Solved

Messages hang in the SMTP queue in Exchange System Manager - An SMTP protocol error has occurred

Posted on 2007-04-10
4
721 Views
Last Modified: 2010-04-09
How do I disable application layer filtering of SMTP traffic on my PIX firewall from the PDM?  I need to do this in order to fix a problem where outbound emails through Microsoft Exchange 2003 sits in the SMTP queue and then comes back with an error message, "An SMTP protocol error has occurred."

Some of the email goes out fine, but depending on the domain name, it may or may not sit in the queue and never get delivered.
0
Comment
Question by:cullendrea
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 18884816
With a PIX, there are a couple of issues that can cause this. Assuming you are running PIX 6.3x....
1 - smtp fixup. Did you disable this?
  no fixup protocol smtp
2 - outbound IP address. Is your exchange server's outgoing IP address the same as the inbound/MX record IP address?
 Example YES:
 static (inside,outside) <public ip> <private ip> netmask 255.255.255.255
 Example NO:
 global (outside) 1 interface
 nat (inside) 1 0 0 0
 static (inside,outside) tcp <MX public ip> smtp <private ip> smtp netmask 255.255.255.255

In the first example, all traffic both inbound and outbound from the server is bound to the same public IP. In the second example, inbound smtp traffic comes in to the MX public ip, but outbound email goes out as a dynamic xlate using the global ip address. Some upstream servers will not accept email coming from a different IP address than it finds with a MX record lookup for your domain.

3 - DNS fixup. Did you increase the dns size from default 512 to something bigger like 1024?
  fixup protocol dns maximum-length 512  <== Default
  fixup protocol dns maximum-length 1024 <== change to this

4 - If you are not using the latest PIX 6.3x OS, there are some bugs in the fixups. 6.3(1) is particularly buggy. Suggest updating to at very least 6.3(5) as most recent, most stable version.
5 - If you are using PIX 7.x OS, same issues with DNS inspect and the new esmtp inspect, same issue with inbound/outbound IP address differences..
0
 

Author Comment

by:cullendrea
ID: 18885210
Thank you for the suggestions.

I logged into the PIX and ran:
no fixup protocol smtp

The Exchange Server's outgoing IP address is different than the inbound MX record IP, but the nat rule and static commands had previously been run.

I did increase the DNS size to 1024 which helped with most but not all of the SMTP message queues.

The PIX OS is 6.3.4.

I still have the same problem only with wending to two different domain names now.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18885303
Progress is good, no?

>The Exchange Server's outgoing IP address is different than the inbound MX record IP,
As long as this is true, you will always have certain domains that simply will not accept email from you.
What does the current global/nat/static look like now?

>The PIX OS is 6.3.4
No big issues with this OS, but I'd still go ahead and upgrade to 6.3(5) if possible
0
 

Author Comment

by:cullendrea
ID: 18885441
The rest of the messages cleared out of the queue after a short period of time.  It sounds as if changing the maximum length of the fixup protocol for dns fixed it.  Thank you for your help.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
This video discusses moving either the default database or any database to a new volume.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question