?
Solved

Default SMTP Virtual Server & Smart Host

Posted on 2006-04-05
9
Medium Priority
?
599 Views
Last Modified: 2013-11-15
Ok, this may be a little confusing.

Company has 8 exchange servers throughout states.  We have one LOCAL server called "MAIL" which has GFI Essentials installed on it.  It also has IIS installed and running and under Default SMTP Virtual Server, it has "Mail - as local" + two other domains (as remote) Domain1 & Domain2 (it's just two variations of our domain name) as virtual servers.

Under "Mail" all that is set up is a DROP directory.
1st domain has allow incoming mail to be relayed to this domain & forward all mail to smart host (10.x.x.x)
2nd domain - same settings.

Now on our truly MAIN Exchange Server - Domain1, all the 8 Exchange servers are listed.  Under Default SMTP Virtual Server there is no information entered there.  And Domain1 IS the Smart Host.

We have a user who has been receiving the same email message over and over again, and so I contacted the dept of the company he's receiving from, and according to him, in his message tracking for that particular email message there is an error stating -> error transferring to "Mail" SMTP protocol returned permanent error.

All Queues have been  checked, everything has been checked and none of us can figure out what's going on.

Any suggestions?
0
Comment
Question by:mdmcq5
  • 6
  • 3
9 Comments
 

Author Comment

by:mdmcq5
ID: 16386688
This is Exchange 2003, not Groupware...wrong area?
0
 

Author Comment

by:mdmcq5
ID: 16386692
I meant Outlook 2003.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16391174
That is usually caused by a firewall or other product interfering with the SMTP traffic. The Cisco PIX is notorious for doing this. Therefore the first to check is your firewall, to see whether it has any of kind of SMTP scanning facility enabled. If it does, turn it off.

Simon.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:mdmcq5
ID: 16392485
Cisco checked and there's no enabling (mail guard).
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16392831
You have to then look at what else could be interfering with the SMTP traffic flow. Antivirus and antispam applications have also been known to cause these sorts of problems.

This is a pure SMTP problem - it isn't even getting to your Exchange servers.

Simon.
0
 

Author Comment

by:mdmcq5
ID: 16412444
OK, if it is an SMTP problem, then it must be occurring at the server which has our Spam filtering software installed - GFI.  All emails run through this server before being passed onto our main exchange server; which then passes it to whatever state server it needs to be delivered.

I don't know where to begin.  I've looked all throughout the GFI Essential GUI and can't find jack about anything.  It appears as though there's hardly anything set up other than the black and whitelist, and passing through it then to our smarthost (Domain1).  When I look through the GFI folders, the only folder that ever has any information is the queue folder where the .eml mails are being processed and I can see them disappearing one by one, but there are no logs here or anywhere on this server.

If I go to Domain1 and look into the log in the Exchsrvr folder, and open the text document, it's so jumbled it's hard for me to determine which line corresponds to what, for me to even see an event# of maybe 10 for delivered or 1015 for the NDR.  Is there an easier way/program to open these log files in so I can read them more clearly? Excel?

I'm pretty sure these reports are tab-delimited? or is there a program available that will sort logs into the correct columns and rows?

Another thing that is odd is NDR reports has been disabled on all the servers, so the users don't receive the message their email was undelivered; these have been directed to an IT email address.  But, somehow one of our internal users called the other day saying her received a rejected email from someone w/in our own domain.  How could that be if that feature is turned off?

I know I can keep track of the NDR's and the one's which aren't marked as SPAM - feature setup w/in GFI, I can go into Message Tracking for the message Subject to find out the sender, b/c the NDR only states from Sys Admin, but that seems like it's the long way.  Is there a shorter way?

And is there a way to have the NDR specify, who the sender of the email was?

Here's one in the IT emails:
From: System Administrator
Sent: Friday, April 07, 2006 4:06 PM
To: ithelpdesk@domain.com
Subject: Undeliverable:[domain.com #7261] New project directory

Your message did not reach some or all of the intended recipients.

      Subject:  [domain.com #7261] New project directory

      Sent:     4/7/2006 4:06 PM

The following recipient(s) could not be reached:

      ithelpdesk@domain.com on 4/7/2006 4:06 PM

The e-mail account does not exist at the organization this message was sent to.  Check the e-mail address, or contact the recipient directly to find out the correct address.
<domain1.domain.com #5.1.1>

And actually the ithelpdesk email address does exist.
Lately when we've been having these issues, we go to Domain1 and stop and then restart the virtual server of the location, and that appears to resolve the problem.

What's going on, Sembee?
0
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 16412527
If you think the problem is with GFI, then you only have one option - and that is to rip it out. Disabling it is no good, it has to come out completely.
Applications like GFI ME plugin to the SMTP stack and have a habit of getting corrupted. Their product isn't alone in doing that - almost every product I have seen that connects to SMTP will at one time or another need to be removed and reinstalled. Before you go about reinstalling the product you have to see whether the problem has been resolved by removing it. If that causes pain because it allows spam to come in, you will have to live with that. You don't have any choice.

NDRs can be generated by any SMTP server en-route. Exchange doesn't always pick them up in the right way, and the message will come back in a slightly different format.
I don't actually agree with blocking NDRs or stopping users from receiving the messages. It increases the management overhead of the Exchange administrators. If there is a problem the users will very quickly flag it up to the IT staff. The key is ensuring that the IT staff, particularly first line help desk, don't try and brush it away, but treat the message correctly, even if it is to dismiss it as normal. Users need to be encouraged to report problems as it can be difficult for the IT people to spot them first.

You cannot tell what address the NDR is from because it is just a copy of a message designed to go to the originator.

Simon.
0
 

Author Comment

by:mdmcq5
ID: 16413992
I'm not in charge of the GFI or the settings of the NDRs, we have a "Security Admin" who has set certain features to his experience; whether they're right i have no idea, but he'll point out, he's got 6 certification titles behind his name.

Uninstalling GFI and reinstalling would cause a mass of SPAM to come in, so i'll have to pass this info on to my manager and let him know that some settings and configurations just aren't set to be beneficial to the company or IT dept.

Thanks for you input, I'll keep you posted.
0
 

Author Comment

by:mdmcq5
ID: 16566926
It's been so long since I checked this posting.  I had done something one day to the exchange server and then the guy stopped receiving the emails.

Ok, i just looked.  The only thing I did was to stop and restart the service on that exchange server, and the user stopped receiving the duplicate emails.  I don't know whether that was what corrected the problem; whether it corrected itself, or whether it was a GFI error and it worked itself out.

So, far GFI has been nothing but a pain.

Then the Security Admin ran some updates on GFI and noone has had problems ever since.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question