|
|
|
最近一段时间,公司的邮件服务器,总会有一段时间,拒绝工作,打开ESM一看,队列堵了400多个,还不多!嘿嘿!
为了让公司的工作正常运行,我采取了最简洁的方法:重启smtp服务,然后看着队列一个一个出去!心才稍微舒坦点!
这样的工作,这个月我做了两次,我怀疑是不是我的邮件服务器出问题了!想想也是,总得找个原因吧,不能就这样糊里糊涂的重启下去吧!万一哪天重启也不行,那不就歇菜了吗?
所以,我抓了些日志出来,请大家一道帮我分析分析?
首先说明一下网络环境:
Windows2003(english)+ Exchange2003(english)
GFI Mail Essentials For Exchange/SMTP version 10.1
以前这种情况也发生过,但不像现在这样频繁,首先我猜想是不是病毒在作怪!
下面是些日志:大家一道分析分析!
1)Application log
Event Type: Warning
Event Source: MSExchangeTransport
Event Category: NDR
Event ID: 3006
Date: 3/28/2007
Time: 9:28:41 AM
User: N/A
Computer: server
Description:
A non-delivery report with a status code of 4.4.7 was generated for recipient rfc822;yokoya.dj@aa.com (Message-ID <628FD2C68FEF7741935D95A150B6E0C0C14A62@server.bb.com>).
Cause: Message in queue has expired. The sending server tried to relay or deliver the message but the action could not be completed before the message expired.
Solution: This message usually indicates a problem on the receiving server. Check the validity of recipients address and verify that the receiving server is configured to receive messages correctly. Resending the message will place it again in the queue, if the receiving server is up, message delivery will succeed.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: d1 02 04 c0
Event Type: Warning
Event Source: MSExchangeTransport
Event Category: Connection Manager
Event ID: 4006
Date: 3/28/2007
Time: 9:27:00 AM
User: N/A
Computer: server
Description:
Message delivery to the host '60.28.13.150' failed while delivering to the remote domain 'bb.com' for the following reason: The remote server did not respond to a connection attempt.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: d2 02 04 c0
Event Type: Warning
Event Source: MSExchangeTransport
Event Category: NDR
Event ID: 3014
Date: 3/28/2007
Time: 9:26:27 AM
User: N/A
Computer: server
Description:
A non-delivery report with a status code of 5.2.3 was generated for recipient rfc822;lim@aa.com (Message-ID <628FD2C68FEF7741935D95A150B6E0C0C1504A@server.bb.com>).
Cause: The message size was large or the local quota exceeded. For example, remote Exchange user might have delivery restrictions set with maximum incoming message size.
Solution: Check access permissions as well as the message size.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: MSExchangeTransport
Event Category: SMTP Protocol
Event ID: 7002
Date: 3/28/2007
Time: 9:23:01 AM
User: N/A
Computer: server
Description:
This is an SMTP protocol warning log for virtual server ID 2, connection #147. The remote host "141.27.2.8", responded to the SMTP command "rcpt" with "450 <yongjian.yu@aa.com>: Recipient address rejected: Policy Rejection: ". The full command sent was "RCPT TO:<yongjian.yu@aa.com> ". This may cause the connection to fail.
For more information, click http://www.microsoft.com/contentredirect.asp.
Event Type: Warning
Event Source: MSExchangeTransport
Event Category: NDR
Event ID: 3014
Date: 3/28/2007
Time: 9:16:12 AM
User: N/A
Computer: server
Description:
A non-delivery report with a status code of 5.2.3 was generated for recipient rfc822;market@aa.com (Message-ID <628FD2C68FEF7741935D95A150B6E0C0C15036@server.bb.com>).
Cause: The message size was large or the local quota exceeded. For example, remote Exchange user might have delivery restrictions set with maximum incoming message size.
Solution: Check access permissions as well as the message size.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: MSExchangeTransport
Event Category: SMTP Protocol
Event ID: 7010
Date: 3/28/2007
Time: 8:36:41 AM
User: N/A
Computer: server
Description:
This is an SMTP protocol log for virtual server ID 2, connection #130. The client at "28.10.131.56" sent a "xexch50" command, and the SMTP server responded with "504 Need to authenticate first ". The full command sent was "xexch50 2708 2". This will probably cause the connection to fail.
For more information, click http://www.microsoft.com/contentredirect.asp.
2)System Log
Event Type: Warning
Event Source: smtpsvc
Event Category: None
Event ID: 2012
Date: 3/27/2007
Time: 9:47:11 PM
User: N/A
Computer: server
Description:
SMTP could not connect to the DNS server '202.96.209.133'. The protocol used was 'UDP'. It may be down or inaccessible.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: d5 04 00 00
Event Type: Error
Event Source: smtpsvc
Event Category: None
Event ID: 2013
Date: 3/27/2007
Time: 8:14:48 PM
User: N/A
Computer: server
Description:
SMTP could not connect to any DNS server. Either none are configured, or all are down.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7c 26 00 00 |&..
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 3000
Date: 3/27/2007
Time: 8:52:10 AM
User: N/A
Computer: server
Description:
The DNS server has encountered numerous run-time events. To determine the initial cause of these run-time events, examine the DNS server event log entries that precede this event. To prevent the DNS server from filling the event log too quickly, subsequent events with Event IDs higher than 3000 will be suppressed until events are no longer being generated at a high rate.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
3)邮件的跟踪截图
[ 本帖最后由 benet-panjian 于 2007-3-28 13:17 编辑 ] |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有帐号?会员注册
x
|
狗仔卡
发表于 2007-3-28 10:57:28
收藏
分享
淘帖
支持
反对
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
楼主
发表于 2007-3-28 12:30:11