• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 593
  • Last Modified:

Incoming e-mail rejected by SMTP/POP3 on IIS6

E-mail works fine for days at a time, then all of a sudden we get NDRs on all mail destined for local accounts:

----------
Reporting-MTA: dns;mail.example.com
Received-From-MTA: dns;hotmail.com
Arrival-Date: Fri, 5 Dec 2003 06:03:43 -0800

Final-Recipient: rfc822;ryan@example.com
Action: failed
Status: 5.0.0
----------

The NDR comes from the postmaster on our server, so it is getting that far.  Also, we're still able to relay e-mail out to the rest of the Internet (to addresses not hosted on our server).  It's worth pointing out that the only way to get that NDR is to provide a sender address that isn't local -- else the NDR gets it's own NDR in the badmail folder.

What can I do to fix this problem?  Our only method of righting the problem up until now has been to restart the entire server -- stopping and restarting SMTP hasn't helped.

We are using Windows Server 2003 Web Edition built-in SMTP/POP3 on IIS6.  There are three domains configured to the same IP.

Thank you very much for your time & Expert-ise!


Ryan

0
m0n0lith
Asked:
m0n0lith
  • 9
  • 8
1 Solution
 
m0n0lithAuthor Commented:
Did I not offer enough information?  I would be more than happy to clarify, as this odd problem is keeping us from going live...
0
 
meverestCommented:
what does your log tell you?
0
 
m0n0lithAuthor Commented:
It doesn't tell *me* much--looks to me like it thinks it's going through fine.  As if the problem happens between the SMTP and POP3.  If that is the case--is there somewhere else this would be logged?  No errors in the System Logs during this timeperiod.

From the SMTP log corresponding to the NDR above:

#Fields: date time c-ip cs-username s-computername s-ip s-port cs-method cs-uri-stem cs-uri-query sc-status sc-win32-status sc-bytes cs-bytes time-taken cs-host cs(User-Agent) cs(Referer)
2003-12-05 14:03:43 64.4.26.16 hotmail.com MAIL 20x.25.147.xxx 0 EHLO - +hotmail.com 250 0 198 16 0 - - -
2003-12-05 14:03:43 64.4.26.16 hotmail.com MAIL 20x.25.147.xxx 0 MAIL - +FROM:<tall_mott@hotmail.com> 250 0 46 42 0 - - -
2003-12-05 14:03:43 64.4.26.16 hotmail.com MAIL 20x.25.147.xxx 0 RCPT - +TO:<ryan@example.com> 250 0 31 28 0 - - -
2003-12-05 14:03:43 64.4.26.16 hotmail.com MAIL 20x.25.147.xxx 0 BDAT - +<003401c3bb38$a3ad1d60$4200a8c0@Hostname> 250 0 77 950 40 - - -
2003-12-05 14:03:43 64.4.26.16 hotmail.com MAIL 20x.25.147.xxx 0 QUIT - hotmail.com 240 70 72 4 0 - - -
2003-12-05 14:03:43 64.4.50.99 OutboundConnectionResponse MAIL - 25 - - 220+mc1-f3.hotmail.com+Microsoft+ESMTP+MAIL+Service,+Version:+5.0.2195.6713+ready+at++Fri,+5+Dec+2003+06:04:08+-0800+ 0 0 117 0 20 - - -
2003-12-05 14:03:43 64.4.50.99 OutboundConnectionCommand MAIL - 25 EHLO - mail.example.com 0 0 4 0 20 - - -
2003-12-05 14:03:43 64.4.50.99 OutboundConnectionResponse MAIL - 25 - - 250-mc1-f3.hotmail.com+(02.04.01.0011)+Hello+[209.25.147.29] 0 0 60 0 30 - - -
2003-12-05 14:03:43 64.4.50.99 OutboundConnectionCommand MAIL - 25 MAIL - FROM:<>+SIZE=2363 0 0 4 0 30 - - -
2003-12-05 14:03:43 64.4.50.99 OutboundConnectionResponse MAIL - 25 - - 250+<>....Sender+OK 0 0 19 0 30 - - -
2003-12-05 14:03:43 64.4.50.99 OutboundConnectionCommand MAIL - 25 RCPT - TO:<tall_mott@hotmail.com> 0 0 4 0 30 - - -
2003-12-05 14:03:43 64.4.50.99 OutboundConnectionResponse MAIL - 25 - - 250+tall_mott@hotmail.com+ 0 0 26 0 80 - - -
2003-12-05 14:03:43 64.4.50.99 OutboundConnectionCommand MAIL - 25 BDAT - 2363+LAST 0 0 4 0 80 - - -
2003-12-05 14:03:43 64.4.50.99 OutboundConnectionResponse MAIL - 25 - - 250++<Rqf69aZbL00000008@mail.example.com>+Queued+mail+for+delivery 0 0 73 0 221 - - -
2003-12-05 14:03:43 64.4.50.99 OutboundConnectionCommand MAIL - 25 QUIT - - 0 0 4 0 221 - - -
2003-12-05 14:03:43 64.4.50.99 OutboundConnectionResponse MAIL - 25 - - 221+mc1-f3.hotmail.com+Service+closing+transmission+channel 0 0 59 0 221 - - -


The only obvious errors I get are in the form of the NDR as I posted above.  This is very frustrating because, as you've noticed, there is no detail to the NDR error message, just 5.0.0.

Let me know if I can provide any more information, or if you need to know acutal IP and server names (I'm not sure what protocol on that stuff is around here...)  Thanks.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
meverestCommented:
what does the bounce look like?

show it here if u can.

cheers.
0
 
m0n0lithAuthor Commented:
Is this what you want?


From: postmaster@mail.example.com
To: tall_mott@hotmail.com
Subject: Delivery Status Notification (Failure)
--------------------------------------------
This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

ryan@example.com
--------------------------------------------

Attachment1: details.txt:
--------------------------------------------
Reporting-MTA: dns;mail.example.com
Received-From-MTA: dns;hotmail.com
Arrival-Date: Fri, 5 Dec 2003 06:03:43 -0800

Final-Recipient: rfc822;ryan@example.com
Action: failed
Status: 5.0.0
--------------------------------------------

Attachment2: [original e-mail message]
0
 
meverestCommented:
geez, it's rather thin on detail...

what about event viewer?

at this stage my guess would be something to do with disk quota or the like.

cheers.
0
 
m0n0lithAuthor Commented:
I guess by System Logs I meant Event Viewer -- nothing there.  Plenty of disk space -- this was a fresh install before I got ahold of it.  And the problem goes away when I restart the server.  Something that only gets restarted then -- because stopping/starting SMTP and POP3 services didn't do the trick.

If we can't figure this out, what are my best alternatives for e-mail?

Thanks.
0
 
meverestCommented:
Hi, I meant disk *quota* not disk space.

regarding logs, there *must* be a log somewhere that will provide the detail why the delivery is failing.  if it's not application log in event viewer, then look for the specific logs in the relevent log directories.  to find those, just look through the config options - the location ont he log file will be there somewhere.

cheers.
0
 
m0n0lithAuthor Commented:
Sorry about that -- how do I check the quota on POP3?  Is there a one set by default?  It's a clean install.  I am familiar with disk quotas associated with windows user accounts, but not with POP3.  Maybe this doesn't even apply as we are using the Encrypted Password File option of mail accounts instead of Windows User Accounts.

I would *love* to know where these logs are located.  Perhaps that should be my 500 point question.  Alas, I'm pretty sure they do not exist for POP3.  The only setting dealing with POP3 logs is "Event logging level" which is set to "Maximum".  As described in the Help, this means that "Critical, warning, and informational events are logged to the Event Viewer".  The only POP3 entries in the Event Viewer are startup/shutdown messages in the Application section.  There are no errors or other entries for the problems I've been having.

The only actual mail log files I've seen were for the SMTP, and you have the only relevent excerpt above.

0
 
meverestCommented:
if it were a quota issue, then you would likely see items in event viewer.

i haven't seen the win2k3 pop server, so i'm only guessing that it would behave in a similar way as others whereby any pop mail delivered to the local filesystem would be dropped with the recipient as 'owner' of the file/s created, and thus adding to their usage for quota purposes.  (if you have disk quotas enabled)

to dicover where the logs are, open up the pop server manager and look atthe properties.  assuming it will follow the usual MS control conventions, it will have a log setting which will identify the location.

cheers.
0
 
m0n0lithAuthor Commented:
the only log setting is the one about the event viewer.  i've double and triple checked!  i can't find anything on microsoft's site about iis6 pop3 -- and nobody has answered my posts to the IIS newsgroups.

so i think maybe i had better change the question to something like: "what's a good cheap/free third-party pop3 solution?"  i would still rather use the iis pop3, but if i can't guarantee it won't shut down for no apparent reason, i'm willing to look at alternatives.  any suggestions here?
0
 
meverestCommented:
i use postfix (on debian linux) plus q-popper (qualcom)

this setup handles more than 5,000 email accounts on a pII 300, 256ram, 8G disk.

too easy. ;-)

cheers.
0
 
meverestCommented:
(sorry)

for windows, maildaemon used to be good - but i have not seen the newer versions since 2001.

cheers.
0
 
m0n0lithAuthor Commented:
One More Try

I've narrowed it very slightly -- It seems only to happen when I make changes to the SMTP server.  I haven't been able to nail down which changes do it exactly, because there seems to be a delay.  I made several changes to the authentication section -- but then I set them all back.  Checking the logs, you can see that it did a mini-restart every time I clicked OK.  However, since I put all the settings back, and right-clicked on the Default SMTP Virtual Server and did a stop-and-restart, it should have been working the same as before.  Once again, any e-mail sent from the outside world was being bounced with nothing more than a 500 error.  Inter-domain e-mail local to the server continued as normal, as well as e-mail to the outside world.

For the first time ---- I was able to fix it without restarting the entire server!  I had to open the Task Manager, and manually End the "inetinfo.exe" process.  It went away, and after a short delay reappeared, having apparently restarted itself.  So what is inetinfo.exe *exactly*?  And why should it have to be booted like this?  Not even stoping/starting IIS Admin in the Services control panel wass fixing my problem, but End Task did.

Can someone else confirm having seen this behavior?
0
 
m0n0lithAuthor Commented:
It's been over a month now -- and any time I have wanted to make changes to anything having to do with SMTP, I just make sure and do an "End Task" on inetinfo.exe afterwards to fend off any evil spirits.  Seems pretty drastic, but faster than restarting the whole server.  So, until we've saved enough money for a real server (as real as you can have in Windows, anyway...), that's where it stands.

Thanks for trying to help, all!

Dear Admin: please refund my points - thanks.
0
 
JymdisCommented:
I think it has to do with if you have a domain on the server.
Pop3 is exhange technology and there is a knowledge base article:
http://support.microsoft.com/?kbid=276384

But I don't know how to apply it to the pop3 service (I got the same problem as you)
0
 
meverestCommented:
btw - sorry, i thought i had answered this question: "So what is inetinfo.exe *exactly*?"

inetinfo is the "Internet Information Server" (something like 'inetd' on some unix variants) and is the process that handles all internet server functions - web, ftp, smtp, msp, winsock proxy, etc..  i would assume that it would also look after pop3 and imap etc too.

i guess that the reason you need to restart it is because the basic system needs a restart for the right changes to stick.  microsoft have never been good at dynamic configs (heck, it took until win2k to change the ip address without restarting the server!) so i assume that the same is true in this case.

you might find that open services and restart "world wide web publishing service" (which is essentially inetinfo.exe anyway) could get the same result as killing the task - except that one would expect that using the services interface would allow you to restart in a more controlled manner than kill the task by taskmanager, and maybe avoid any by-problems that might be caused.

cheers.



0
 
m0n0lithAuthor Commented:
THE SOLUTION: Buy Merak Mail Server by Icewarp (www.icewarp.com).

Never did figure out what the problem was -- but since I did use meverest's trick (for about 3 days before buying an email server - Merak has been wonderful to us!) to restart "world wide web publishing service" instead of whacking inetinfo.exe out of the Task Manager, I am giving him the points.  Enjoy!

And sorry for the delay.  I was hoping that as 2k3 gained a userbase that someone would surface with a solution.  Alas, if anyone ever finds out what the root problem is with POP3 after a fresh install of Server 2003, you will find my hotmail address above.

Ryan
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 9
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now