Solved

Messages hang in the SMTP queue in Exchange System Manager - An SMTP protocol error has occurred

Posted on 2007-04-10
4
718 Views
Last Modified: 2010-04-09
How do I disable application layer filtering of SMTP traffic on my PIX firewall from the PDM?  I need to do this in order to fix a problem where outbound emails through Microsoft Exchange 2003 sits in the SMTP queue and then comes back with an error message, "An SMTP protocol error has occurred."

Some of the email goes out fine, but depending on the domain name, it may or may not sit in the queue and never get delivered.
0
Comment
Question by:cullendrea
  • 2
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 18884816
With a PIX, there are a couple of issues that can cause this. Assuming you are running PIX 6.3x....
1 - smtp fixup. Did you disable this?
  no fixup protocol smtp
2 - outbound IP address. Is your exchange server's outgoing IP address the same as the inbound/MX record IP address?
 Example YES:
 static (inside,outside) <public ip> <private ip> netmask 255.255.255.255
 Example NO:
 global (outside) 1 interface
 nat (inside) 1 0 0 0
 static (inside,outside) tcp <MX public ip> smtp <private ip> smtp netmask 255.255.255.255

In the first example, all traffic both inbound and outbound from the server is bound to the same public IP. In the second example, inbound smtp traffic comes in to the MX public ip, but outbound email goes out as a dynamic xlate using the global ip address. Some upstream servers will not accept email coming from a different IP address than it finds with a MX record lookup for your domain.

3 - DNS fixup. Did you increase the dns size from default 512 to something bigger like 1024?
  fixup protocol dns maximum-length 512  <== Default
  fixup protocol dns maximum-length 1024 <== change to this

4 - If you are not using the latest PIX 6.3x OS, there are some bugs in the fixups. 6.3(1) is particularly buggy. Suggest updating to at very least 6.3(5) as most recent, most stable version.
5 - If you are using PIX 7.x OS, same issues with DNS inspect and the new esmtp inspect, same issue with inbound/outbound IP address differences..
0
 

Author Comment

by:cullendrea
ID: 18885210
Thank you for the suggestions.

I logged into the PIX and ran:
no fixup protocol smtp

The Exchange Server's outgoing IP address is different than the inbound MX record IP, but the nat rule and static commands had previously been run.

I did increase the DNS size to 1024 which helped with most but not all of the SMTP message queues.

The PIX OS is 6.3.4.

I still have the same problem only with wending to two different domain names now.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18885303
Progress is good, no?

>The Exchange Server's outgoing IP address is different than the inbound MX record IP,
As long as this is true, you will always have certain domains that simply will not accept email from you.
What does the current global/nat/static look like now?

>The PIX OS is 6.3.4
No big issues with this OS, but I'd still go ahead and upgrade to 6.3(5) if possible
0
 

Author Comment

by:cullendrea
ID: 18885441
The rest of the messages cleared out of the queue after a short period of time.  It sounds as if changing the maximum length of the fixup protocol for dns fixed it.  Thank you for your help.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question