Announcement

Collapse
No announcement yet.

mail with attachment not received

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • mail with attachment not received

    following scenario is "stumping me" (well, I think i know where the issue lies, but i need to be able to conclusively prove it.)

    Stakeholders:[list][*]Customer. This is our customer.[*]External. This is a remote user who is trying to email attachments to our customer ('hosted' email wih crazydomains)[*]Support. This is our support email system (O365, EMEA)[*]3rdparty. This is a 3rd party email system (0365, APAC)

    infrastructure:
    • Customer - has an Exchange 2010 server, all fully up to date. It's running bitdefender security for exchange. There is no attachment filtering configured.
      There is no antispam, ip allow, ip block list configured on the connectors.
      The connectors are configured to allow 20MB files. There's only one internet-facing connector on port 25. There is no additional antispam engines or services or anythng like that. Email generally works.
    • External - uses CrazyDomains for their email. email sends via the crazydomains smtp server. (Alternately, he sometimes sends via optus or telstra servers)
    • Support - Plain old office365.
    • 3P - plain old office365. no special antivirus, filtering or anything.


    Issue
    External is trying to send a 6MB PDF file to Customer. Email is not being received. External is getting bounce message after 72 hours:
    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

    ([email protected])
    retry timeout exceeded

    ------ This is a copy of the message, including all the headers. ------
    ------ The body of the message is 8639488 characters long; only the first
    ------ 106496 or so are included here.
    If the external user sends an emai lwithout an attachment to [email protected] - it is received.
    If the external user sends an email with same attachment to @support - it is received
    If Support forwards the same email on to @customer, it is received.
    If External sends to @customer from optus, it is received
    If external sends to @customer from telstra, it is received.

    in the Tracking logs, I'm not seeing any sign of it ever appearing. So I've turned on SMTP logging.
    So far, I haven't seen anything (he just recently resent the email)

    in theory, if the External server is attempting to connect to the SMTP instance, I should at least see entries in the SMTP log showing the connect was attempted ?

    Regardless of how Bitdefender handles it after that, correct ? (SMTP receives then bitdefender processes higher up the stack, submission layer?)

    I know Simon's first suggestion will be fully remove bitdefender, but before we go hammer and tongs at that, I want to be firmyl sure there's nothing else we can do.


    (as an interesting side note, the external user's email hosting has said "oh, it's not us, it's the other end - they need to whitelist your domain."
    yet they cannot explain why emails without attachments are being received.


    some thoughts:

    - the PDF is copy protected and antivirus can't scan, so won't allow it through on the customer side (but then it should reject it from everyone)
    - the pdf is copy protected and antivirus can't scan so it's not transmitted from external side (then why do Support receive it?)
    - the receive connector is wrong somehow (so how is it received from one place but not another?)

    I'm fairly confident that for some unknown, assabout, stupid fucking god knows why reason that crazydomains usually have, they are fucking it up. problem is getting past the 1st line gatekeeper who hear"not delivered" and say"not us, sorry, ticket closed"



    what I AM Seeing in the exchange logs so far is Tarpitting - i don't know if turning this off might help? (in which case, I should create a separate connector scoped to the sending server?)
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

  • #2
    Re: mail with attachment not received

    Since e-mails without attachments are delivered properly, it's obviously not a network layer, DNS or mail routing problem.

    Either something is happening on the sending server that prevents it from ever sending the mail, or the Exchange server responds with an SMTP error message indicating a failure of a temporary nature (like the tarpitting you mentioned), causing the sending server to retry for a standard period of 72 hours.

    How about firing up Wireshark on the Exchange server and sniffing inbound SMTP traffic? It should tell you exactly what's going on.

    Comment


    • #3
      Re: mail with attachment not received

      Originally posted by Ser Olmy View Post
      How about firing up Wireshark on the Exchange server and sniffing inbound SMTP traffic? It should tell you exactly what's going on.
      this is more or less what i'm hoping to be doing with smtp proto logging

      And I've hit.. well.. not a jackpot, so much as found a wallet on the street.

      SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders
      220 SERVER01.Company.im Microsoft ESMTP MAIL Service ready at Mon, 23 Jun 2014 04:57:05 +0100
      EHLO cpanel34.per.syra.net.au
      250-SERVER01.company.im Hello [27.54.81.24]
      250-SIZE
      250-PIPELINING
      250-DSN
      250-ENHANCEDSTATUSCODES
      250-STARTTLS
      250-X-ANONYMOUSTLS
      250-AUTH NTLM
      250-X-EXPS GSSAPI NTLM
      250-8BITMIME
      250-BINARYMIME
      250-CHUNKING
      250-XEXCH50
      250-XRDST
      250 XSHADOW
      STARTTLS
      220 2.0.0 SMTP server ready

      CN=SERVER01
      CN=SERVER01
      15213DD2981AA293452CCBD7CB4A4DDB
      928D43D976D5B9909A5A85411C82D48B5186B415
      SERVER01;SERVER01.Company.im
      EHLO cpanel34.per.syra.net.au

      250-SERVER01.company.im Hello [27.54.81.24]
      250-SIZE
      250-PIPELINING
      250-DSN
      250-ENHANCEDSTATUSCODES
      250-AUTH NTLM LOGIN
      250-X-EXPS GSSAPI NTLM
      250-8BITMIME
      250-BINARYMIME
      250-CHUNKING
      250-XEXCH50
      250-XRDST
      250 XSHADOW
      MAIL FROM:<[email protected]> SIZE=8393625
      08D157D39AFA9354;2014-06-23T03:57:05.156Z;1
      RCPT TO:<[email protected]>
      DATA
      250 2.1.0 Sender OK
      250 2.1.5 Recipient OK
      354 Start mail input; end with <CRLF>.<CRLF>
      451 4.7.0 Timeout waiting for client input
      - remote host initiates connection. EHLO proceeds. Capabilities are reviewed.
      - remotehost says Let's do TLS. | Certificate is presented, our host says sure let's go | remotehost says sure let's go
      - remotehost says I have email from this guy with this size | we say ok
      - remotehost says "email is for this guy" | we say ok
      - remotehost says "here's the data" | we say ok and start a 5 minute timer
      - we say "well, you gave me no data, time's up boy"
      - we close session.

      hmm.


      oh yea.. regarding wireshark, I may not use it for this, but you sparked an idea for soemthing else.
      Last edited by tehcamel; 23rd June 2014, 07:27.
      Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

      Comment


      • #4
        Re: mail with attachment not received

        That is classic interference.
        Something scanning something it shouldn't be. AV software without the exclusions, SMTP scanning on a firewall etc.

        Got to point the finger at the CrazyDomains SMTP server - although getting them to admit it is going to be difficult.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: mail with attachment not received

          thanks simon, I was almost sure of it even before i did this.

          it definitely wouldn't be antivirus hooking in that low would it? (and even so, why would it only hook it from that particular serveR)
          Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

          Comment


          • #6
            Re: mail with attachment not received

            Originally posted by Sembee View Post
            That is classic interference.
            Something scanning something it shouldn't be. AV software without the exclusions, SMTP scanning on a firewall etc.

            Got to point the finger at the CrazyDomains SMTP server - although getting them to admit it is going to be difficult.
            They're probably going to say:

            "Since sending the exact same mail to other recipients works, the problem must be the receiving server."

            And that's a good point, because there seem to be three conditions that all have to be met for the problem to manifest itself: the sender must be using CrazyDomains, the recipient must be in the "customer" domain, and the mail must contain an attachment of a certain type and size.

            @tehcamel: Have you tried increasing the timeout value for the SMTP receive connector?

            Comment


            • #7
              Re: mail with attachment not received

              no, i shall look into that, thanks
              Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

              Comment


              • #8
                Sorry to resurrect such an old thread, but we have this EXACT same problem and I've been all over Google trying to figure it out. Did you ever solve this? I've tried everything that I can think of and this is still happening. I am able to reproduce it consistently. I have one of the offending attachments in an email in my Gmail account and if I email it to my work account it fails, just like above, but if I remove the attachment and send it the message comes through.

                Comment


                • #9
                  I beleive from memory, it was an issue with the sending party's mailserver
                  Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                  Comment

                  Working...
                  X