Millerjord
asked on
Mail is missing
Hi everybody.
I got a really big problem. We have a Symantec SMTP Server in our DMZ accepting mail from everywhere in the world to our domain. This server checks for viruses, and sends the mail through our firewall to our Lotus Domino 5.0.8 server.
I got especially one user, don't know if it is more than one, that got problems with receiving e-mails. The user knows someone has sent him an email, but he doesn't receive it.
When checking the logs, the log on the Symantec SMTP Server looks good. I have pasted an anonymized clip from the log in the bottom of this mail.
But in Notes Log, I can't find this message at all. At this point in time in the Notes Log I can see 2 connections from the Symantec SMTP server, but only one mail beeing delivered to the Domino-server.
Does anyone have an idea what can be wrong?? Or at least how I should troubleshoot??
I have seen a couple of the undelivered mails. This is a random problem, it's not a problem from some specific senders. The only thing I know these senders have in common is that they are using MS Exchange, but that should not be a problem. They even use different ISP's, and actually one of them was from our ISP.
I do not know where to go from here. Please help!
Best Regards
Rune Millerjord
Log from Symantec SMTP Server:
--------------------------
19-Oct-2004 15:49:50 Action: Message Accepted Client: IP.IP.IP.IP From: secret2@secret2.com
To: secret@secret.com Subject: RE: Oppdatering kultur Size: 3465
SMTP ID: M2004101915495029065 Connection ID: 3863
19-Oct-2004 15:49:50 Action: Disconnected Client: IP.IP.IP.IP Connection ID: 3863
19-Oct-2004 15:49:56 Action: Connected To Result: Succeeded Server: 10.100.10.2:25
Connection ID: 3865 Info: Actual
19-Oct-2004 15:49:56 Action: Message Delivered Server: 10.100.10.2:25 To: secret@secret.com
SMTP ID: M2004101915495029065 Connection ID: 3865 Last Response: 250 Message accepted for delivery
19-Oct-2004 15:49:57 Action: Disconnected Server: 10.100.10.2:25 Connection ID: 3865
Info: Cached
19-Oct-2004 15:49:57 Action: Message Processing Completed Client: IP.IP.IP.IP SMTP ID: M2004101915495029065
I got a really big problem. We have a Symantec SMTP Server in our DMZ accepting mail from everywhere in the world to our domain. This server checks for viruses, and sends the mail through our firewall to our Lotus Domino 5.0.8 server.
I got especially one user, don't know if it is more than one, that got problems with receiving e-mails. The user knows someone has sent him an email, but he doesn't receive it.
When checking the logs, the log on the Symantec SMTP Server looks good. I have pasted an anonymized clip from the log in the bottom of this mail.
But in Notes Log, I can't find this message at all. At this point in time in the Notes Log I can see 2 connections from the Symantec SMTP server, but only one mail beeing delivered to the Domino-server.
Does anyone have an idea what can be wrong?? Or at least how I should troubleshoot??
I have seen a couple of the undelivered mails. This is a random problem, it's not a problem from some specific senders. The only thing I know these senders have in common is that they are using MS Exchange, but that should not be a problem. They even use different ISP's, and actually one of them was from our ISP.
I do not know where to go from here. Please help!
Best Regards
Rune Millerjord
Log from Symantec SMTP Server:
--------------------------
19-Oct-2004 15:49:50 Action: Message Accepted Client: IP.IP.IP.IP From: secret2@secret2.com
To: secret@secret.com Subject: RE: Oppdatering kultur Size: 3465
SMTP ID: M2004101915495029065 Connection ID: 3863
19-Oct-2004 15:49:50 Action: Disconnected Client: IP.IP.IP.IP Connection ID: 3863
19-Oct-2004 15:49:56 Action: Connected To Result: Succeeded Server: 10.100.10.2:25
Connection ID: 3865 Info: Actual
19-Oct-2004 15:49:56 Action: Message Delivered Server: 10.100.10.2:25 To: secret@secret.com
SMTP ID: M2004101915495029065 Connection ID: 3865 Last Response: 250 Message accepted for delivery
19-Oct-2004 15:49:57 Action: Disconnected Server: 10.100.10.2:25 Connection ID: 3865
Info: Cached
19-Oct-2004 15:49:57 Action: Message Processing Completed Client: IP.IP.IP.IP SMTP ID: M2004101915495029065
Your log excerpt shows only 1 mail - so what exactly is the problem ?
On the Domino server, enable the full level of mail logging. You can do this through a notes.ini setting (see in the Configuration document, the setting is there - it's log_mail or something).
cheers,
Tom
On the Domino server, enable the full level of mail logging. You can do this through a notes.ini setting (see in the Configuration document, the setting is there - it's log_mail or something).
cheers,
Tom
ASKER
Hi
10.100.10.2 is the IP-address of my Domino-server. Spenst is the name of the Symantec SMTP Server in my DMZ. And for the record, noticed the time on the Domino-server and the SMTP-server differs with 21 minutes. The Domino-server is 21 minutes earlier than the SMTP-server.
Here is some Notes log extract:
MISC-LOG:
19.10.2004 15:24:32 Router: Transferred 1 messages to Spenst (host Spenst) via SMTP
19.10.2004 15:24:32 Router: No messages transferred to Spenst (host Spenst) via SMTP
19.10.2004 15:25:48 Router: No messages transferred to Spenst (host Spenst) via SMTP
19.10.2004 15:25:48 Router: Transferred 1 messages to Spenst (host Spenst) via SMTP
19.10.2004 15:26:14 Router: Transferred 1 messages to Spenst (host Spenst) via SMTP
19.10.2004 15:26:15 Router: No messages transferred to Spenst (host Spenst) via SMTP
19.10.2004 15:26:15 Router: Transferred 1 messages to Spenst (host Spenst) via SMTP
19.10.2004 15:28:00 Router: Transferred 1 messages to Spenst (host Spenst) via SMTP
19.10.2004 15:28:27 Router: Transferred 1 messages to Spenst (host Spenst) via SMTP
19.10.2004 15:28:41 Router: Transferred 1 messages to Spenst (host Spenst) via SMTP
19.10.2004 15:30:35 Router: Transferred 1 messages to Spenst (host Spenst) via SMTP
Mail routing log:
19.10.2004 15:28:00 Router: Transferred 1 messages to Spenst (host Spenst) via SMTP
19.10.2004 15:28:00 Router: Message 0049F98D delivered to Rune Millerjord/Narvik/Narvik kommune
19.10.2004 15:28:05 Router: Message 0049F9CA transferred to Spenst for chriliepelt@hotmail.com via SMTP
19.10.2004 15:28:06 SMTP Server: 62.176.195.177 disconnected. 1 message[s] received
19.10.2004 15:28:06 SMTP Server: 62.176.195.177 disconnected. 1 message[s] received
19.10.2004 15:28:12 Router: Message 0049FF4C delivered to Willy Wøllo/Narvik/Narvik kommune
19.10.2004 15:28:24 Router: Transferring mail to domain Spenst (host Spenst [62.176.195.177]) via SMTP
19.10.2004 15:28:26 Router: Message 0049E144 delivered to Eva Kristin Johnson/Narvik/Narvik kommune
19.10.2004 15:28:27 Router: Transferred 1 messages to Spenst (host Spenst) via SMTP
As you can see of the MiscEvents-log I don't have enabled the full level of mail logging.
I have now enabled it using the Mail_Log_To_MiscEvents=1 in Notes.ini, and restartet the server.
Thanks to all of you, so far!
-Rune-
10.100.10.2 is the IP-address of my Domino-server. Spenst is the name of the Symantec SMTP Server in my DMZ. And for the record, noticed the time on the Domino-server and the SMTP-server differs with 21 minutes. The Domino-server is 21 minutes earlier than the SMTP-server.
Here is some Notes log extract:
MISC-LOG:
19.10.2004 15:24:32 Router: Transferred 1 messages to Spenst (host Spenst) via SMTP
19.10.2004 15:24:32 Router: No messages transferred to Spenst (host Spenst) via SMTP
19.10.2004 15:25:48 Router: No messages transferred to Spenst (host Spenst) via SMTP
19.10.2004 15:25:48 Router: Transferred 1 messages to Spenst (host Spenst) via SMTP
19.10.2004 15:26:14 Router: Transferred 1 messages to Spenst (host Spenst) via SMTP
19.10.2004 15:26:15 Router: No messages transferred to Spenst (host Spenst) via SMTP
19.10.2004 15:26:15 Router: Transferred 1 messages to Spenst (host Spenst) via SMTP
19.10.2004 15:28:00 Router: Transferred 1 messages to Spenst (host Spenst) via SMTP
19.10.2004 15:28:27 Router: Transferred 1 messages to Spenst (host Spenst) via SMTP
19.10.2004 15:28:41 Router: Transferred 1 messages to Spenst (host Spenst) via SMTP
19.10.2004 15:30:35 Router: Transferred 1 messages to Spenst (host Spenst) via SMTP
Mail routing log:
19.10.2004 15:28:00 Router: Transferred 1 messages to Spenst (host Spenst) via SMTP
19.10.2004 15:28:00 Router: Message 0049F98D delivered to Rune Millerjord/Narvik/Narvik kommune
19.10.2004 15:28:05 Router: Message 0049F9CA transferred to Spenst for chriliepelt@hotmail.com via SMTP
19.10.2004 15:28:06 SMTP Server: 62.176.195.177 disconnected. 1 message[s] received
19.10.2004 15:28:06 SMTP Server: 62.176.195.177 disconnected. 1 message[s] received
19.10.2004 15:28:12 Router: Message 0049FF4C delivered to Willy Wøllo/Narvik/Narvik kommune
19.10.2004 15:28:24 Router: Transferring mail to domain Spenst (host Spenst [62.176.195.177]) via SMTP
19.10.2004 15:28:26 Router: Message 0049E144 delivered to Eva Kristin Johnson/Narvik/Narvik kommune
19.10.2004 15:28:27 Router: Transferred 1 messages to Spenst (host Spenst) via SMTP
As you can see of the MiscEvents-log I don't have enabled the full level of mail logging.
I have now enabled it using the Mail_Log_To_MiscEvents=1 in Notes.ini, and restartet the server.
Thanks to all of you, so far!
-Rune-
I don't know if the time difference could be the source of all trouble. You could at least try to synchronize all your servers with some internet-clock. Make the Spenst-server listen to an Internet-clock, and make the Domino-server listen to the time on the Spenst-server. There are lots of reliable time-servers on the Internet, so synchronization shouldn't be a problem. On Linux, see ntp and /etc/ntp.conf
On Windows 2000, ntp protocol is also standard. Use w32time and the Win 2000 time service counterpart (I forgot what it's called) to configure it.
On Windows NT, you'll have to download a tool to take care of time synchronization.
cheers,
Tom
On Windows NT, you'll have to download a tool to take care of time synchronization.
cheers,
Tom
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What I also find interesting is that within 21 seconds of the two SMTP inbound messages arriving, there are four messages delievered -- two internally (Willy and Eva), and to back to the Symantec server. Can you track down those messages? The internal ines are pretty easy -- you will have the delivery times in the mail file,and you can match the end of the UNID to the message numbers. The other two would involve comparing the information you provided here to the Symantec logs.
Also, log_mail_to_miscevents doesn't do much -- it just put the stuff that is already in Mail Routing Events in Misc Events. You waant to increase the LEVEL of mail logging instead.
19.10.2004 15:28:06 SMTP Server: 62.176.195.177 disconnected. 1 message[s] received
19.10.2004 15:28:06 SMTP Server: 62.176.195.177 disconnected. 1 message[s] received
19.10.2004 15:28:12 Router: Message 0049FF4C delivered to Willy Wøllo/Narvik/Narvik kommune
19.10.2004 15:28:24 Router: Transferring mail to domain Spenst (host Spenst [62.176.195.177]) via SMTP
19.10.2004 15:28:26 Router: Message 0049E144 delivered to Eva Kristin Johnson/Narvik/Narvik kommune
19.10.2004 15:28:27 Router: Transferred 1 messages to Spenst (host Spenst) via SMTP
Also, log_mail_to_miscevents doesn't do much -- it just put the stuff that is already in Mail Routing Events in Misc Events. You waant to increase the LEVEL of mail logging instead.
19.10.2004 15:28:06 SMTP Server: 62.176.195.177 disconnected. 1 message[s] received
19.10.2004 15:28:06 SMTP Server: 62.176.195.177 disconnected. 1 message[s] received
19.10.2004 15:28:12 Router: Message 0049FF4C delivered to Willy Wøllo/Narvik/Narvik kommune
19.10.2004 15:28:24 Router: Transferring mail to domain Spenst (host Spenst [62.176.195.177]) via SMTP
19.10.2004 15:28:26 Router: Message 0049E144 delivered to Eva Kristin Johnson/Narvik/Narvik kommune
19.10.2004 15:28:27 Router: Transferred 1 messages to Spenst (host Spenst) via SMTP
ASKER
Hi Qwaletee.
First one question, how do I increase the level of mail logging??
About the mail routing log, as far as I can see from the different logs, one of the two mails received from the SMTP server in the DMZ at 15:28:06 is the one that have disappeared.
The internal mails might have come internally, it does not have to come from the SMTP server in the DMZ.
-:Rune:-
First one question, how do I increase the level of mail logging??
About the mail routing log, as far as I can see from the different logs, one of the two mails received from the SMTP server in the DMZ at 15:28:06 is the one that have disappeared.
The internal mails might have come internally, it does not have to come from the SMTP server in the DMZ.
-:Rune:-
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello everyone
I have managed to sync the clock, and to change the logging level for mail.
Now I just have to wait and see if some mail is missing, will check the log on monday.
Does anyone have an idea what I should look for?? As I mentioned, this is random!! An many users may have lost an email without knowing it!
Thanks to all of you, so far.
-:Rune:-
I have managed to sync the clock, and to change the logging level for mail.
Now I just have to wait and see if some mail is missing, will check the log on monday.
Does anyone have an idea what I should look for?? As I mentioned, this is random!! An many users may have lost an email without knowing it!
Thanks to all of you, so far.
-:Rune:-
It's like looking at a black hole in the universe: you know it's there but you can see nothing. You could set up some service to send lots of mails, say every minute (marked), to your own address or a test-address. If you miss one, then start checking.
One more question: have any INTERNAL mails gone missing, or are only EXTERNAL mails (that passed the DMZ SMTP server) untraceable? By the way, do your internal users send SMTP-mails to the Domino-server directly?
I think we're in the same timezone (CET+1), so you've been at it quite late as well.
*Yawn* Bye for today!
One more question: have any INTERNAL mails gone missing, or are only EXTERNAL mails (that passed the DMZ SMTP server) untraceable? By the way, do your internal users send SMTP-mails to the Domino-server directly?
I think we're in the same timezone (CET+1), so you've been at it quite late as well.
*Yawn* Bye for today!
ASKER
Good Morning Sjef!
I know some Internal mails have disappeared as well, but not in quite a while. But at that time I just thought it was a user error.
But when the second and third mentioned missing mails, I started searching. But I couldn't find anything in the logs. Now I see much info in the logs, so I will think I can find something next time someone is missing a mail.
I will create an agent on my Notes client at home that sends mail to my test account every minute.
And by the way, no internal USERS send SMTP-mail to the Domino, but I have some applications and equipment that do!
-:Rune:-
I know some Internal mails have disappeared as well, but not in quite a while. But at that time I just thought it was a user error.
But when the second and third mentioned missing mails, I started searching. But I couldn't find anything in the logs. Now I see much info in the logs, so I will think I can find something next time someone is missing a mail.
I will create an agent on my Notes client at home that sends mail to my test account every minute.
And by the way, no internal USERS send SMTP-mail to the Domino, but I have some applications and equipment that do!
-:Rune:-
Don't forget to turn on MTC, as it is a spearate mail logging system with much greater detail. (However, since it operates "at a distance" to the core logging facilities, it may not include info on teh missing messages... still, if it does, it will provide more info than the basic logging, no matter what level you tur it up to.)
Finally, if you have R6, you can tunr on mail journaling, so that you keep a copy of every message that passes through the router.
Finally, if you have R6, you can tunr on mail journaling, so that you keep a copy of every message that passes through the router.
ASKER
Hi everyone
Now I have come one step ahead.
First I want to remind you my Domino-server is running version 5.0.8!!
I have found I mail that is missing, and now I found it in the Notes-log too. And it looks like this:
27.10.2004 11:16:52 Router: Message 0032FB71 for CN=Bjørn Selnes/OU=Narvik/O=Narvik kommune deleted by mail rule filter
27.10.2004 11:16:52 Router: Message 0032FB71 delivered to Bjørn Selnes/Narvik/Narvik kommune from hans.skoglund@funn.no OF216F5057:807A26FA ONC1256F3A:0032FB71 Size: 5K Hop Count: 1
But as far as I know i don't have any mail rule filters. How can I set a mail rule filter?? And why does it say delivered?? It sure isn't delivered!!
Now I think we have come pretty near the bottom of this. HELP!!
-:Rune:-
Now I have come one step ahead.
First I want to remind you my Domino-server is running version 5.0.8!!
I have found I mail that is missing, and now I found it in the Notes-log too. And it looks like this:
27.10.2004 11:16:52 Router: Message 0032FB71 for CN=Bjørn Selnes/OU=Narvik/O=Narvik kommune deleted by mail rule filter
27.10.2004 11:16:52 Router: Message 0032FB71 delivered to Bjørn Selnes/Narvik/Narvik kommune from hans.skoglund@funn.no OF216F5057:807A26FA ONC1256F3A:0032FB71 Size: 5K Hop Count: 1
But as far as I know i don't have any mail rule filters. How can I set a mail rule filter?? And why does it say delivered?? It sure isn't delivered!!
Now I think we have come pretty near the bottom of this. HELP!!
-:Rune:-
ASKER
Hi again.
I have searched the log for similar occurencies today, and I have found 10 deleted mails.
Please don't tell me this mail rule filter is implemented on the client mailbox, a setting the user have set himself!! If it is, somebody is going to lose their balls!!
The reason I ask this question is because the deleted mails are tried delivered to 2 different users, and both have implemented a pretty long list of rules to avoid spam manually. And as we all know, spam filters may eat a little more than they should.
Maybe the mystery is solved......
-:Rune:-
I have searched the log for similar occurencies today, and I have found 10 deleted mails.
Please don't tell me this mail rule filter is implemented on the client mailbox, a setting the user have set himself!! If it is, somebody is going to lose their balls!!
The reason I ask this question is because the deleted mails are tried delivered to 2 different users, and both have implemented a pretty long list of rules to avoid spam manually. And as we all know, spam filters may eat a little more than they should.
Maybe the mystery is solved......
-:Rune:-
> Please don't tell me this mail rule filter is implemented on the client mailbox, a setting the user have set himself!! If it is, somebody is going to lose their balls!!
Make him go to the sperm bank first!
Most likely the mystery is solved :)
Make him go to the sperm bank first!
Most likely the mystery is solved :)
I would say you've got it!
It would probably be better if instead of deleting, they moved such messages to a spam folder, so they could at least check what's moving through there once in a while.
I believe soft deletios would not help you here, because I think the rule deletes the document before it even arrives nto teh mail database, so it is not soft deleted, it is simply not delievered. (The router says it was delivered, because it was handed off to the router dlievery code, and the logging is not that granular).
It would probably be better if instead of deleting, they moved such messages to a spam folder, so they could at least check what's moving through there once in a while.
I believe soft deletios would not help you here, because I think the rule deletes the document before it even arrives nto teh mail database, so it is not soft deleted, it is simply not delievered. (The router says it was delivered, because it was handed off to the router dlievery code, and the logging is not that granular).
And around the time of the logged mail, there are no entries in the Notes-log? Do you have an extract of the Miscellaneous log for us? Is 10.100.10.2 the IP-address of the Domino-server?
I've never seen mail going missing without at least leaving a trace...