Antivirus getting in the way of IsAlive checks

I wrote a long time ago about the IsAlive behavior in Exchange 200x clusters, but one interesting scenario was brought to my attention recently.

Remember that the IsAlive check for the SMTP resource requires the cluster node actively running the SMTP resource to be able to connect into port 25 on the virtual IP address bound to the particular SMTP virtual server. So, if anything prevents the cluster service from making this connection, the IsAlive is surely bound to fail!

With that background, know that some antivirus vendors have added an option to prevent “mass mailing worms from sending mail” (ie – they actively block access to port 25). This will prevent mail delivery to the server where this feature is enabled, whether it’s a cluster or not. Clearly it shouldn’t be enabled on an Exchange server.

But, as I mention above, if you have this option set on an Exchange 200x cluster you are going to have problems getting the SMTP resource online (and keeping it online) above and beyond any mail delivery issues you might encounter!

Comments (4)

  1. Russ Kaufmann says:

    Do you know of any vendors in particular that are implementing these blocks on port 25?

    Of course, even if the SMTP resource did come on-line, the clustered Exchange servers would not be able to communicate with other Exchange servers in the environment as well as being unable to send/receive SMTP, so it is a pretty big problem.

  2. NikC says:

    VirusScan 8 blocks port 25 by default, along with 6666-7 for irc and ftp ports.