• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1379
  • Last Modified:

Some emails are not getting to our users - "...unable to connect successfully to the destination mail server"

I have a user who is claiming that his wife can no longer send him emails (as of a couple weeks ago).  He also claims that one of our larger customers cannot send him and another person emails any longer too.  Today, he got an email for another person that said he had been trying to send him an email from last Thursday or Friday, and he got the following response:

Subject: Delivery Status Notification (Failure)

This is an automatically generated Delivery Status Notification.

Unable to deliver message to the following recipients, due to being unable to connect successfully to the destination mail server.
                   "our users email address"

Obviously, the message this person sent today was sucessfull, but I asked if his wife could try to send another email to him again, and she is still having the same problem.  His wife's email domain is @cox.net.  I happen to also have a @cox.net email for personal use, and I was successfully able to email him yesterday.

My question is, I really don't know where to start troubleshooting this problem.  I assume I need go into my exchange server system manager, but not sure where to start looking.  Maybe there are also Internet tools I can use to test.  Any help would be much appreciated!!!

Jeff
0
jbobst
Asked:
jbobst
  • 15
  • 13
  • 11
  • +1
3 Solutions
 
r-kCommented:
You can start with a test from: http://www.dnsreport.com/

Try both the DNS test and the Mail test.
0
 
mkumar23Commented:
1) Can you check, if your user's wife and other people can send you email successfully?
2) Also check your SMTP gateway server closly on www.DNSstuff.com and www.DNSreport.com.
3) You check by telnet sender server on post 25.
0
 
ExchgenCommented:
How is you network topology?

Every NDR will have an error code, what is it?

Looks like a DNS issue, check with your ISP if all is fine at their end.

Please provide me inputs on the type of firewall you have.

Raghu
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
jbobstAuthor Commented:
mkumar23:
The DNSreport came back pretty good...there were a few problems; mainly that I don't have a postmaster or abuse account accepting mail, along with no SPF record and I get the following warning message:

WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.

MAIL.acoustictech.com claims to be host exchange.acoustictech.com [but that host is at 205.178.145.65 (may be cached), not 168.158.217.34].

Exchgen:
My network topology is, a single primary domain controller (Windows 2003 standard server), a single Exchange 2003 server (running windows 2003 server), about 40 client machines.  There actually isn't an error code on the email response from an outside client...it was exactly as I typed it in the original question.  My ISP is pretty useless and they see nothing wrong, but claim no responsibility for email issues.  Our web hosting company is Network Solutions, and they say everything is fine too.  Our firewall is a Sonicwall 2040...with Standard OS.
0
 
mkumar23Commented:
Step 1:  Try connecting to the following mailserver:
         MAIL.acoustictech.com - 168.158.217.34

Step 2:  If still unsuccessful, queue the E-mail for later delivery.

0
 
mkumar23Commented:
Getting MX record for 168.158.217.34 (from local DNS server, may be cached)...   Received an NXDOMAIN response.

This means that the 168.158.217.34 domain does not exist!  No mail can be sent to it.
0
 
mkumar23Commented:
Getting MX record for 205.178.145.65 (from local DNS server, may be cached)...   Received an NXDOMAIN response.

This means that the 205.178.145.65 domain does not exist!  No mail can be sent to it.


MAIL.acoustictech.com is your mail domain?
0
 
jbobstAuthor Commented:
When you say try connecting, how do I connect?

The 168.158.217.34 address is the static address at our office location...our firewall forwards inbound mail traffic to our exchange server, internally.  Our domain name is hosted by our web hosting company...the mail.domainname.com part of it is forwarded to our office...where our exchange server resides.

Does that help out any?
0
 
ExchgenCommented:
Is sonic running any type of antispam check or do you have any box doing that?

Have you configured connection filtering and RBL to block spam?


You know what...

I tried nslookup and then typed set q=mx

typed acoustictech.com

and you know what my DNS server timed out..

tried again and it timed out.

and again it gave me;

Non-authoritative answer:
acoustictech.com        MX preference = 10, mail exchanger = mail.acoustictech.c
om

mail.acoustictech.com   internet address = 168.158.217.34

i changed server to point to 4.2.2.2

typed acoustictech.com;

and you know what.... DNS timed out...

and it gave me the result the third time...

Now i am somewhat confident that you have a DNS issue.

Why not try calling your ISP and fire them on why this is happening...

or networksolutions???

Raghu



0
 
jbobstAuthor Commented:
mail.acoustictech.com is forwarded to the 168.158.217.34 address...which is our office.  Acoustictech.com is our main domain name, yes.  The mail.acoustictech.com is what our hosting company provides us, is assume, and we forward that to our office.
0
 
ExchgenCommented:
we are currently not bothered about outbound... since we are having inbound issue...

The nslookup point is something i would want you to check out.. :)

Raghu
0
 
mkumar23Commented:

C:\>telnet mail.acoustictech.com 25
Connecting To mail.acoustictech.com...Could not open connection to the host, on
port 25: Connect failed

see the telnet responce, Ask your ISP to check this as this is noting but some DNS issue on ISP side.
0
 
jbobstAuthor Commented:
I believe that the telnet service is not allowed through my firewall.  But would that restrict email from coming through?  Other than a VERY few examples, I and every other employee have been getting email all the time...  Email still gets to us, it's just two or three potential customer's/wifes of employees.
0
 
ExchgenCommented:
I guess this is an indication of a bigger issue or an intermittent issue that will goo off soon...

As Mkumar said and i told u earlier its a DNS issue at the ISP end.

Raghu
0
 
r-kCommented:
"telnet mail.acoustictech.com 25"

This works fine when I try it. I would guess that when mkumar tried it, port 25 must be getting blocked by his own ISP.
0
 
r-kCommented:
"I believe that the telnet service is not allowed through my firewall"

Yes, you are thinking of the normal Telnet service, on port 23.
Telnet to port 25 must be open if you're receiving some emails.
0
 
mkumar23Commented:
That seems to a possiable reason why he sometime receives email and sometime he don't. This this can be answered only by his ISP.
0
 
mkumar23Commented:
You must turn to Hard with your ISP to get this problem resolve.
0
 
jbobstAuthor Commented:
Should I be worried that people can telnet to my port 25?  I still don't quite understand the DNS thing....  Let me try and explain what I am understanding.

My hosting provider, forwards anything going to mail.acoustictech.com to my public IP address...for some reason, a few emails are not coming through to me, because my ISP is not forwarding them correctly?

Sorry, for my ignorance, but I really appreciate the help so far!
0
 
jbobstAuthor Commented:
Should I be looking to my ISP or my hosting provider?  My ISP simply provides my office with Internet service, and a block of public addresses.  They do not host our email or our web site.
0
 
r-kCommented:
"Should I be worried that people can telnet to my port 25?"

No, that is normal. If you block that, all email will stop.

So far I am not seeing anything that explains the problem. The nslookup from here works every time and returns reasonable results. The Telnet to port 25 is also working.
0
 
mkumar23Commented:
Your email host receives email from Internet for you and forward them to you.

Your email host receives these email for your on "MAIL.acoustictech.com" at port 25.

If we are not able (some time able to) to telnet "MAIL.acoustictech.com" on port 25, it means your mail provider is not accepting the emails some time.
0
 
jbobstAuthor Commented:
mkumar23

When you say "our mail provider", is that our hosting company who simply forwards the email on to our IP address or are you specifically referring to our inhouse exchange server?
0
 
mkumar23Commented:
I can also telnet the server now.
0
 
r-kCommented:
"If we are not able (some time able to) to telnet "MAIL.acoustictech.com" on port 25, it means your mail provider is not accepting the emails some time."

mkumar: as I said above, it is almost for sure that outbound port 25 is being blocked by your own ISP, not by jbobst's ISP. many ISP's block outbound port 25 to limit spam. This has no bearing on the current problem.

I have no difficulty connecting to mail.acoustictech.com on port 25, so there is no problem there.
0
 
mkumar23Commented:
your hosting company
0
 
r-kCommented:
"I can also telnet the server now."

mkumar: are to able to telnet to port 25 now? If so, that would suggest a network problem that makes the mail delivery intermittent.
0
 
ExchgenCommented:
Myself, r-k, mkumar all of us are trying to drive the point that the DNS query to your domain is intrmittent. Hence we have started experiencing mailflow issue.

I feel you should start with the hosting company ad ask them if they are facing any DNS issues. If they come out clean (after an answer you can really believe) turn to your ISP.

Happy grilling!!! get them and fix the issue... :)

Raghu
0
 
jbobstAuthor Commented:
I have a bunch of items in my "queues" folder on my exchange server.  Are these messages queued up to be sent or received?
0
 
ExchgenCommented:
i am sure its messages that need to be sent...

If you find messages in local delivery or directory lookup it can contain inbound also..

Raghu
0
 
r-kCommented:
Actually, I am not sure where the problem is. I have no trouble at any time in doing nslookup on that domain, nor with telnet to port 25.
We can guess that there is a network or dns problem, but not much evidence so far. The test at dnsreport.com seems to succeed.
mkumar reports a problem with telnet to port 25 but that could be due to other reasons.
Exchgen: your report of a problem with nslookup is the most interesting so far. Can you repeat that carefully checking for spelling errors etc.?
I get no errors with nslookup. As a test you can try nslookup on some other well known domain to rule out local problems.
0
 
ExchgenCommented:
i am sitting in office at this point!!! and connected via 4 T1 lines....

DNS is perfect at my end.... i can resolve the world...

Spelling mistake not possible coz i copied it from here....

The issue happens only once where we are not able to resolve the domain MX....

Change server the issue is replicated. Check the output below;

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\USER>nslookup
Default Server:  server.mydomain.com
Address:  202.81.131.6

> set q=mx
> acoustictech.com
Server:  server.mydomain.com
Address:  202.81.131.6

Non-authoritative answer:
acoustictech.com        MX preference = 10, mail exchanger = mail.acoustictech.c
om

mail.acoustictech.com   internet address = 168.158.217.34
> server 4.2.2.3
Default Server:  vnsc-lc.sys.gtei.net
Address:  4.2.2.3

> acoustictech.com
Server:  vnsc-lc.sys.gtei.net
Address:  4.2.2.3

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to vnsc-lc.sys.gtei.net timed-out
>


I guess the above explains a lot.... "vnsc-lc.sys.gtei.net" is not my DNS server.

Raghu
0
 
jbobstAuthor Commented:
I have been looking at my Exchange Server Queues, and there are a bunch of message stuck in there that are trying to be sent to two of my users...the main two that are complaining of not getting all their mail.  In fact the one user who can't receive emails from his wife actually has an email in there from his wife's account.  It has been sitting there in the queue for a few days not (in addition to a few other spam type of emails to this particular user).  I have tried to read up some about how to decipher why emails are stuck in these queues, but I am very confused about what is happening.  For example, this one user, that seems to have the most messages built up in the queues, still receives plenty of emails each day...so email ARE getting to him.  In addition, this problem about not getting emails from his wife's account is only when she sends him email.  I asked her to send me a test email and copy his account.  I got the email just fine, but he never did.

Are the queues going to help me with troubleshoot, or are they just there for informational purposes?  Does Exchange have any sort of way to tell me why these emails are being stuck in a queue?

Thanks.
0
 
mkumar23Commented:
Why don't you try to enable/increase diagnostic logging on Exchange Transport?

It will give you more events in event logs.

do post them here they will help understanding the situation better.
0
 
jbobstAuthor Commented:
I found the Diagnostics Logging tab, and I am not sure which services to monitor.  I picked the MSExchangeTransport server, and picked all the categories in there to be monitored.  Should I pick additional services and categories to monitor?  How or where do I see the results of the logging?
0
 
r-kCommented:
Turn on "Message Tracking" as described here:

 http://www.amset.info/exchange/message-tracking.asp
 http://www.windowsitpro.com/Article/ArticleID/16006/16006.html?Ad=1

Also, do you have some sort of spam filter or AV filter installed? Those are the common reasons for such problems.
 
0
 
mkumar23Commented:
you have selected the correct option, however keep in mind that it going to fill your event log like anything depending on the dignostic level you have seleted.

keep a close look, send the log information as you get them.
0
 
jbobstAuthor Commented:
You are right about it filling my event log.  There is a ton of stuff in there now.

Here is example of one of the warning messages I am not getting:

Source:  MSExchangeTransport
Category:  Exchange Store Driver
Event ID: 327
Type:  Warning

The following call : EcLocallyDeliverMsg to the store failed. Error code : -2147221240 (Message-ID <AT-EXCHANGEKRuYDlrj000004d0@exchange.acoustictech.com>). MDB : ff40d452-a1db-42a6-8cf7-600f609bc093. FID : . MID : . File : E:\exchsrvr\Mailroot\vsi 1\Queue\NTFS_68cc2f1f01c68ae200002e8f.EML.

For more information, click http://www.microsoft.com/contentredirect.asp.


0
 
jbobstAuthor Commented:
Here is another:

Source:  MSExchangeTransport
Category:  SMTP Protocol
Event ID:  7004
Type:  Error

This is an SMTP protocol error log for virtual server ID 1, connection #1. The remote host "216.224.225.18", responded to the SMTP command "mail" with "501 bogus mail from  ". The full command sent was "MAIL FROM:<>  ".  This will probably cause the connection to fail.

For more information, click http://www.microsoft.com/contentredirect.asp.
0
 
r-kCommented:
The 327 error is the more interesting one. According to:

 http://support.microsoft.com/default.aspx?scid=kb;en-us;q319682

restarting the server will fix it temporarily. A patch is also available.

I would also run MBSA and apply any known Exchange patches first.
0
 
ExchgenCommented:
If you have any AV  / spam filter / disclaimer software... First stop and disable services and then reboot the server... Check if there is any change in the situation..

If this does not help, uninstall all these software for now, and reboot the system....

If the issue is still not getting fixed, its an indication of mailbox currouption...

You will have to remove PST of these mailboxes using exmerge, delete them and recreate the mailbox and merge the mailboxes.

Raghu
0
 
mkumar23Commented:
XFOR: SMTP Mail Relay May Stop Working When Using IIS/MCIS SMTP Service and Non-RFC EHLO/HELO Command Format

http://support.microsoft.com/kb/240832/en-us

Though this artical talks about SMTP with 5.5 server, but my understanding says, SMTP concepts were always similer, so spend we min on this artical also.
*************************************
Messages remain in an outbound queue until a non-delivery report is generated when you send e-mail to a remote domain

http://support.microsoft.com/kb/818222/en-us

regards,

manoj
0
 
jbobstAuthor Commented:
I think I need to start back at the beginning here.  Basically, I am trying to just figure out my message queues in Exchange.  When I display the queues, I have about 16 actives queues, although only 4 of the queues actually have messages in them (I am not sure why the other queues show up if they don't have any messages waiting to go out or get delivered).  Three of the queues that have messages only have one message each in the queue.  The strange thing is, the messages claims to be sent from the postmaster account on my domain.  Why would the postmaster account be sending any messages?  No real person in my organization is sending messages from the postmaster account.  

The fourth queue is the one queue that actually has more than 1 message in it...it acutally has 8 messages in it.  This queue is labled "local delivery" and ALL of the messages in this queue are trying to reach that one particular user that I have been referring to in this thread (the user who can't receive messages from his wife).  This user get's dozen's and dozen's of messages each day, and he is here in the office right now, with his Outlook connected to the exchange server.  So, why are there messages queued up waiting to be delivered to him?  How in the world do I figure out (from the Exchange console, or any other place) why these message aren't being delivered?  Is Exchange that poorly designed that it only TELLS you that is a problem, but doesn't give any clue or indication on why the problem is happening?

Thanks,
Jeff
0
 
ExchgenCommented:
I guess we have a real good explanation provided now...

Issue is one user unable to get email from one internet user.

Jeff the messages with sender as postmaster@yourdomain.com are nothing but NDR. If you open the email in queue viewer, you would find the recipient as some XYZ domain. If the postmaster message is stuck in queue, it means that this is an NDR generated for a domain that might be non-existent domain.

With regards to messages stuck in local delivery, i would ask you to check if you have a contact created in active directory with the email address of the sender (in your case your users wife). If you find this contact just delete it and force the connection in queue.

Raghu
0
 
jbobstAuthor Commented:
Raghu,

Thanks for the clarification on the Postmater NDR's.  Quick question about that...should the server be sending NDR's?  Is that a safe practice?

In regards to the the problem user and the local delivery, I only have one contact record in AD, and it is not the sender of these queue messages.  Since there doesn't appear to be a clear answer about why, or how to figure out why, these messages are stuck in the queue to ONLY this user, I guess I'll start with deleting this user's mailbox and re-creating it.  Can I simply export the user's data to a pst file and then import into the new mailbox?  Or does exmerge have to be used?

Thanks.
Jeff
0
 
jbobstAuthor Commented:
I found the FIX to my email problems last night:

For a few months now, my Exchange Server has been logging error messages in the Event view about Database Corruption.  The specific error is Event ID 447, Source ESE, with the following information:

Information Store (3860) First Storage Group: A bad page link (error -338) has been detected in a B-Tree (ObjectId: 18604, PgnoRoot: 3962053) of database E:\exchsrvr\mdbdata\priv1.edb (3962053 => 3962060, 2781903).

Last night, after my backups finished, I followed KB Article 810190, and did the HARD REPAIR option, since I didn't have a good backup that did not contain the ESE error (I have plenty of backups, just not one without the ESE error).  It took quite a few hours of running the repair command, but in the end, email is now flowing normally, the error hasn't returned, and the problem user that had all the email stuck in the local delivery queue, is receiving email just fine, even from his wife.   The local delivery queue is now empty and not full of messages like it has been.

Thank you to all for your help.  I would like to split the points up to all who assisted in this question, but I unfortunately can't make my own comments the "accepted" answer.  I am not sure how Experts-Exchange handles this sort of situation, but I would like to close this question and give out point to everyone.  I suppose is someone copies this post, and paste's it into their own comment, I can accept this as the answer and split points.

Thanks again,
Jeff
0
 
ExchgenCommented:
Hey just for you information... i would request you to check all your hardware... The situation you have discribed can be due to hardware issues...

Please take offline backups of your database if online backup fails...

Check your hardware leaving no gaps for a hardware failure.

Raghu
0
 
r-kCommented:
That's great to hear. Some link in the database affecting that one user must have gone bad.

By accepting the answer(s) you automatically saved this thread for the future. I imagine anyone reading the whole thread will find the final solution near the bottom.

Thanks and good luck.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 15
  • 13
  • 11
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now