Announcement

Collapse
No announcement yet.

Exchange 2007 External Mail Delivery

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2007 External Mail Delivery

    I have this one domain that we send e-mail to that will randomly stop recieving e-mails from us.

    What I'm seeing on my end is this: user creates e-mail in Outlook 2007 (pure text/no attachments), hits "send". Mail arrives at Exchange Server - placed in outbound queue. Server attempts to make connection to problematic domain. After a few seconds, the queue logs this error:

    "421 4.4.2 Connection Dropped"

    User gets a "message delayed" notice. Mail sits in the queue for three days and then exchange drops the message with a NDR.

    I've contacted the IT staff on the recieving end - they've verified that they should be able to recieve from us. I have confirmed that we are not on any SPAM black list.

    I have used the "wormly.com" SMTP tester and using that method, I can send e-mails through (this is basically a web front-end for a telnet connection). So this (I think) points to my server having problems.

    I've checked the DNS settings and performed an NSLOOKUP on the Exchange machine for the problematic domain and I recieve the proper information, so DNS is working. I can't ping the IPs given by the DNS lookup, but in this day and age, that doesn't surprise me. The fact that I can telnet to them tells me that they are alive and functional.

    I did some pretty heavy Google searching and found this blog post that duplicates the symptoms, so I followed his suggestion, creating the second send connector. That didn't help either.

    At this point, I'm lost and don't know where to turn next. So I've come here seeking guidance.

    Just in case it will help in the diagnosis:
    My domain: nei-ky.com
    Problem domain: centralbank.com
    Last edited by ScatterBrain; 19th December 2011, 19:43. Reason: Problem solved
    --

    ScatterBrain

    "I reject your reality and substitute my own!"
    -- The Mythbusters

  • #2
    Re: Exchange 2007 External Mail Delivery

    A bit more information:

    I turned on verbose logging on the send connectors of my Exchange server and I can see this in the logs:

    Code:
     
    2011-12-14T14:52:45.815Z,CentralBank,08CE399A37031795,0,,71.31.28.28:25,*,,attempting to connect
    2011-12-14T14:52:45.847Z,CentralBank,08CE399A37031795,1,[Internal IP Removed]:2451,71.31.28.28:25,+,,
    2011-12-14T14:52:45.891Z,CentralBank,08CE399A37031795,2,[Internal IP Removed]:2451,71.31.28.28:25,<,"220 mail.centralbank.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at  Wed, 14 Dec 2011 09:52:45 -0500 ",
    2011-12-14T14:52:45.891Z,CentralBank,08CE399A37031795,3,[Internal IP Removed]:2451,71.31.28.28:25,>,HELO shale.nei.local,
    2011-12-14T14:52:45.921Z,CentralBank,08CE399A37031795,4,[Internal IP Removed]:2451,71.31.28.28:25,<,250 mail.centralbank.com Hello [64.191.130.42],
    2011-12-14T14:52:45.921Z,CentralBank,08CE399A37031795,5,[Internal IP Removed]:2451,71.31.28.28:25,*,109868,sending message
    2011-12-14T14:52:45.921Z,CentralBank,08CE399A37031795,6,[Internal IP Removed]:2451,71.31.28.28:25,>,MAIL FROM:<[email protected]>,
    2011-12-14T14:52:45.963Z,CentralBank,08CE399A37031795,7,[Internal IP Removed]:2451,71.31.28.28:25,-,,Remote
    2011-12-14T14:52:45.964Z,CentralBank,08CE399A37031795,0,,71.31.28.27:25,*,,attempting to connect
    2011-12-14T14:53:06.959Z,CentralBank,08CE399A37031795,1,,71.31.28.27:25,*,,"Failed to connect. Error Code: 10060, Error Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 71.31.28.27:25"
    This block repeats every couple of minutes until I delete the message from the queue.
    --

    ScatterBrain

    "I reject your reality and substitute my own!"
    -- The Mythbusters

    Comment


    • #3
      Re: Exchange 2007 External Mail Delivery

      The symptoms are classic interference.
      I see your domain isn't answered by Exchange. Are your emails going through the Postfix system, or direct?

      Any firewall scanning SMTP traffic that could be upsetting things?

      Simon.
      --
      Simon Butler
      Exchange MVP

      Blog: http://blog.sembee.co.uk/
      More Exchange Content: http://exchange.sembee.info/
      Exchange Resources List: http://exbpa.com/
      In the UK? Hire me: http://www.sembee.co.uk/

      Sembee is a registered trademark, used here with permission.

      Comment


      • #4
        Re: Exchange 2007 External Mail Delivery

        Originally posted by Sembee View Post
        The symptoms are classic interference.
        I see your domain isn't answered by Exchange. Are your emails going through the Postfix system, or direct?

        Any firewall scanning SMTP traffic that could be upsetting things?

        Simon.
        First, thanks for the response.

        Incoming e-mail is handled with a Postfix based mail gateway (used for SPAM and Virus checking). My Exchange server is behind my firewall and is NATted to the outside for all external mail delivery. The Exchange server does the outgoing communication directly, meaning I don't forward the outgoing mail to a smart host or back through the Postfix mail gateway.

        I don't filter outgoing traffic very heavily - espically when it comes to e-mail - so if there are SMTP issues I think it would have to be outside of my network.

        The thing I can't wrap my head around is why telnet works and "normal" communication does not.
        --

        ScatterBrain

        "I reject your reality and substitute my own!"
        -- The Mythbusters

        Comment


        • #5
          Re: Exchange 2007 External Mail Delivery

          Originally posted by ScatterBrain View Post
          A bit more information:

          I turned on verbose logging on the send connectors of my Exchange server and I can see this in the logs:

          Code:
           
          2011-12-14T14:52:45.815Z,CentralBank,08CE399A37031795,0,,71.31.28.28:25,*,,attempting to connect
          2011-12-14T14:52:45.847Z,CentralBank,08CE399A37031795,1,[Internal IP Removed]:2451,71.31.28.28:25,+,,
          2011-12-14T14:52:45.891Z,CentralBank,08CE399A37031795,2,[Internal IP Removed]:2451,71.31.28.28:25,<,"220 mail.centralbank.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at  Wed, 14 Dec 2011 09:52:45 -0500 ",
          2011-12-14T14:52:45.891Z,CentralBank,08CE399A37031795,3,[Internal IP Removed]:2451,71.31.28.28:25,>,HELO shale.nei.local,
          2011-12-14T14:52:45.921Z,CentralBank,08CE399A37031795,4,[Internal IP Removed]:2451,71.31.28.28:25,<,250 mail.centralbank.com Hello [64.191.130.42],
          2011-12-14T14:52:45.921Z,CentralBank,08CE399A37031795,5,[Internal IP Removed]:2451,71.31.28.28:25,*,109868,sending message
          2011-12-14T14:52:45.921Z,CentralBank,08CE399A37031795,6,[Internal IP Removed]:2451,71.31.28.28:25,>,MAIL FROM:<[email protected]>,
          2011-12-14T14:52:45.963Z,CentralBank,08CE399A37031795,7,[Internal IP Removed]:2451,71.31.28.28:25,-,,Remote
          2011-12-14T14:52:45.964Z,CentralBank,08CE399A37031795,0,,71.31.28.27:25,*,,attempting to connect
          2011-12-14T14:53:06.959Z,CentralBank,08CE399A37031795,1,,71.31.28.27:25,*,,"Failed to connect. Error Code: 10060, Error Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 71.31.28.27:25"
          This block repeats every couple of minutes until I delete the message from the queue.
          After a better look at this log, this looks to me like it may be a Greylisting mechinism at work. Not sure, but I see the first server on the recieving end telling my server to go somehwere else and then my server falling over to the second server which doesn't respond.

          Does this look like Greylisting at work to you guys?
          --

          ScatterBrain

          "I reject your reality and substitute my own!"
          -- The Mythbusters

          Comment


          • #6
            Re: Exchange 2007 External Mail Delivery

            As of this morning we are STILL not able to get mail out to this domain. I've looked at everything on my end and can find no fault. I've talked with their staff which say there is nothing wrong on their end (after more than a week of investigation).

            I'm stuck folks, I have run out of ideas and things to look for.


            Does ANYONE have an idea what this could be?
            --

            ScatterBrain

            "I reject your reality and substitute my own!"
            -- The Mythbusters

            Comment


            • #7
              Re: Exchange 2007 External Mail Delivery

              Something is interfering with the traffic. Now it is just finger pointing.
              Therefore the simple solution is to just route email for that domain through your ISPs SMTP server using a smart host on a second Send Connector and forget about it. They are probably using something obscure as an anti-spam measure. I see nothing in the logs about greylisting, greylisting would usually return an NDR of the 4.x.x variety.

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment


              • #8
                Re: Exchange 2007 External Mail Delivery

                Simon,

                Again thanks for responding - and you are right. I have found the problem and followed your suggestion of routing all e-mail bound for them through another server.

                For now, the mail is flowing.

                Hopefully the IT staff on the other end will see my findings and evidence and find what is causing the blockage.

                Thanks again - consider this thread SOLVED!
                --

                ScatterBrain

                "I reject your reality and substitute my own!"
                -- The Mythbusters

                Comment

                Working...
                X