the person in the list so there is really no reason to send an NDR for every spam sent to an incorrect address winds up in the NDR queue. Side affect of my fix below is that if a spammer is actually using a legitimate server he could check all known common names on your server and figure out some addresses that actually exist on your server. In any case the side affect is minor and fix below:

a. Load exchange system manager and then click the + on Global Settings
b. Now right click on Delivery options and pick properties
c. Not click on the tab for "Recipient Filtering"
d. I checked the box for "filter recipients that are not in the directory". Once this box is checked the server gives you a message that you still have to make another setting to complete the process as described in next step.
e. As a final setting you have to go to the SMTP Virtual Server (also in the exchange system manager under the server) and right click on SMTP virtual server and pick properties. Now you must click on advanced for the IP Address and click EDIT for the IP address (usually unassigned) and you will see a check box that says "Apply Recipient Filter" and you check that box.
f. Now this will stop the exchange server from taking a message to a user that does not exist on your domains (active directory in this case) and sending NDR reports back to the spammers reducing traffic on the server. As we know all FROM e-mail addressees from spammers are made up so sending an NDR report is a waste of time. Also when the server tries to send an NDR and the address does not exist it continues to keep trying to send this NDR for two days and this is a waste of resources and creating this excessive UDP packet traffic to the DNS.

Also you can delete all messages currently in your exchange queue by stopping the SMTP server for a minute and delete all the files under C:\Program Files\Exchsrvr\Mailroot\vsi1\Queue and restart the SMTP service. Remember these messages in the queue are not able to be delivered because the addresses they are being sent to do not exist (unless you have an extremely busy server and very low bandwidth in which case you better open some of them and verify they are all junk).

One last note is that I also saw where someone had just configured external DNS servers under the SMTP Virtual Server properties and I suspect this might also work for the ISP DNS servers probably can handle the excessive UDP packets coming into their DNS servers.

I would like know if anyone implements this and if it works for you ([email protected]). This basically reduces network traffic and cleans up your exchange server and eliminates the SMTP errors completely (I have had it running for 1 week and it is working perfectly).

Good luck to all and I hope this helps.
Gordon
[email protected]