jb1023
asked on
4.4.1 AND 4.4.2 SMTP Send Errors
I am having a big problem with not being able to send email to some domains outside my network. Some email goes but most does not. This is a new install of Exchange 2007 SP1 on a Win 2003 virtual machine. I have setup a RDNS/PTR record with my ISP as well as setting up the appropriate records for the domain using http://www.zoneedit.com for my managed external DNS. According to http://www.mxtoolbox.com everything is setup properly. The contents of my SMTP Send log are:
-------------------------- ----------
2010-08-24T17:14:47.339Z,S MTP,08CD11 16152857BE ,0,,209.15 0.204.167: 25,*,,atte mpting to connect
2010-08-24T17:14:47.417Z,S MTP,08CD11 16152857BE ,1,192.168 .0.95:1985 7,209.150. 204.167:25 ,+,,
2010-08-24T17:14:47.495Z,S MTP,08CD11 16152857BE ,2,192.168 .0.95:1985 7,209.150. 204.167:25 ,<,"220 Server10.rmisecurity.net Microsoft ESMTP MAIL Service ready at Tue, 24 Aug 2010 11:14:47 -0600",
2010-08-24T17:14:47.495Z,S MTP,08CD11 16152857BE ,3,192.168 .0.95:1985 7,209.150. 204.167:25 ,>,EHLO tbc-exch.thouttbrosinc.com ,
2010-08-24T17:14:47.573Z,S MTP,08CD11 16152857BE ,4,192.168 .0.95:1985 7,209.150. 204.167:25 ,<,250-Ser ver10.rmis ecurity.ne t Hello [70.89.160.225],
2010-08-24T17:14:47.573Z,S MTP,08CD11 16152857BE ,5,192.168 .0.95:1985 7,209.150. 204.167:25 ,<,250-SIZ E,
2010-08-24T17:14:47.573Z,S MTP,08CD11 16152857BE ,6,192.168 .0.95:1985 7,209.150. 204.167:25 ,<,250-PIP ELINING,
2010-08-24T17:14:47.573Z,S MTP,08CD11 16152857BE ,7,192.168 .0.95:1985 7,209.150. 204.167:25 ,<,250-DSN ,
2010-08-24T17:14:47.573Z,S MTP,08CD11 16152857BE ,8,192.168 .0.95:1985 7,209.150. 204.167:25 ,<,250-ENH ANCEDSTATU SCODES,
2010-08-24T17:14:47.573Z,S MTP,08CD11 16152857BE ,9,192.168 .0.95:1985 7,209.150. 204.167:25 ,<,250-STA RTTLS,
2010-08-24T17:14:47.573Z,S MTP,08CD11 16152857BE ,10,192.16 8.0.95:198 57,209.150 .204.167:2 5,<,250-X- ANONYMOUST LS,
2010-08-24T17:14:47.573Z,S MTP,08CD11 16152857BE ,11,192.16 8.0.95:198 57,209.150 .204.167:2 5,<,250-AU TH NTLM,
2010-08-24T17:14:47.573Z,S MTP,08CD11 16152857BE ,12,192.16 8.0.95:198 57,209.150 .204.167:2 5,<,250-X- EXPS GSSAPI NTLM,
2010-08-24T17:14:47.573Z,S MTP,08CD11 16152857BE ,13,192.16 8.0.95:198 57,209.150 .204.167:2 5,<,250-8B ITMIME,
2010-08-24T17:14:47.573Z,S MTP,08CD11 16152857BE ,14,192.16 8.0.95:198 57,209.150 .204.167:2 5,<,250-BI NARYMIME,
2010-08-24T17:14:47.573Z,S MTP,08CD11 16152857BE ,15,192.16 8.0.95:198 57,209.150 .204.167:2 5,<,250-CH UNKING,
2010-08-24T17:14:47.573Z,S MTP,08CD11 16152857BE ,16,192.16 8.0.95:198 57,209.150 .204.167:2 5,<,250-XE XCH50,
2010-08-24T17:14:47.573Z,S MTP,08CD11 16152857BE ,17,192.16 8.0.95:198 57,209.150 .204.167:2 5,<,250-XR DST,
2010-08-24T17:14:47.573Z,S MTP,08CD11 16152857BE ,18,192.16 8.0.95:198 57,209.150 .204.167:2 5,<,250 XSHADOW,
2010-08-24T17:14:47.573Z,S MTP,08CD11 16152857BE ,19,192.16 8.0.95:198 57,209.150 .204.167:2 5,>,STARTT LS,
2010-08-24T17:14:47.651Z,S MTP,08CD11 16152857BE ,20,192.16 8.0.95:198 57,209.150 .204.167:2 5,<,220 2.0.0 SMTP server ready,
2010-08-24T17:14:47.651Z,S MTP,08CD11 16152857BE ,21,192.16 8.0.95:198 57,209.150 .204.167:2 5,*,,Sendi ng certificate
2010-08-24T17:14:47.651Z,S MTP,08CD11 16152857BE ,22,192.16 8.0.95:198 57,209.150 .204.167:2 5,*,CN=tbc -exch.thou ttbrosinc. com,Certif icate subject
2010-08-24T17:14:47.651Z,S MTP,08CD11 16152857BE ,23,192.16 8.0.95:198 57,209.150 .204.167:2 5,*,CN=tbc -exch.thou ttbrosinc. com,Certif icate issuer name
2010-08-24T17:14:47.651Z,S MTP,08CD11 16152857BE ,24,192.16 8.0.95:198 57,209.150 .204.167:2 5,*,C03DB4 E2349C5CB3 4AD5CF50FA 72DC45,Cer tificate serial number
2010-08-24T17:14:47.651Z,S MTP,08CD11 16152857BE ,25,192.16 8.0.95:198 57,209.150 .204.167:2 5,*,D3A4AD 300E5A09E5 32CEB99367 81ED74CEA4 368A,Certi ficate thumbprint
2010-08-24T17:14:47.651Z,S MTP,08CD11 16152857BE ,26,192.16 8.0.95:198 57,209.150 .204.167:2 5,*,tbc-ex ch.thouttb rosinc.com ;email.tho uttbrosinc .com;autod iscover.th outtbrosin c.com;thou ttbrosinc. com,Certif icate alternate names
-------------------------- ---------- ------
I don't see anything there to indicate a reason for the error. I ran a dcdiag /test:dns /v /dns.txt and the results are:
-------------------------- ---------- -----
TEST: Records registration (RReg)
Network Adapter
[00000017] Microsoft Virtual Network Switch Adapter:
Warning:
Missing A record at DNS server 192.168.0.93:
TBC-DC-1.thouttbrosinc.com
Warning: Record Registrations not found in some network adapters
TBC-DC-1 PASS PASS PASS PASS PASS WARN n/a
......................... thouttbrosinc.com passed test DNS
-------------------------- ---------- -------
Again, I don't see anything that would indicate a major issue.
If anybody has any ideas I would greatly appreciate them. I have been working on this for days now and people are starting to get a bit agitated. If more info is needed to help just let me know. Thanks.
--------------------------
2010-08-24T17:14:47.339Z,S
2010-08-24T17:14:47.417Z,S
2010-08-24T17:14:47.495Z,S
2010-08-24T17:14:47.495Z,S
2010-08-24T17:14:47.573Z,S
2010-08-24T17:14:47.573Z,S
2010-08-24T17:14:47.573Z,S
2010-08-24T17:14:47.573Z,S
2010-08-24T17:14:47.573Z,S
2010-08-24T17:14:47.573Z,S
2010-08-24T17:14:47.573Z,S
2010-08-24T17:14:47.573Z,S
2010-08-24T17:14:47.573Z,S
2010-08-24T17:14:47.573Z,S
2010-08-24T17:14:47.573Z,S
2010-08-24T17:14:47.573Z,S
2010-08-24T17:14:47.573Z,S
2010-08-24T17:14:47.573Z,S
2010-08-24T17:14:47.573Z,S
2010-08-24T17:14:47.573Z,S
2010-08-24T17:14:47.651Z,S
2010-08-24T17:14:47.651Z,S
2010-08-24T17:14:47.651Z,S
2010-08-24T17:14:47.651Z,S
2010-08-24T17:14:47.651Z,S
2010-08-24T17:14:47.651Z,S
2010-08-24T17:14:47.651Z,S
--------------------------
I don't see anything there to indicate a reason for the error. I ran a dcdiag /test:dns /v /dns.txt and the results are:
--------------------------
TEST: Records registration (RReg)
Network Adapter
[00000017] Microsoft Virtual Network Switch Adapter:
Warning:
Missing A record at DNS server 192.168.0.93:
TBC-DC-1.thouttbrosinc.com
Warning: Record Registrations not found in some network adapters
TBC-DC-1 PASS PASS PASS PASS PASS WARN n/a
......................... thouttbrosinc.com passed test DNS
--------------------------
Again, I don't see anything that would indicate a major issue.
If anybody has any ideas I would greatly appreciate them. I have been working on this for days now and people are starting to get a bit agitated. If more info is needed to help just let me know. Thanks.
ASKER
It has been about 10 days or so.
Have you tried using a smarthost?
2010-08-4T17:14:47.573Z,SM TP,08CD111 6152857BE, 4,192.168. 0.95:19857 ,209.150.2 04.167:25, <,250-Serv er10.rmise curity.net Hello [70.89.160.225],
who is 70.89.160.225 in this conversation?
who is 70.89.160.225 in this conversation?
I think this is your ISP?
http://business.comcast.com/
http://business.comcast.com/
Authors ISP sorry
ASKER
No. I had this all working on a previous server till it died and my backups were of the db only, not the settings. I suppose I could try that for a bit to see if it would work but ultimately I want to figure out why I am having this problem. My host name is the same, tbc-exch.thouttbrosinc.com and my IP is the same, 70.89.160.227 and thus I am lost. I will contact Comcast to see what they say about me using them as a smarthost in the meantime though.
ASKER
225 is the wan port on my firewall. Not sure why that would be inserting itself there. I have one-to-one NAT setup adn 227 is assigned to the Exchange services.
Is 192.168.0.95 the same ip as the old server or a new one? If new you may need to adjust your firewall address transforms for the new IP (that would be for outbound connections from your exchange server to show as .227)
Comcast may be preventing you from sending
ASKER
Dave,
.95 was assigned to the old and now to the new server. Same with .227 for the external, it was both the old and the new.
Jamie,
I called Comcast and "they said" they were not blocking any traffic. Of course when setting up the RDNS it also too 4 calls over 2 days before they spelled my URL correctly.
.95 was assigned to the old and now to the new server. Same with .227 for the external, it was both the old and the new.
Jamie,
I called Comcast and "they said" they were not blocking any traffic. Of course when setting up the RDNS it also too 4 calls over 2 days before they spelled my URL correctly.
Really strange,
Are you getting any bouncebacks, or is it just delay messages?
Are you getting any bouncebacks, or is it just delay messages?
ASKER
We get a delay message after 4 hrs and then a queue expired notice after 2 days (#550 4.4.7 QUEUE.Expired; message expired ##).
I just can't figure out why my server would be responding with the IP of my WAN port rather than its own NAT assigned IP.
I just can't figure out why my server would be responding with the IP of my WAN port rather than its own NAT assigned IP.
Try just using DNS instead of Smarthost to troubleshoot
I think your emails are getting blocked by servers that enforce "HELO Restrictions"
That happens when there is no A, PTR, MX or FQDN record for the IP of a host that is connecting to it.
I could not find any records (obviously) for the wan port of your firewall
Was there some MAC address assoc. with the old server in your firewall config?
That happens when there is no A, PTR, MX or FQDN record for the IP of a host that is connecting to it.
I could not find any records (obviously) for the wan port of your firewall
Was there some MAC address assoc. with the old server in your firewall config?
Take out the smarthost to test and chase up the people that sort your records out
ASKER
I think I have my A, PTR, MX and FQDN all setup correctly. When I run the tools at mxtoolbox.com everything comes back with the correct info. I just checked my public DNS settings on zoneedit as well as verify that godaddy had the correct DNS servers listed and that is all correct. I also added an SPF record to zoneedit, just because I've seen that pop up in a few threads but did not expect much as I've never had to have one before.
I definitely did not have any sort of MAC address associations in my firewall.
I definitely did not have any sort of MAC address associations in my firewall.
Have you tried removing the smarthost?
When you do it you will need to restart SMTP
When you do it you will need to restart SMTP
ASKER
I don't have a smarthost. Not sure what you mean by "chase up the people that sort your records out". If you are talking about DNS settings, Comcast hosts our RDNS but for all other DNS records I have an account with Zoneedit and manage that myself.
ASKER
Thanks Jamie and Dave, I appreciate both of you taking the time to help. I'll be back in 90 minutes as I have to leave the office but will continue this when I get back. Thanks again.
Not to worry, will be interesting to find out what the issue is
Yes your records are correct for your smtp server but if responding smtp servers or MTAs are checking info on your WAN IP (because that is what is in the helo responce) what will they see... not much.
Also mxtoolbox diagnostics will only prove that they can send you mail, not the other way around.
I think at this point that your firewall see something different about your new server for some reason... port, mac, i don't know. Was your old server multi-homed?
Also mxtoolbox diagnostics will only prove that they can send you mail, not the other way around.
I think at this point that your firewall see something different about your new server for some reason... port, mac, i don't know. Was your old server multi-homed?
ASKER
I'm not seeing anything in the firewall but obviously it is there somewhere so I will keep looking. The only references to the .225 IP I can find is in reference to the WAN address.
The Exchange server is actually running on a virtual OS with only a single virtual adapter but it is hosted on a multi-homed server, if that matters.
The Exchange server is actually running on a virtual OS with only a single virtual adapter but it is hosted on a multi-homed server, if that matters.
ASKER
So after making the change in the firewall, as per dpk_wal, this is what I get when I try to send an email. Obviously they still don't go but I don't see the wrong IP anymore but now I don't see any IP at all.
__________________________ __________ __________ __________ __________ __________ _______
2010-08-25T01:33:35.112Z,S MTP,08CD11 1615286874 ,15,192.16 8.0.95:296 51,208.65. 145.11:25, -,,Remote
2010-08-25T01:33:35.159Z,S MTP,08CD11 1615286874 ,1,192.168 .0.95:2967 7,208.65.1 45.11:25,+ ,,
2010-08-25T01:33:35.190Z,S MTP,08CD11 1615286874 ,2,192.168 .0.95:2967 7,208.65.1 45.11:25,< ,"220 p02c12m074.mxlogic.net ESMTP mxl_mta-6.7.0-1 [74310940.4702780.00-2003] ; Tue, 24 Aug 2010 19:33:35 -0600 (MDT); NO UCE, INBOUND",
2010-08-25T01:33:35.190Z,S MTP,08CD11 1615286874 ,3,192.168 .0.95:2967 7,208.65.1 45.11:25,> ,EHLO tbc-exch.thouttbrosinc.com ,
2010-08-25T01:33:35.237Z,S MTP,08CD11 1615286874 ,4,192.168 .0.95:2967 7,208.65.1 45.11:25,< ,250-p02c1 2m074.mxlo gic.net,
2010-08-25T01:33:35.237Z,S MTP,08CD11 1615286874 ,5,192.168 .0.95:2967 7,208.65.1 45.11:25,< ,250-SIZE 0,
2010-08-25T01:33:35.237Z,S MTP,08CD11 1615286874 ,6,192.168 .0.95:2967 7,208.65.1 45.11:25,< ,250-START TLS,
2010-08-25T01:33:35.237Z,S MTP,08CD11 1615286874 ,7,192.168 .0.95:2967 7,208.65.1 45.11:25,< ,250-SUBMI TTER,
2010-08-25T01:33:35.237Z,S MTP,08CD11 1615286874 ,8,192.168 .0.95:2967 7,208.65.1 45.11:25,< ,250 PIPELINING,
2010-08-25T01:33:35.237Z,S MTP,08CD11 1615286874 ,9,192.168 .0.95:2967 7,208.65.1 45.11:25,* ,5323,send ing message
2010-08-25T01:33:35.237Z,S MTP,08CD11 1615286874 ,10,192.16 8.0.95:296 77,208.65. 145.11:25, >,MAIL FROM:<janice@thouttbrosinc .com> SIZE=48161,
2010-08-25T01:33:35.237Z,S MTP,08CD11 1615286874 ,11,192.16 8.0.95:296 77,208.65. 145.11:25, >,RCPT TO:<dlawrenc@ball.com>,
2010-08-25T01:33:35.268Z,S MTP,08CD11 1615286874 ,12,192.16 8.0.95:296 77,208.65. 145.11:25, <,250 Sender Ok,
__________________________
2010-08-25T01:33:35.112Z,S
2010-08-25T01:33:35.159Z,S
2010-08-25T01:33:35.190Z,S
2010-08-25T01:33:35.190Z,S
2010-08-25T01:33:35.237Z,S
2010-08-25T01:33:35.237Z,S
2010-08-25T01:33:35.237Z,S
2010-08-25T01:33:35.237Z,S
2010-08-25T01:33:35.237Z,S
2010-08-25T01:33:35.237Z,S
2010-08-25T01:33:35.237Z,S
2010-08-25T01:33:35.237Z,S
2010-08-25T01:33:35.268Z,S
I don't see a post from dpk_wal, what was changed? What FW are you using if you care to say?
ASKER
SonicWall 2040 Enhanced OS.
Actually the post in my thread was from bryon44035v3 who referenced an earlier thread by dpk_wal, sorry for the confusion on that.
https://www.experts-exchange.com/questions/26427090/HELO-Response-Sending-Wrong-IP-Address.html
Actually the post in my thread was from bryon44035v3 who referenced an earlier thread by dpk_wal, sorry for the confusion on that.
https://www.experts-exchange.com/questions/26427090/HELO-Response-Sending-Wrong-IP-Address.html
ASKER
Here is a recent log entry form the SMTP Send Log:
__________________________ __________ __________ __________ __________ __________ _______
2010-08-25T15:08:20.134Z,S MTP,08CD11 16152874A6 ,0,,216.32 .180.22:25 ,*,,attemp ting to connect
2010-08-25T15:08:20.212Z,S MTP,08CD11 16152874A6 ,1,192.168 .0.95:4048 9,216.32.1 80.22:25,+ ,,
2010-08-25T15:08:20.275Z,S MTP,08CD11 16152874A6 ,2,192.168 .0.95:4048 9,216.32.1 80.22:25,< ,"220 VA3EHSMHS022.bigfish.com Microsoft ESMTP MAIL Service ready at Wed, 25 Aug 2010 15:08:20 +0000",
2010-08-25T15:08:20.275Z,S MTP,08CD11 16152874A6 ,3,192.168 .0.95:4048 9,216.32.1 80.22:25,> ,EHLO tbc-exch.thouttbrosinc.com ,
2010-08-25T15:08:20.337Z,S MTP,08CD11 16152874A6 ,4,192.168 .0.95:4048 9,216.32.1 80.22:25,< ,250-VA3EH SMHS022.bi gfish.com Hello [70.89.160.227],
2010-08-25T15:08:20.337Z,S MTP,08CD11 16152874A6 ,5,192.168 .0.95:4048 9,216.32.1 80.22:25,< ,250-SIZE 157286400,
2010-08-25T15:08:20.337Z,S MTP,08CD11 16152874A6 ,6,192.168 .0.95:4048 9,216.32.1 80.22:25,< ,250-PIPEL INING,
2010-08-25T15:08:20.337Z,S MTP,08CD11 16152874A6 ,7,192.168 .0.95:4048 9,216.32.1 80.22:25,< ,250-ENHAN CEDSTATUSC ODES,
2010-08-25T15:08:20.337Z,S MTP,08CD11 16152874A6 ,8,192.168 .0.95:4048 9,216.32.1 80.22:25,< ,250-START TLS,
2010-08-25T15:08:20.337Z,S MTP,08CD11 16152874A6 ,9,192.168 .0.95:4048 9,216.32.1 80.22:25,< ,250-AUTH,
2010-08-25T15:08:20.337Z,S MTP,08CD11 16152874A6 ,10,192.16 8.0.95:404 89,216.32. 180.22:25, <,250-8BIT MIME,
2010-08-25T15:08:20.337Z,S MTP,08CD11 16152874A6 ,11,192.16 8.0.95:404 89,216.32. 180.22:25, <,250-BINA RYMIME,
2010-08-25T15:08:20.337Z,S MTP,08CD11 16152874A6 ,12,192.16 8.0.95:404 89,216.32. 180.22:25, <,250 CHUNKING,
2010-08-25T15:08:20.337Z,S MTP,08CD11 16152874A6 ,13,192.16 8.0.95:404 89,216.32. 180.22:25, >,STARTTLS ,
2010-08-25T15:08:20.400Z,S MTP,08CD11 16152874A6 ,14,192.16 8.0.95:404 89,216.32. 180.22:25, <,220 2.0.0 SMTP server ready,
2010-08-25T15:08:20.400Z,S MTP,08CD11 16152874A6 ,15,192.16 8.0.95:404 89,216.32. 180.22:25, *,,Sending certificate
2010-08-25T15:08:20.400Z,S MTP,08CD11 16152874A6 ,16,192.16 8.0.95:404 89,216.32. 180.22:25, *,CN=tbc-e xch.thoutt brosinc.co m,Certific ate subject
2010-08-25T15:08:20.400Z,S MTP,08CD11 16152874A6 ,17,192.16 8.0.95:404 89,216.32. 180.22:25, *,CN=tbc-e xch.thoutt brosinc.co m,Certific ate issuer name
2010-08-25T15:08:20.400Z,S MTP,08CD11 16152874A6 ,18,192.16 8.0.95:404 89,216.32. 180.22:25, *,C03DB4E2 349C5CB34A D5CF50FA72 DC45,Certi ficate serial number
2010-08-25T15:08:20.400Z,S MTP,08CD11 16152874A6 ,19,192.16 8.0.95:404 89,216.32. 180.22:25, *,D3A4AD30 0E5A09E532 CEB9936781 ED74CEA436 8A,Certifi cate thumbprint
2010-08-25T15:08:20.400Z,S MTP,08CD11 16152874A6 ,20,192.16 8.0.95:404 89,216.32. 180.22:25, *,tbc-exch .thouttbro sinc.com;e mail.thout tbrosinc.c om;autodis cover.thou ttbrosinc. com;thoutt brosinc.co m,Certific ate alternate names
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------
As you can see the correct IP is now being issued and yet the email is still not flowing. One thing I noticed is that the certificate gets issued, an acknowledgment of sorts and then nothing. Could there be something with my certificate that is causing a problem? Sorry, I'm grasping at this point.
__________________________
2010-08-25T15:08:20.134Z,S
2010-08-25T15:08:20.212Z,S
2010-08-25T15:08:20.275Z,S
2010-08-25T15:08:20.275Z,S
2010-08-25T15:08:20.337Z,S
2010-08-25T15:08:20.337Z,S
2010-08-25T15:08:20.337Z,S
2010-08-25T15:08:20.337Z,S
2010-08-25T15:08:20.337Z,S
2010-08-25T15:08:20.337Z,S
2010-08-25T15:08:20.337Z,S
2010-08-25T15:08:20.337Z,S
2010-08-25T15:08:20.337Z,S
2010-08-25T15:08:20.337Z,S
2010-08-25T15:08:20.400Z,S
2010-08-25T15:08:20.400Z,S
2010-08-25T15:08:20.400Z,S
2010-08-25T15:08:20.400Z,S
2010-08-25T15:08:20.400Z,S
2010-08-25T15:08:20.400Z,S
2010-08-25T15:08:20.400Z,S
--------------------------
As you can see the correct IP is now being issued and yet the email is still not flowing. One thing I noticed is that the certificate gets issued, an acknowledgment of sorts and then nothing. Could there be something with my certificate that is causing a problem? Sorry, I'm grasping at this point.
pls check your postmaster mailbox
ASKER
I just setup a postmaster mailbox this morning but so far there is nothing in it.
In addition to the firewall not being setup right I also discovered that I was using the wrong SSL cert. Both are now fixed and yet the problem continues. Here is a section of the queue after fixing the SSL. It says it is sending but the message just sits in the queue.
__________________________ __________ __________ __________ __________ __________ _______
2010-08-26T00:43:30.069Z,S MTP,08CD11 1615288A8F ,0,,65.54. 188.72:25, *,,attempt ing to connect
2010-08-26T00:43:30.131Z,S MTP,08CD11 1615288A8F ,1,192.168 .0.95:5332 3,65.54.18 8.72:25,+, ,
2010-08-26T00:43:30.194Z,S MTP,08CD11 1615288A8F ,2,192.168 .0.95:5332 3,65.54.18 8.72:25,<, "220 bay0-mc1-f8.Bay0.hotmail.c om Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.msn.com/Anti-spam/. Violations will result in use of equipment located in California and other states. Wed, 25 Aug 2010 17:43:30 -0700 ",
2010-08-26T00:43:30.194Z,S MTP,08CD11 1615288A8F ,3,192.168 .0.95:5332 3,65.54.18 8.72:25,>, EHLO tbc-exch.thouttbrosinc.com ,
2010-08-26T00:43:30.256Z,S MTP,08CD11 1615288A8F ,4,192.168 .0.95:5332 3,65.54.18 8.72:25,<, 250-bay0-m c1-f8.Bay0 .hotmail.c om (3.11.0.113) Hello [70.89.160.227],
2010-08-26T00:43:30.256Z,S MTP,08CD11 1615288A8F ,5,192.168 .0.95:5332 3,65.54.18 8.72:25,<, 250-SIZE 29696000,
2010-08-26T00:43:30.256Z,S MTP,08CD11 1615288A8F ,6,192.168 .0.95:5332 3,65.54.18 8.72:25,<, 250-PIPELI NING,
2010-08-26T00:43:30.256Z,S MTP,08CD11 1615288A8F ,7,192.168 .0.95:5332 3,65.54.18 8.72:25,<, 250-8bitmi me,
2010-08-26T00:43:30.256Z,S MTP,08CD11 1615288A8F ,8,192.168 .0.95:5332 3,65.54.18 8.72:25,<, 250-BINARY MIME,
2010-08-26T00:43:30.256Z,S MTP,08CD11 1615288A8F ,9,192.168 .0.95:5332 3,65.54.18 8.72:25,<, 250-CHUNKI NG,
2010-08-26T00:43:30.256Z,S MTP,08CD11 1615288A8F ,10,192.16 8.0.95:533 23,65.54.1 88.72:25,< ,250-AUTH LOGIN,
2010-08-26T00:43:30.256Z,S MTP,08CD11 1615288A8F ,11,192.16 8.0.95:533 23,65.54.1 88.72:25,< ,250-AUTH= LOGIN,
2010-08-26T00:43:30.256Z,S MTP,08CD11 1615288A8F ,12,192.16 8.0.95:533 23,65.54.1 88.72:25,< ,250 OK,
2010-08-26T00:43:30.256Z,S MTP,08CD11 1615288A8F ,13,192.16 8.0.95:533 23,65.54.1 88.72:25,* ,6391,send ing message
2010-08-26T00:43:30.256Z,S MTP,08CD11 1615288A8F ,14,192.16 8.0.95:533 23,65.54.1 88.72:25,> ,MAIL FROM:<jeff@thouttbrosinc.c om> SIZE=2190,
2010-08-26T00:43:30.256Z,S MTP,08CD11 1615288A8F ,15,192.16 8.0.95:533 23,65.54.1 88.72:25,> ,RCPT TO:<jbulick@hotmail.com>,
2010-08-26T00:43:30.319Z,S MTP,08CD11 1615288A8F ,16,192.16 8.0.95:533 23,65.54.1 88.72:25,< ,250 jeff@thouttbrosinc.com.... Sender OK,
2010-08-26T00:44:28.444Z,S MTP,08CD11 1615288A8F ,17,192.16 8.0.95:533 23,65.54.1 88.72:25,- ,,Remote
In addition to the firewall not being setup right I also discovered that I was using the wrong SSL cert. Both are now fixed and yet the problem continues. Here is a section of the queue after fixing the SSL. It says it is sending but the message just sits in the queue.
__________________________
2010-08-26T00:43:30.069Z,S
2010-08-26T00:43:30.131Z,S
2010-08-26T00:43:30.194Z,S
2010-08-26T00:43:30.194Z,S
2010-08-26T00:43:30.256Z,S
2010-08-26T00:43:30.256Z,S
2010-08-26T00:43:30.256Z,S
2010-08-26T00:43:30.256Z,S
2010-08-26T00:43:30.256Z,S
2010-08-26T00:43:30.256Z,S
2010-08-26T00:43:30.256Z,S
2010-08-26T00:43:30.256Z,S
2010-08-26T00:43:30.256Z,S
2010-08-26T00:43:30.256Z,S
2010-08-26T00:43:30.256Z,S
2010-08-26T00:43:30.256Z,S
2010-08-26T00:43:30.319Z,S
2010-08-26T00:44:28.444Z,S
Hmm, no bounce... something picked it up from yesterday.
Re-sent check now.
Re-sent check now.
ASKER
I was just able to obtain a receive log from one of the domains that we are not able to send email to. I am including the pertinant part of each log so things can be matched up in the hopes that somebody might see something. The one thing I do see is a time out on the receive log. Could all of my emails really be timing out? I have the default values on my exchange server for timeouts so perhaps I need to bump them up some?
SEND
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -
2010-08-26T13:23:28.963Z,S MTP,08CD11 1615288D13 ,0,,209.15 0.204.167: 25,*,,atte mpting to connect
2010-08-26T13:23:29.025Z,S MTP,08CD11 1615288D13 ,1,192.168 .0.95:5608 7,209.150. 204.167:25 ,+,,
2010-08-26T13:23:29.103Z,S MTP,08CD11 1615288D13 ,2,192.168 .0.95:5608 7,209.150. 204.167:25 ,<,"220 Server10.rmisecurity.net Microsoft ESMTP MAIL Service ready at Thu, 26 Aug 2010 07:23:28 -0600",
2010-08-26T13:23:29.103Z,S MTP,08CD11 1615288D13 ,3,192.168 .0.95:5608 7,209.150. 204.167:25 ,>,EHLO tbc-exch.thouttbrosinc.com ,
2010-08-26T13:23:29.181Z,S MTP,08CD11 1615288D13 ,4,192.168 .0.95:5608 7,209.150. 204.167:25 ,<,250-Ser ver10.rmis ecurity.ne t Hello [70.89.160.227],
2010-08-26T13:23:29.181Z,S MTP,08CD11 1615288D13 ,5,192.168 .0.95:5608 7,209.150. 204.167:25 ,<,250-SIZ E,
2010-08-26T13:23:29.181Z,S MTP,08CD11 1615288D13 ,6,192.168 .0.95:5608 7,209.150. 204.167:25 ,<,250-PIP ELINING,
2010-08-26T13:23:29.181Z,S MTP,08CD11 1615288D13 ,7,192.168 .0.95:5608 7,209.150. 204.167:25 ,<,250-DSN ,
2010-08-26T13:23:29.181Z,S MTP,08CD11 1615288D13 ,8,192.168 .0.95:5608 7,209.150. 204.167:25 ,<,250-ENH ANCEDSTATU SCODES,
2010-08-26T13:23:29.181Z,S MTP,08CD11 1615288D13 ,9,192.168 .0.95:5608 7,209.150. 204.167:25 ,<,250-STA RTTLS,
2010-08-26T13:23:29.181Z,S MTP,08CD11 1615288D13 ,10,192.16 8.0.95:560 87,209.150 .204.167:2 5,<,250-X- ANONYMOUST LS,
2010-08-26T13:23:29.181Z,S MTP,08CD11 1615288D13 ,11,192.16 8.0.95:560 87,209.150 .204.167:2 5,<,250-AU TH NTLM,
2010-08-26T13:23:29.181Z,S MTP,08CD11 1615288D13 ,12,192.16 8.0.95:560 87,209.150 .204.167:2 5,<,250-X- EXPS GSSAPI NTLM,
2010-08-26T13:23:29.181Z,S MTP,08CD11 1615288D13 ,13,192.16 8.0.95:560 87,209.150 .204.167:2 5,<,250-8B ITMIME,
2010-08-26T13:23:29.181Z,S MTP,08CD11 1615288D13 ,14,192.16 8.0.95:560 87,209.150 .204.167:2 5,<,250-BI NARYMIME,
2010-08-26T13:23:29.181Z,S MTP,08CD11 1615288D13 ,15,192.16 8.0.95:560 87,209.150 .204.167:2 5,<,250-CH UNKING,
2010-08-26T13:23:29.181Z,S MTP,08CD11 1615288D13 ,16,192.16 8.0.95:560 87,209.150 .204.167:2 5,<,250-XE XCH50,
2010-08-26T13:23:29.181Z,S MTP,08CD11 1615288D13 ,17,192.16 8.0.95:560 87,209.150 .204.167:2 5,<,250-XR DST,
2010-08-26T13:23:29.181Z,S MTP,08CD11 1615288D13 ,18,192.16 8.0.95:560 87,209.150 .204.167:2 5,<,250 XSHADOW,
2010-08-26T13:23:29.181Z,S MTP,08CD11 1615288D13 ,19,192.16 8.0.95:560 87,209.150 .204.167:2 5,>,STARTT LS,
2010-08-26T13:23:29.244Z,S MTP,08CD11 1615288D13 ,20,192.16 8.0.95:560 87,209.150 .204.167:2 5,<,220 2.0.0 SMTP server ready,
2010-08-26T13:23:29.244Z,S MTP,08CD11 1615288D13 ,21,192.16 8.0.95:560 87,209.150 .204.167:2 5,*,,Sendi ng certificate
2010-08-26T13:23:29.244Z,S MTP,08CD11 1615288D13 ,22,192.16 8.0.95:560 87,209.150 .204.167:2 5,*,"CN=th outtbrosin c.com, OU=Domain Control Validated, O=thouttbrosinc.com",Certi ficate subject
2010-08-26T13:23:29.244Z,S MTP,08CD11 1615288D13 ,23,192.16 8.0.95:560 87,209.150 .204.167:2 5,*,"SERIA LNUMBER=07 969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O=""GoDaddy.com, Inc."", L=Scottsdale, S=Arizona, C=US",Certificate issuer name
2010-08-26T13:23:29.244Z,S MTP,08CD11 1615288D13 ,24,192.16 8.0.95:560 87,209.150 .204.167:2 5,*,27A0B0 80E94416,C ertificate serial number
2010-08-26T13:23:29.244Z,S MTP,08CD11 1615288D13 ,25,192.16 8.0.95:560 87,209.150 .204.167:2 5,*,2DCAFC B00B11199E 58BCBBFAEF C4760A2708 0D87,Certi ficate thumbprint
2010-08-26T13:23:29.244Z,S MTP,08CD11 1615288D13 ,26,192.16 8.0.95:560 87,209.150 .204.167:2 5,*,thoutt brosinc.co m;www.thouttbrosinc.com;tbc-exch.thouttbrosinc.com;autodiscover.thouttbrosinc.com;email.thouttbrosinc.com,Certificate alternate names
RECEIVE
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -
2010-08-26T00:04:14.442Z,S ERVER10\De fault SERVER10,08CD124BDD55BB66, 27,10.100. 200.251:25 ,70.89.160 .227:60113 ,-,,Local
2010-08-26T00:04:14.590Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 0,10.100.2 00.251:25, 70.89.160. 227:60227, +,,
2010-08-26T00:04:14.590Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 1,10.100.2 00.251:25, 70.89.160. 227:60227, *,SMTPSubm it SMTPAcceptAnySender SMTPAcceptAuthoritativeDom ainSender AcceptRoutingHeaders,Set Session Permissions
2010-08-26T00:04:14.591Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 2,10.100.2 00.251:25, 70.89.160. 227:60227, >,"220 Server10.rmisecurity.net Microsoft ESMTP MAIL Service ready at Wed, 25 Aug 2010 18:04:14 -0600",
2010-08-26T00:04:14.661Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 3,10.100.2 00.251:25, 70.89.160. 227:60227, <,EHLO tbc-exch.thouttbrosinc.com ,
2010-08-26T00:04:14.661Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 4,10.100.2 00.251:25, 70.89.160. 227:60227, >,250-Serv er10.rmise curity.net Hello [70.89.160.227],
2010-08-26T00:04:14.661Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 5,10.100.2 00.251:25, 70.89.160. 227:60227, >,250-SIZE ,
2010-08-26T00:04:14.661Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 6,10.100.2 00.251:25, 70.89.160. 227:60227, >,250-PIPE LINING,
2010-08-26T00:04:14.661Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 7,10.100.2 00.251:25, 70.89.160. 227:60227, >,250-DSN,
2010-08-26T00:04:14.661Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 8,10.100.2 00.251:25, 70.89.160. 227:60227, >,250-ENHA NCEDSTATUS CODES,
2010-08-26T00:04:14.661Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 9,10.100.2 00.251:25, 70.89.160. 227:60227, >,250-STAR TTLS,
2010-08-26T00:04:14.661Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 10,10.100. 200.251:25 ,70.89.160 .227:60227 ,>,250-X-A NONYMOUSTL S,
2010-08-26T00:04:14.661Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 11,10.100. 200.251:25 ,70.89.160 .227:60227 ,>,250-AUT H NTLM,
2010-08-26T00:04:14.661Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 12,10.100. 200.251:25 ,70.89.160 .227:60227 ,>,250-X-E XPS GSSAPI NTLM,
2010-08-26T00:04:14.661Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 13,10.100. 200.251:25 ,70.89.160 .227:60227 ,>,250-8BI TMIME,
2010-08-26T00:04:14.661Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 14,10.100. 200.251:25 ,70.89.160 .227:60227 ,>,250-BIN ARYMIME,
2010-08-26T00:04:14.661Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 15,10.100. 200.251:25 ,70.89.160 .227:60227 ,>,250-CHU NKING,
2010-08-26T00:04:14.661Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 16,10.100. 200.251:25 ,70.89.160 .227:60227 ,>,250-XEX CH50,
2010-08-26T00:04:14.662Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 17,10.100. 200.251:25 ,70.89.160 .227:60227 ,>,250-XRD ST,
2010-08-26T00:04:14.662Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 18,10.100. 200.251:25 ,70.89.160 .227:60227 ,>,250 XSHADOW,
2010-08-26T00:04:14.741Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 19,10.100. 200.251:25 ,70.89.160 .227:60227 ,<,MAIL FROM:<jeff@thouttbrosinc.c om> SIZE=3510,
2010-08-26T00:04:14.741Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 20,10.100. 200.251:25 ,70.89.160 .227:60227 ,*,08CD124 BDD55BB71; 2010-08-26 T00:04:14. 590Z;1,rec eiving message
2010-08-26T00:04:14.741Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 21,10.100. 200.251:25 ,70.89.160 .227:60227 ,>,250 2.1.0 Sender OK,
2010-08-26T00:09:15.615Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 22,10.100. 200.251:25 ,70.89.160 .227:60227 ,>,451 4.7.0 Timeout waiting for client input,
2010-08-26T00:09:15.615Z,S ERVER10\De fault SERVER10,08CD124BDD55BB71, 23,10.100. 200.251:25 ,70.89.160 .227:60227 ,-,,Local
SEND
--------------------------
2010-08-26T13:23:28.963Z,S
2010-08-26T13:23:29.025Z,S
2010-08-26T13:23:29.103Z,S
2010-08-26T13:23:29.103Z,S
2010-08-26T13:23:29.181Z,S
2010-08-26T13:23:29.181Z,S
2010-08-26T13:23:29.181Z,S
2010-08-26T13:23:29.181Z,S
2010-08-26T13:23:29.181Z,S
2010-08-26T13:23:29.181Z,S
2010-08-26T13:23:29.181Z,S
2010-08-26T13:23:29.181Z,S
2010-08-26T13:23:29.181Z,S
2010-08-26T13:23:29.181Z,S
2010-08-26T13:23:29.181Z,S
2010-08-26T13:23:29.181Z,S
2010-08-26T13:23:29.181Z,S
2010-08-26T13:23:29.181Z,S
2010-08-26T13:23:29.181Z,S
2010-08-26T13:23:29.181Z,S
2010-08-26T13:23:29.244Z,S
2010-08-26T13:23:29.244Z,S
2010-08-26T13:23:29.244Z,S
2010-08-26T13:23:29.244Z,S
2010-08-26T13:23:29.244Z,S
2010-08-26T13:23:29.244Z,S
2010-08-26T13:23:29.244Z,S
RECEIVE
--------------------------
2010-08-26T00:04:14.442Z,S
2010-08-26T00:04:14.590Z,S
2010-08-26T00:04:14.590Z,S
2010-08-26T00:04:14.591Z,S
2010-08-26T00:04:14.661Z,S
2010-08-26T00:04:14.661Z,S
2010-08-26T00:04:14.661Z,S
2010-08-26T00:04:14.661Z,S
2010-08-26T00:04:14.661Z,S
2010-08-26T00:04:14.661Z,S
2010-08-26T00:04:14.661Z,S
2010-08-26T00:04:14.661Z,S
2010-08-26T00:04:14.661Z,S
2010-08-26T00:04:14.661Z,S
2010-08-26T00:04:14.661Z,S
2010-08-26T00:04:14.661Z,S
2010-08-26T00:04:14.661Z,S
2010-08-26T00:04:14.661Z,S
2010-08-26T00:04:14.662Z,S
2010-08-26T00:04:14.662Z,S
2010-08-26T00:04:14.741Z,S
2010-08-26T00:04:14.741Z,S
2010-08-26T00:04:14.741Z,S
2010-08-26T00:09:15.615Z,S
2010-08-26T00:09:15.615Z,S
ASKER
msg replied to but still in queue.
Similar here
Aug 26 10:01:26 mta postfix/smtpd[7192]: connect from tbc-exch.thouttbrosinc.com [70.89.160 .227]
Aug 26 10:06:26 mta postfix/smtpd[7192]: SSL_accept error from tbc-exch.thouttbrosinc.com [70.89.160 .227]: -1
Aug 26 10:06:26 mta postfix/smtpd[7192]: lost connection after STARTTLS from tbc-exch.thouttbrosinc.com [70.89.160 .227]
Aug 26 10:06:26 mta postfix/smtpd[7192]: disconnect from tbc-exch.thouttbrosinc.com [70.89.160 .227]
Aug 26 10:06:26 mta postfix/smtpd[7192]: connect from tbc-exch.thouttbrosinc.com [70.89.160 .227]
Aug 26 10:11:26 mta postfix/anvil[7194]: statistics: max connection rate 1/60s for (smtp:70.89.160.227) at Aug 26 10:01:26
Aug 26 10:11:26 mta postfix/anvil[7194]: statistics: max connection count 1 for (smtp:70.89.160.227) at Aug 26 10:01:26
Aug 26 10:11:26 mta postfix/anvil[7194]: statistics: max cache size 2 at Aug 26 10:01:34
Aug 26 10:11:27 mta postfix/smtpd[7192]: timeout after MAIL from tbc-exch.thouttbrosinc.com [70.89.160 .227]
Aug 26 10:11:27 mta postfix/smtpd[7192]: disconnect from tbc-exch.thouttbrosinc.com [70.89.160 .227]
Aug 26 10:12:27 mta postfix/smtpd[7192]: connect from tbc-exch.thouttbrosinc.com [70.89.160 .227]
Aug 26 10:17:27 mta postfix/smtpd[7192]: SSL_accept error from tbc-exch.thouttbrosinc.com [70.89.160 .227]: -1
Aug 26 10:17:27 mta postfix/smtpd[7192]: lost connection after STARTTLS from tbc-exch.thouttbrosinc.com [70.89.160 .227]
Aug 26 10:17:27 mta postfix/smtpd[7192]: disconnect from tbc-exch.thouttbrosinc.com [70.89.160 .227]
Aug 26 10:17:27 mta postfix/smtpd[7192]: connect from tbc-exch.thouttbrosinc.com [70.89.160 .227]
Aug 26 10:01:26 mta postfix/smtpd[7192]: connect from tbc-exch.thouttbrosinc.com
Aug 26 10:06:26 mta postfix/smtpd[7192]: SSL_accept error from tbc-exch.thouttbrosinc.com
Aug 26 10:06:26 mta postfix/smtpd[7192]: lost connection after STARTTLS from tbc-exch.thouttbrosinc.com
Aug 26 10:06:26 mta postfix/smtpd[7192]: disconnect from tbc-exch.thouttbrosinc.com
Aug 26 10:06:26 mta postfix/smtpd[7192]: connect from tbc-exch.thouttbrosinc.com
Aug 26 10:11:26 mta postfix/anvil[7194]: statistics: max connection rate 1/60s for (smtp:70.89.160.227) at Aug 26 10:01:26
Aug 26 10:11:26 mta postfix/anvil[7194]: statistics: max connection count 1 for (smtp:70.89.160.227) at Aug 26 10:01:26
Aug 26 10:11:26 mta postfix/anvil[7194]: statistics: max cache size 2 at Aug 26 10:01:34
Aug 26 10:11:27 mta postfix/smtpd[7192]: timeout after MAIL from tbc-exch.thouttbrosinc.com
Aug 26 10:11:27 mta postfix/smtpd[7192]: disconnect from tbc-exch.thouttbrosinc.com
Aug 26 10:12:27 mta postfix/smtpd[7192]: connect from tbc-exch.thouttbrosinc.com
Aug 26 10:17:27 mta postfix/smtpd[7192]: SSL_accept error from tbc-exch.thouttbrosinc.com
Aug 26 10:17:27 mta postfix/smtpd[7192]: lost connection after STARTTLS from tbc-exch.thouttbrosinc.com
Aug 26 10:17:27 mta postfix/smtpd[7192]: disconnect from tbc-exch.thouttbrosinc.com
Aug 26 10:17:27 mta postfix/smtpd[7192]: connect from tbc-exch.thouttbrosinc.com
Looks like it still 'may' be cert issue
Does anything here help: http://technet.microsoft.com/en-us/library/bb510129(EXCHG.80).aspx
Does anything here help: http://technet.microsoft.com/en-us/library/bb510129(EXCHG.80).aspx
ASKER
Unfortunately I don't see anything there that is the issue. I have removed all my certs from the server, requested a new CSR from Exchange, re-keyed my cert in Godaddy and then went through the install, enable process in Exchange. I compared the lookups as per that document and I don't see any differences in the fqdn. I sent a new test email to hotmail and the msg is still in queue and the SMTP send log entry looks the same as before.
ASKER
Not sure if this matters or if perhaps they are two different functions but I am able to log into owa and FF and IE say the cert is valid. Again, could be different so don't know if that matters or not.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, so I turned it off on the send connector but not on the receive connectors and guess what...I got my test email. I guess my next question would be why and what are the risks?
ASKER
Looks like TLS is now set properly. Thank you so much Dave, I really appreciate it.
ASKER
Looks like TLS is now set properly. Thank you so much Dave, I really appreciate it.
ASKER
Dave is supposed to be getting 100 pts for one of his answers and 400 for another, not sure why the Alert says 0 pts.
Glad that's been sorted, well done Dave!
Some record changes can take up to 24 hours to append