The MSGFILTER.DLL file is the component that allows Exchange Server 2003 to perform Sender ID filtering on incoming email. It performs a DNS lookup on servers that incoming email is allegedly being sent from to verify the SPF record.
MSGFILTER.DLL then uses that information to determine whether or not that server has the right to send on behalf of the organization in question.
Unfortunately, if the SPF DNS record returned is badly formatted and cannot be processed properly by MSGFILTER.DLL, the incoming email connection is never closed by Exchange Server -- not even if you have a timeout value configured for inbound connections.
In extreme cases, this can cause memory leaks. More immediately, it can use up all of the available inbound connections to Exchange Server, since they're never being closed.
According to Microsoft's documentation on the issue, a related problem can also happen if the MSGFILTER.DLL performs a lookup on a DNS record that doesn't exist at all. The message gets assigned a bogus "TempError" status (i.e., a network failure). It's then simply passed along, instead of being stamped with a "Fail" status (which is normally the result of a malformed domain or nonexistent domain entry).
There are two solutions to the problem:
- If you identify that only a couple of domains that you're dealing with have badly formatted SPF records, you can temporarily block email from those organizations and contact their administrators in the hopes of having them fix the problem.
- Alternatively, you can obtain a recently released hotfix for MSGFILTER.DLL from Microsoft. It's only available from Product Support Services, but is free. Simply mention that you need the fix outlined in Microsoft Knowledge Base article 923346, The SenderID filter incorrectly lets an email message pass through Exchange Server 2003 when the DNS record does not exist.
A more permanent fix should be rolled into the next Service Pack for Exchange 2003.
About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter.
Do you have comments on this tip? Let us know.
Related information from SearchExchange.com:
Please let others know how useful this tip was via the rating scale below. Do you have a useful Exchange Server or Microsoft Outlook tip, timesaver or workaround to share? Submit it to SearchExchange.com. If we publish it, we'll send you a nifty thank-you gift.