Solved

SBS 2003 server mail siting in the queues

Posted on 2007-03-29
30
568 Views
Last Modified: 2010-08-05
We have SBS 2003 server and yesterday the Exchange stopped sending emails, we can receive fine, but all the outgoing messages are sitting in the queues. Please advise is quite urgent. Thanks in advance.
0
Comment
Question by:jackal077
  • 15
  • 8
  • 5
  • +1
30 Comments
 
LVL 16

Expert Comment

by:AdamRobinson
Comment Utility
Can you check your SMTP Logs (Windows\system32\logfiles\smtpsvc\exsomething.log) for yesterday and today and post any relevant messages (if you have the logging enabled enough)?

When you click on any of the queues, what does it say at the bottom of your Exchange System Manager?

What do your bounceback messages say when you time out?

Do you relay your mail through another ISP in any way?  Is there a chance they've changed their mail server address?  

0
 

Author Comment

by:jackal077
Comment Utility
1. I couldn't find that kind of logs, probably i need to enable them.
2.most of the queues I'm getting - " the connection was dropped by the remote host"
some of them - the remote server did not respond to a connection attempt".
No I don't relay messages through our ISP, I tried that today created SMTP connector but the same results - messages were sitting in one queue.
3.when it bounce i receive
Your message did not reach some or all of the intended recipients.

Subject: Allocated Memory Alert on Sbs server
Sent: 26/03/2007 16:57

The following recipient(s) could not be reached:
  user@yahoo.co.uk on 28/03/2007 17:04
  Could not deliver the message in the time limit specified. Please retry or contact your administrator.
  <domain #4.4.7>
0
 
LVL 16

Expert Comment

by:AdamRobinson
Comment Utility
Have you checked to make sure you're not on any spam lists?  And made sure you have a valid PTR?  Enable your SMTP logging and see what messages are being given on the connection dropped.
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
As you are using SBS you shouldn't be trying to configure things manually. When you created the SMTP Connector did you do it using the internet and email wizard or manually? If manually delete the connector and use the wizard.

Next - have you checked with your ISP to ensure that they are not blocking port 25? ISPs have a habit of doing things without notice, someone may have complained that you are sending spam.

See if you can telnet to any external servers on port 25

telnet maila.microsoft.com 25

If the cursor just sits there, then you have a problem

Repeat with your ISPs SMTP server. If that doesn't work, then the problem is closer to home.

Simon.
0
 

Author Comment

by:jackal077
Comment Utility
I have PTR record, that was working server 2 days ago , and I'm not on any spam list, that was the first thing that i checked.
port 25 is ok - already tested this. I will enable smtp logging and will post the log here
0
 

Author Comment

by:jackal077
Comment Utility
I found that I have been blacklisted with as part of big IP address block here
FIVETENSRC
what should i do. I already sent them email
0
 
LVL 16

Expert Comment

by:AdamRobinson
Comment Utility
What is the reason for your being blacklisted?  If it's an entire IP range, you may have to contact your ISP and let them know what's going on.

0
 
LVL 16

Expert Comment

by:AdamRobinson
Comment Utility
Fivetensrc is also not considered a legitimate reason to block, IIRC
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
If it is a block then you need to speak to your ISP.

Simon.
0
 

Author Comment

by:jackal077
Comment Utility
Hi AdamRobinson: "Fivetensrc is also not considered a legitimate reason to block, IIRC"
my server is listed only with Fivetensrc, that this mean that is actually listed or not.
is this the reason that we cannot send mail or is it somewhere else
0
 
LVL 16

Expert Comment

by:AdamRobinson
Comment Utility
As both Sembee and I have said, if you have a block over an IP range, you should contact your ISP.  I've seen it happen many times, usually when an ISP has clients on a range that are compromise zombies and enough unique IPs in that range get picked up that the entire thing gets zapped by the blacklists.  It's also possible, though less likely, that your ISP has lost the rights to your IP range and had to re-renew them after being listed.  In this case, you may be listed as a bogon IP for quite a while.  

Fivetensrc info can be found here:

http://www.five-ten-sg.com/blackhole.php

Regarding its legitimacy, see here: http://wiki.openrbl.org/wiki/Talk:Five-Ten
Not that best source on earth, but what's said there is valid, and I don't have the time tonight to pull you a more "legitimate' one.

Hope that helps.
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
I would be surprised if that one blacklist is the cause of the problems, unless your ISP is using it themselves.

As I put above, test what you can connect to.

Simon.
0
 

Author Comment

by:jackal077
Comment Utility
Hi sembee I can connect to external servers on port 25.
my ISP smtp.eclipse.co.uk server is also blacklisted there.
What else could be the problem
That is part of the log. At the moment I'm using my ISP mail. but the problem is the same
82.153.251.1 OutboundConnectionResponse SMTPSVC1 SERVER2003 - 25
82.153.251.1 OutboundConnectionResponse SMTPSVC1 SERVER2003 - 25
82.153.251.1 OutboundConnectionCommand SMTPSVC1 SERVER2003 - 25
82.153.251.1 OutboundConnectionCommand SMTPSVC1 SERVER2003 - 25
82.153.251.1 OutboundConnectionResponse SMTPSVC1 SERVER2003 - 25
82.153.251.1 OutboundConnectionCommand SMTPSVC1 SERVER2003 - 25
82.153.251.1 OutboundConnectionResponse SMTPSVC1 SERVER2003 - 25
0
 

Author Comment

by:jackal077
Comment Utility
Is there any temporary solution, because we were already 2 days without email, and we definately had to have the server working tomorrow
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 104

Expert Comment

by:Sembee
Comment Utility
I am a customer of Eclipse as well, and I have just checked my IP address and they appear to have blacklisted that as well.
However I have no problems sending email.

Looks like standard vigilante actions - blacklist the entire subnet to get the ISP to kick off the spammers. That technique died out years ago as it doesn't work.

Can you telnet to smtp.eclipse.net.uk on port 25?

I would be tempted to look closer to home as well. Any AV on the machine particularly if it is Symantec or McAfee, remove it.

I know that Eclipse's SMTP servers don't require authentication, so that isn't the issue.
If you attempt to send email via their email server does the email go?

Simon.
0
 

Author Comment

by:jackal077
Comment Utility
yes i can telnet to smtp.eclipse.net on port 25.
I even send from there test message mail from , rcpt to and so on and everything was ok.
I realy don't understand as everything was working fine. I havent changed anything. No symantec and macafee installed they are crap. I have trend micro installed on my server.
I know i use them (eclipse) as well at home and at another server and i dont have problems sending mail.
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
Start looking closer to home.
AV is always the first culprit, so I would look at remove that. If you can telnet then the connectivity is good.
Have you restarted the SMTP server service recently?

Simon.
0
 

Author Comment

by:jackal077
Comment Utility
even when i relay the mail through eclipse server the queues are sitting there and not going out.
0
 

Author Comment

by:jackal077
Comment Utility
yes i have restarted the server and the service. which logging should i enable so i can see more information
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
You have shown that you have connectivity, so it is something closer to home. If the server was working correctly the queues would be flushed out as all the email would be dumped out to the host.

You have got to start tearing the server apart - start with third party tools, so anti virus, anti spam has got to be removed and the server rebooted. Anything else that could interfere with Exchange has got be removed.

Otherwise you will have to call Microsoft and pay the fee. You could be looking at a corrupt IIS installation, but they will probably suggest the same thing I have - remove the third party tools.

Simon.
0
 

Author Comment

by:jackal077
Comment Utility
ok I'll try that althou what is the cause of that I dont have any error logs in the application log
and everything was working fine. I'll uninstall the AV and if that does not help will restore from previous backup.
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
A backup of what?
If you are simply backing up Exchange then that will not help.
If it is a full system backup, then what are you going to restore?

This is not a data problem, restoring a backup is the last thing I would consider doing. This is something wrong with the system. A backup could actually lose you data.

Simon.
0
 

Author Comment

by:jackal077
Comment Utility
Ok, uninstalling AV didn't help.
when i restarted the server gave me error about the IIS worker process. Could it be something related to that . the problem is definitely with the exchange server couse i setup outlook with the details ot the smtp.eclipse.net.uk and I can send direclty mail.
0
 
LVL 104

Expert Comment

by:Sembee
Comment Utility
This is starting to look like some problems with IIS. You could be looking at a reinstall of IIS and then a reinstall of Exchange on top. It isn't pretty and you might be best asking for assistance from Microsoft.

Simon.
0
 

Author Comment

by:jackal077
Comment Utility
Hi I installed ethereal and sniffed some trafik,
I am getting a lot of TCP retransmission [message body] errosrs and also code 220 after that
also 451 on some of them
0
 

Author Comment

by:jackal077
Comment Utility
Also I noticed that i receive some of the test messages sent, after delay of one day.
0
 

Author Comment

by:jackal077
Comment Utility
I found the problem, it was from the router corrupting the packets, changed it and everything is fine now.
0
 

Author Comment

by:jackal077
Comment Utility
I found the problem by myself. What AdamRobinson and Sembee sugested had nothing to do with the problem. The problem turned out to be hardware problem. The router become faulty and was corrupting the packets. I changed it and everything was OK.
I dont mind splitting the points between them but in this case what they suggested had nothing to do with the solution.

Regards,
Jackal077
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
Comment Utility
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now