mdbdata logs (Full Version)

All Forums >> [Microsoft Exchange 2000] >> Server Security



Message


asensi -> mdbdata logs (28.Apr.2003 5:08:00 PM)

Ok, this one has got me stumped. Before everyone points to me and asks me if I have backed up my logs.. yes, I run veritas and my committed logs are flushed every night.

Ok this is where it gets really strange. For some reason every Sunday morning around 3:45 - 6:00 a.m my exchange server decides to generate 8+9 gigs worth of exxxxx.logs. Causes the logging drive to fillup withing 4 hours and poof crashes the mailstore. That being said, I then checked the SMTP log just in case we had a spammer using our relay, but we are locked down to IP blocks. I have tested using Open relay checked and all times show that the relays are closed.

Now the strange thing is that I have checked the some of these exXXXXX.logs that are being generated. They contain vast amounts of old email messages that are months old. Other odd thing is that there is nothing to suggest that it's any particular mailbox causing the information to log all this traffic. If anybody has any suggestions on this I would really appreciate it.




koggen -> RE: mdbdata logs (28.Apr.2003 7:51:00 PM)

Well, I must say that it certainly sounds like a solid case of virus scanning software that runs every sunday! Never, never, ever run file based virus scanning software on an Exchange server. Always use a SMTP based scanner instead! If you for some reason need to run a file based scanner (e.g. if you use the Exchange server as a file server as well) always make sure to exclude the Exchange directory and the M: drive! Especially the M: drive is notoriously known for causing problems with scanners.

Good luck!

Johan

[ April 28, 2003, 09:00 PM: Message edited by: Johan Sandqvist ]




asensi -> RE: mdbdata logs (29.Apr.2003 10:53:00 PM)

Interesting, we do run Symantec Corporate Edition + the SMTP filtering on Exchange. All these were configured to exclude Exchange directories. This server has been running for almost a year without any problems. I will however remove the Symantec Corporate Edition all together and see if this stops the problems. Thanks for the suggestion and I will let you know.




Page: [1]