Exchange 2007 does not receive mail if SMTP code BDAT is used by sender (hotmail, msn, some other domains)

When I direct our incoming mail to our new Exchange 2007 server, mail from some sending domains is not received, and the sender gets a 4.4.7 NDR (eventually).  After turning on SMTP logging for the appropriate receive connector, I have discovered that all of the messages that are not received use the BDAT command and all of the messages that are received use the DATA command.  Is there something I need to do on my Exchange 2007 server to enable the receipt of mail that uses the BDAT command?  A sample of the SMTP log is attached
mail-rec-no-cleaned.txt
PaulRAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

TG TranIT guyCommented:
BDAT is part of ESMTP protocol - while Ex2007 supports ESMTP, it does not support BDAT due to vulnerabilities that would crash smtp server (back in Exchange 2000 days).  You can see all the ESMTP commands Exchange 2007 supports by telnet to the box and execute EHLO.  While only very small number of domains still use BDAT, it is not neccessary to make any changes to Exchange 2007.

If you want to fix this problem, you have to disable ESMTP on Exchange.  To do this, issue this:

Set-SendConnector -Identity <name of your send connector> -ForceHELO $true
0
PaulRAuthor Commented:
Thank you very much for the info, but this brings up several questions.

1. What are the repercussions of disabling ESMTP?

2. If BDAT is an ESMTP command, why does disabling ESMTP make messages using BDAT work?  I would think the opposite would be true.

3. If BDAT is not supported in Exchange 2007, why does Microsoft use BDAT in their hotmail & msn mail mesages? Or conversely, if Microsoft uses BDAT in their mail services, why do they not make a mail server that can accept BDAT safely?

Paul
0
PaulRAuthor Commented:
One other thing - I notice that the shell command you provided is for a send connector - our problem is with receiving mail - would this same command work for our receive connector?

Paul
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

TG TranIT guyCommented:
1.  ESMTP has more security features - most people use ESMTP for external authentication purposes

2.  Disable ESMTP will force the other party to use standard SMTP.  At handshake, if the other party issue EHLO and your server replies, the other party will proceed with ESMTP since it got a reply confirming that your server.  If it gets negative response, it will then use SMTP instead.
The problem is Microsoft only implemented limited set of ESMTP commands and BDAT is not one of them.  It is like you took 1 year of French in highschool; therefore you know French - but if you like me, you are in no way fluent like a native speaker.
Here is the list of support Exchange 2007 ESMTP commands:
250-SIZE 10485760
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-X-ANONYMOUSTLS
250-AUTH
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 XEXCH50

3.  I don't know why.  If I have to guess, I would say hotmail\msn does not use Exchange since it would be nearly impossible to scale Exchange to support million of users.  Remember, MS purchased hotmail and it has roots in UNIX - while MS converted hotmail into a Windows shop, hotmail is still using proprietary codes; so it does not have the vulnerabilities that Exchage suffers.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PaulRAuthor Commented:
I thought that completely disabling ESMTP was a bit of overkill if it wasn't necessary, using your answers, and with a little other research that seemed to tied Chunking with BDAT, i decided to just disable Chunking, which also required disabling BinaryMime (both) on the receive connector.  This appears to have stopped senders from attempting to use the BDAT command, and the mail comes through.
Thanks, and also for the elaboration on my follow-up questions.
0
PaulRAuthor Commented:
For others who may have the same issue, instead of disabling ESMTP completely, I only disabled the ESMTP verbs BinaryMime and Chunking (which from my research on this issue, is tied to BDAT - BinaryDATa).  The Exchange Shell commands to do this are:

Set-ReceiveConnector -Identity "nameofconnector" -BinaryMimeEnabled $False
Set-ReceiveConnector -Identity "nameofconnector" -Chunking $False

Note BinaryMimeEnabled must be done before Chunking

Paul
0
lukecaCommented:
Paul - thanks for posting that, it fixed this problem for my exchange 2007 server.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.