spectraqest
asked on
Exchange 2003 SBS: Not All Outbound Email Being Delivered
My company is running Windows 2003 SBS on a small 30-computer network. It runs Exchange 6.5.7638.1 (ie. Exchange 2003). At least three people have reported that occasionally, they will send an email to outside the company, and it will not be received by the other party. Outlook always says the email messages have been sent. The message log in Exchange is enabled and it appears that Exchange thinks the emails have been sent (at least, according to my masterful examination of the log).
The problem occurs usually at least twice a day. There are at least three people on our network reporting this problem, and at least four different destinations that messages are sometimes not delivered to. If the messages are sent again, they will get through.
As far as we know, the system has not dropped any incoming messages; only outgoing.
Any ideas?
The problem occurs usually at least twice a day. There are at least three people on our network reporting this problem, and at least four different destinations that messages are sometimes not delivered to. If the messages are sent again, they will get through.
As far as we know, the system has not dropped any incoming messages; only outgoing.
Any ideas?
Do you have message tracking enabled? That will show what Exchange has done with the message.
Do you send email directly or through your ISPs SMTP Server? If you send direct then you may have a problem with your DNS configuration.
If you send via the ISPs SMTP Server and Exchange shows the message is being sent to their server then you are rather stuck as you will be unable to get anything from the ISP about delivery problems. If you haven't noticed most ISPs operate on the basis that their network is perfect.
Simon.
Do you send email directly or through your ISPs SMTP Server? If you send direct then you may have a problem with your DNS configuration.
If you send via the ISPs SMTP Server and Exchange shows the message is being sent to their server then you are rather stuck as you will be unable to get anything from the ISP about delivery problems. If you haven't noticed most ISPs operate on the basis that their network is perfect.
Simon.
ASKER
Sorry, I've been extremely busy the past few days.
We send email directly from our server, and we have message tracking enabled, but I can't just post it here as it's got kinda confidential information in it. I can't seem to figure out what the hell the log is trying to say, so if you could give me a bit of guidance then that would help :)
We send email directly from our server, and we have message tracking enabled, but I can't just post it here as it's got kinda confidential information in it. I can't seem to figure out what the hell the log is trying to say, so if you could give me a bit of guidance then that would help :)
Have you used the Message Tracking Centre to look at what is happening? You cannot just look at the logs raw, they are designed to be processed by the message tracking centre.
You need to search in there to find the message and then see what is happening.
Simon.
You need to search in there to find the message and then see what is happening.
Simon.
ASKER
I looked in the Message Tracking Centre, and looked for an email which was reported as not delivered. I opened up the Message History, and the last item says:
Message transferred to **************************
It has heaps of asterisks, I didn't bother counting them so that's not the correct number of asterisks above, but there's heaps of them.
Seeing as how I looked at a few other random ones and found DNS names in place of the million asterisks and zero, I'm guessing that's not exactly good?
Message transferred to **************************
It has heaps of asterisks, I didn't bother counting them so that's not the correct number of asterisks above, but there's heaps of them.
Seeing as how I looked at a few other random ones and found DNS names in place of the million asterisks and zero, I'm guessing that's not exactly good?
That is a PIX.
Do you have a Cisco PIX anywhere?
Do you know of any external clients having a PIX?
Simon.
Do you have a Cisco PIX anywhere?
Do you know of any external clients having a PIX?
Simon.
ASKER
A Cisco PIX? We certainly don't have one. One of our ccustomers might, though... What are the implications of one of our customers having one of these things? Where might you suspect it be in the network?
We connect to several of our customers' VPNs using software clients, and they have Cisco gear on the other end, if that makes any difference.
Why would a firewall do this? That might explain the asterisks, but why is it happening for several of our customers, yet we aren't the ones that have the firewall, and they don't have the problem?
I certainly wouldn't want my firewall blocking mail...
We connect to several of our customers' VPNs using software clients, and they have Cisco gear on the other end, if that makes any difference.
Why would a firewall do this? That might explain the asterisks, but why is it happening for several of our customers, yet we aren't the ones that have the firewall, and they don't have the problem?
I certainly wouldn't want my firewall blocking mail...
The Cisco PIX has a feature called Mail Guard. It is disabled using the command "no fixup SMTP" if I recall correctly. Basically it gets in the way of SMTP delivery, notorious for it. I have a number of PIX out in the field and disabling this feature it is the first thing I do when configuring them.
I have seen people run a PIX with the feature enabled for years and then start getting problems - often with one particular site or client who has started using different antispam software or techniques. Disabling it is the best way forwards.
Simon.
I have seen people run a PIX with the feature enabled for years and then start getting problems - often with one particular site or client who has started using different antispam software or techniques. Disabling it is the best way forwards.
Simon.
ASKER
Hmm, thank you for that! I'll see if we can find out if any of the clients have PIXs in their network.
However, I looked at a few more messages that were reported as undelivered, and some of them don't have the *********0 etc. At least one of them says it was trasferred to "ESMTP;" and when it finishes gathering the message history data it comes up with this error in a message box:
"The object 'ESMTP;' in the message tracking logs can't be found in the directory. The object may have been deleted. The tracking history may be incorrect."
I looked at a few more random messages, I have no idea which ones were not delivered, but some of them say they were delivered to "and/or" and the error box comes up for that too. What could these mean?
However, I looked at a few more messages that were reported as undelivered, and some of them don't have the *********0 etc. At least one of them says it was trasferred to "ESMTP;" and when it finishes gathering the message history data it comes up with this error in a message box:
"The object 'ESMTP;' in the message tracking logs can't be found in the directory. The object may have been deleted. The tracking history may be incorrect."
I looked at a few more random messages, I have no idea which ones were not delivered, but some of them say they were delivered to "and/or" and the error box comes up for that too. What could these mean?
Message tracking cannot tell you anything about external hosts, which is why you get that message. It also only shows what is in the SMTP banner. So if the remote sides banner is just ESMTP then it will show nothing.
Here in the UK one major ISP's SMTP banner is just 220 - nothing more, so the message tracking log shows a blank for the remote server.
However if message tracking shows the transfer to a remote server was successful, then the problem is outside of your server.
Simon.
Here in the UK one major ISP's SMTP banner is just 220 - nothing more, so the message tracking log shows a blank for the remote server.
However if message tracking shows the transfer to a remote server was successful, then the problem is outside of your server.
Simon.
ASKER
Okay, thankyou for the help, I'll get around to organising some tests to see what we can do about it. I'll do accept solution later, I might need more help.
ASKER
Is it possible that having a total of three kilobytes free disk space on a server's only hard disk would affect this? :D
I won't bother explaining why there is only 3K free space on its hard disk, and I know you're not going to bother urging me to get it a new hard drive (because we already have one and it's going to be used very soon), but I deleted some files and freed up 400MB of disk space. All of a sudden, everyone in the office who had undelivered mail problems received undeliverable mail notifications from Exchange Server, some from over a month ago, that we never knew didn't get through.
I won't bother explaining why there is only 3K free space on its hard disk, and I know you're not going to bother urging me to get it a new hard drive (because we already have one and it's going to be used very soon), but I deleted some files and freed up 400MB of disk space. All of a sudden, everyone in the office who had undelivered mail problems received undeliverable mail notifications from Exchange Server, some from over a month ago, that we never knew didn't get through.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Forced accept.
Computer101
EE Admin
Computer101
EE Admin
II've had similar on Exch2k- but messages were 'stuck' in the send queue - nevern worked out why - but problem disappeared one day after a SP update!
GL