EquityIT
asked on
Exchange 2010 SP1 / Barracuda Deferred (exchange.ourdomain.com:421 Internal error)
I've been having a weird issue with our Exchange 2010 server and spam filtering service, Barracuda ESS Spam Filter.
Every few minutes, in the Barracuda message log, I see this -
This only happens to replies and only messages from banks, Wells Fargo, BoA, etc... Everything else is being delivered promptly without issue. There is no common recipient, sender or subject. The message sizes range is 4-7kb.
I called Barracuda about this and they say the error is on the Exchange server. I enabled logging on the receive connector and this is what I see -
In the log above, the sequence-number ends at 20. Messages that are sent successfully usually end at 24. Like this -
Where else can I look to track down this issue? Any help is appreciated!
Every few minutes, in the Barracuda message log, I see this -
Recipients:
Recipients Action Reason Delivery Status
user@ourdomain.com Allowed Sender Policies (theirdomain.com) Deferred (exchange.ourdomain.com:421 Internal error)This only happens to replies and only messages from banks, Wells Fargo, BoA, etc... Everything else is being delivered promptly without issue. There is no common recipient, sender or subject. The message sizes range is 4-7kb.
I called Barracuda about this and they say the error is on the Exchange server. I enabled logging on the receive connector and this is what I see -
2012-01-18T19:31:45.019Z,server-name\Receive,08CE996413FFCD08,1,192.168.100.XX:25,64.235.150.202:51466,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2012-01-18T19:31:45.019Z,server-name\Receive,08CE996413FFCD08,2,192.168.100.XX:25,64.235.150.202:51466,>,"220 exchange.ourdomain.com Microsoft ESMTP MAIL Service ready at Wed, 18 Jan 2012 12:31:44 -0700",
2012-01-18T19:31:45.097Z,server-name\Receive,08CE996413FFCD08,3,192.168.100.XX:25,64.235.150.202:51466,<,EHLO ess.barracuda.com,
2012-01-18T19:31:45.097Z,server-name\Receive,08CE996413FFCD08,4,192.168.100.XX:25,64.235.150.202:51466,>,250-exchange.ourdomain.com Hello [64.235.150.202],
2012-01-18T19:31:45.097Z,server-name\Receive,08CE996413FFCD08,5,192.168.100.XX:25,64.235.150.202:51466,>,250-SIZE 30720000,
2012-01-18T19:31:45.097Z,server-name\Receive,08CE996413FFCD08,6,192.168.100.XX:25,64.235.150.202:51466,>,250-PIPELINING,
2012-01-18T19:31:45.097Z,server-name\Receive,08CE996413FFCD08,7,192.168.100.XX:25,64.235.150.202:51466,>,250-DSN,
2012-01-18T19:31:45.097Z,server-name\Receive,08CE996413FFCD08,8,192.168.100.XX:25,64.235.150.202:51466,>,250-ENHANCEDSTATUSCODES,
2012-01-18T19:31:45.097Z,server-name\Receive,08CE996413FFCD08,9,192.168.100.XX:25,64.235.150.202:51466,>,250-AUTH,
2012-01-18T19:31:45.097Z,server-name\Receive,08CE996413FFCD08,10,192.168.100.XX:25,64.235.150.202:51466,>,250-8BITMIME,
2012-01-18T19:31:45.097Z,server-name\Receive,08CE996413FFCD08,11,192.168.100.XX:25,64.235.150.202:51466,>,250-BINARYMIME,
2012-01-18T19:31:45.097Z,server-name\Receive,08CE996413FFCD08,12,192.168.100.XX:25,64.235.150.202:51466,>,250 CHUNKING,
2012-01-18T19:31:45.159Z,server-name\Receive,08CE996413FFCD08,13,192.168.100.XX:25,64.235.150.202:51466,<,MAIL FROM: <user@theirdomain.com>,
2012-01-18T19:31:45.159Z,server-name\Receive,08CE996413FFCD08,14,192.168.100.XX:25,64.235.150.202:51466,*,08CE996413FFCD08;2012-01-18T19:31:45.019Z;1,receiving message
2012-01-18T19:31:45.159Z,server-name\Receive,08CE996413FFCD08,15,192.168.100.XX:25,64.235.150.202:51466,>,250 2.1.0 Sender OK,
2012-01-18T19:31:45.237Z,server-name\Receive,08CE996413FFCD08,16,192.168.100.XX:25,64.235.150.202:51466,<,RCPT TO: <user@ourdomain.com>,
2012-01-18T19:31:45.237Z,server-name\Receive,08CE996413FFCD08,17,192.168.100.XX:25,64.235.150.202:51466,>,250 2.1.5 Recipient OK,
2012-01-18T19:31:45.300Z,server-name\Receive,08CE996413FFCD08,18,192.168.100.XX:25,64.235.150.202:51466,<,DATA,
2012-01-18T19:31:45.300Z,server-name\Receive,08CE996413FFCD08,19,192.168.100.XX:25,64.235.150.202:51466,>,354 Start mail input; end with <CRLF>.<CRLF>,
2012-01-18T19:31:45.378Z,server-name\Receive,08CE996413FFCD08,20,192.168.100.XX:25,64.235.150.202:51466,-,,RemoteIn the log above, the sequence-number ends at 20. Messages that are sent successfully usually end at 24. Like this -
2012-01-18T19:29:32.267Z,server-name\Receive,08CE996413FFCCEB,21,192.168.100.XX:25,64.235.150.203:35764,>,250 2.6.0 <72740B5AD68248E7917A5F2928BD0DC8@theirdomain.local> [InternalId=1177047] Queued mail for delivery,
2012-01-18T19:29:32.345Z,server-name\Receive,08CE996413FFCCEB,22,192.168.100.XX:25,64.235.150.203:35764,<,QUIT,
2012-01-18T19:29:32.345Z,server-name\Receive,08CE996413FFCCEB,23,192.168.100.XX:25,64.235.150.203:35764,>,221 2.0.0 Service closing transmission channel,
2012-01-18T19:29:32.345Z,server-name\Receive,08CE996413FFCCEB,24,192.168.100.XX:25,64.235.150.203:35764,-,,LocalWhere else can I look to track down this issue? Any help is appreciated!
Radweld
Easy to rule out the barracuda, modify the send connector to not use it, if the problem still persists then we can investigate Exchange.
ASKER
Radweld,
I should have been clearer and I'll edit the question but the issue is for inbound email only. Our send connector uses DNS.
I should have been clearer and I'll edit the question but the issue is for inbound email only. Our send connector uses DNS.
ASKER
Well I can't figure out how to edit, but a stated, the issue is for inbound email only.
This this issue exists when an external party replies to an email you sent. I'm guessing it doesn't get delivered.
ASKER
Radweld,
Sorry for the delay, been out sick. All the examples of the emails not getting delivered that are currently in the spam filter were started by us, replied by someone else, and now they aren't being delivered.
Sorry for the delay, been out sick. All the examples of the emails not getting delivered that are currently in the spam filter were started by us, replied by someone else, and now they aren't being delivered.
ASKER
Increased points. I would like to get this resolved. Thanks!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Here is a portion of the rejection notice the senders get -
Your assumption about TLS is correct... I'll call Barracuda and see what they can do.
Are there any solutions/workarounds you can think of? Drastic or not? I'm all ears.
Received: from mxdcmv01i.theirdomain.com (mxdcmv01i.theirdomain.com [151.151.26.XX])
by mxdfbv02i.theirdomain.com (Switch-3.4.4/Switch-3.4.4) with ESMTP id q0JJs5HW005086
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL)
for <user@ourdomain.com>; Thu, 19 Jan 2012 19:54:05 GMT
Received: from mxicmx02.theirdomain.com (mxicmx02.theirdomain.com [162.102.137.XX])
by mxdcmv01i.theirdomain.com (Switch-3.4.4/Switch-3.4.4) with ESMTP id q0JJO3b8022777
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL)
for <user@ourdomain.com>; Thu, 19 Jan 2012 19:24:04 GMTYour assumption about TLS is correct... I'll call Barracuda and see what they can do.
Are there any solutions/workarounds you can think of? Drastic or not? I'm all ears.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
In the NDR senders were getting '451 4.4.1 reply' which as you know is 'Host not responding'. After suspecting our Cisco ASA 5510, I found http://support.microsoft.com/kb/320027. I created a custom inspection map for ESMTP to not inspect TLS over ESMTP. TLS mail started flowing right away!