Solved

Some sent messages not getting to destination - no bounce back or failure notification received.

Posted on 2007-11-21
10
656 Views
Last Modified: 2012-05-05
Scenario:
3 sites with exchange set up.
we will call the sites site1, site2, and site3.
I am in the example at site 3.
From site 1, we wish to communicate an email to site 2 - email sent to site 2 from site 1.
Approximately 50% of the time, messages are delivered and 50% are lost.  Site 1 does not get any reponse back to indicate the message has been bounced, blocked or failed to deliver.

If I send a message to site 2 and site 3(me) on the same email from site 1, site3 (me) receives the mail everytime, but site 2 only received 50% of the emails.

If I send a message to site 2 and site 3 on the same email from site 1, and request a delivery receipt, again, site 3 (me) receives them all, and site 2 only about 50%.  Also, site 1 receives receipt messages from site 3 (me) for all messages, but also site 1 also receives receipt message for some message that weren't delivered to site 2, and also doesn't receive receipt messages for items that were delivered, and also some receipts for messages that were delivered (hope that makes sense!)

To say I am a little consufed is an understatement.

Have checked on spamcop and spamhaus for the IP address's of site 1 and site 3 and neither are listed as blocked.

Antispam filters have been removed off firewall on site 2 but this has made do difference.

Any ideas on what else I can check?
0
Comment
Question by:doehlemis
  • 4
  • 3
  • 3
10 Comments
 
LVL 1

Expert Comment

by:ParvinderSohal
ID: 20328829
> Did you do message tracking?
> Open Exchange System Manager
> Try track the message from sender and receipent email address, with the actual date stamp.  
> This should show you all the steps the mail went through.

Cheers!
0
 

Author Comment

by:doehlemis
ID: 20328865
I do not have access to server console at site 1 so can not perform this action for site 1.
Site 2 however I have done this and can prove that the server has not received the emails that have gone missing, even though I have received some message delivered reciepts on site 1 for site 2 mails that did not appear!
Also I should mention that I am using OWA on sites 1 and 2 over https to send the message, and Outlook 2003 client on site 3 (me).
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20328981
It will not be blacklisting, as that would generate an NDR.
Without knowing what is happening at the other end, you are fishing around in the dark somewhat. You need to know what Exchange is doing with the messages, whether they are being delivered, blocked by something (AV for example etc).

Is the email delivered directly, or via an ISPs SMTP Server?

Receipts are not very reliable as they can be triggered by all sorts of things. I wouldn't rely on the results of receipts for anything.

At the moment there isn't really enough information to go on.

Simon.
0
 

Author Comment

by:doehlemis
ID: 20329074
Thanks Simon,
The owner at site 1 has previosuly confirmed to me that messages that seem to be dissappearing are definately leaving their system (probably using message tracking to verify).

Fair comment on the receipts, although both ends use an exchange server so they should be communicating the same language.

As mentioned, only 50% of the messages are blocked which is what I do not understand.
In my own testing I have sent 10 messages on the trot from site 1 to site2 and 3 with a subject matter of test 35 from xyx, test 36 from xys, etc, through to test 45 from xyz, all with just the word test for the body matter, and 36, 37, 40, 41, and 42 were not delivered to site 2, but the rest were - and site 3 (me) received them all, so I dont see how a spam filter would pick up on just those 5 and not the other 5 when the wording is exaclty the same and in the same email!....

The emails are delivered through ISP's at all three locations.

0
 
LVL 1

Expert Comment

by:ParvinderSohal
ID: 20329129
> Do you have content filter between the sites, you might would like to check or have someone check the logs
> Any router, because I had seen this issue due to routers as well.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 1

Expert Comment

by:ParvinderSohal
ID: 20329133
> when I said router I meant hardware router and not the windows server with RRAS.

Cheers!
0
 
LVL 104

Expert Comment

by:Sembee
ID: 20329179
If the messages are going to the ISPs, then you are pretty much stuffed. ISP SMTP servers are black holes. I have seen messages go in and not appear again, and sometimes appear after six weeks. Demon Internet's are notorious for this.

What you need to know is what server the messages were delivered to. Message tracking will tell you that. If it was the ISPs server then there is nothing you can do. You can try complaining to the ISP, but they will say there is nothing wrong - they always do.

Simon.
0
 

Author Comment

by:doehlemis
ID: 20329284
OK, Thanks guys.
No routers other than whats in the internet.
We will continue with chasing up the ISP's then to see if they can shed any light on this.
Will also get site 1 owner to advise what server the messages were delivered too incase they are using some form of farm at the ISP as maybe it might be one server on their farm being the issue.



0
 

Author Comment

by:doehlemis
ID: 20333779
On a further note, after writing all my findings down on paper, I have discovered that the messages that WERE NOT delivered in my last set of testing DID return a delivery receipt notification, and that those mails that WERE delivered DID NOT send a delivery receipt.  So there is a logic pattern there somewhere, but I still dont see as to why this should occur - does that shed any further light onto the issue??
0
 
LVL 104

Accepted Solution

by:
Sembee earned 250 total points
ID: 20334203
The problem is that you have no idea which server triggered the delivery report. It could have been the ISPs server, a server somewhere else inside the ISP, or later on. If you don't see a trace of the email in Exchange then I would say it is triggering further back.

Simon.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now