Solved

Messages hang in the SMTP queue in Exchange System Manager - An SMTP protocol error has occurred

Posted on 2007-04-10
4
714 Views
Last Modified: 2010-04-09
How do I disable application layer filtering of SMTP traffic on my PIX firewall from the PDM?  I need to do this in order to fix a problem where outbound emails through Microsoft Exchange 2003 sits in the SMTP queue and then comes back with an error message, "An SMTP protocol error has occurred."

Some of the email goes out fine, but depending on the domain name, it may or may not sit in the queue and never get delivered.
0
Comment
Question by:cullendrea
  • 2
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
Comment Utility
With a PIX, there are a couple of issues that can cause this. Assuming you are running PIX 6.3x....
1 - smtp fixup. Did you disable this?
  no fixup protocol smtp
2 - outbound IP address. Is your exchange server's outgoing IP address the same as the inbound/MX record IP address?
 Example YES:
 static (inside,outside) <public ip> <private ip> netmask 255.255.255.255
 Example NO:
 global (outside) 1 interface
 nat (inside) 1 0 0 0
 static (inside,outside) tcp <MX public ip> smtp <private ip> smtp netmask 255.255.255.255

In the first example, all traffic both inbound and outbound from the server is bound to the same public IP. In the second example, inbound smtp traffic comes in to the MX public ip, but outbound email goes out as a dynamic xlate using the global ip address. Some upstream servers will not accept email coming from a different IP address than it finds with a MX record lookup for your domain.

3 - DNS fixup. Did you increase the dns size from default 512 to something bigger like 1024?
  fixup protocol dns maximum-length 512  <== Default
  fixup protocol dns maximum-length 1024 <== change to this

4 - If you are not using the latest PIX 6.3x OS, there are some bugs in the fixups. 6.3(1) is particularly buggy. Suggest updating to at very least 6.3(5) as most recent, most stable version.
5 - If you are using PIX 7.x OS, same issues with DNS inspect and the new esmtp inspect, same issue with inbound/outbound IP address differences..
0
 

Author Comment

by:cullendrea
Comment Utility
Thank you for the suggestions.

I logged into the PIX and ran:
no fixup protocol smtp

The Exchange Server's outgoing IP address is different than the inbound MX record IP, but the nat rule and static commands had previously been run.

I did increase the DNS size to 1024 which helped with most but not all of the SMTP message queues.

The PIX OS is 6.3.4.

I still have the same problem only with wending to two different domain names now.
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Progress is good, no?

>The Exchange Server's outgoing IP address is different than the inbound MX record IP,
As long as this is true, you will always have certain domains that simply will not accept email from you.
What does the current global/nat/static look like now?

>The PIX OS is 6.3.4
No big issues with this OS, but I'd still go ahead and upgrade to 6.3(5) if possible
0
 

Author Comment

by:cullendrea
Comment Utility
The rest of the messages cleared out of the queue after a short period of time.  It sounds as if changing the maximum length of the fixup protocol for dns fixed it.  Thank you for your help.
0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now