Exchange 2007 does not receive mail if SMTP code BDAT is used by sender (hotmail, msn, some other domains)

When I direct our incoming mail to our new Exchange 2007 server, mail from some sending domains is not received, and the sender gets a 4.4.7 NDR (eventually).  After turning on SMTP logging for the appropriate receive connector, I have discovered that all of the messages that are not received use the BDAT command and all of the messages that are received use the DATA command.  Is there something I need to do on my Exchange 2007 server to enable the receipt of mail that uses the BDAT command?  A sample of the SMTP log is attached
mail-rec-no-cleaned.txt
PaulRAsked:
Who is Participating?
 
tgtranConnect With a Mentor Commented:
1.  ESMTP has more security features - most people use ESMTP for external authentication purposes

2.  Disable ESMTP will force the other party to use standard SMTP.  At handshake, if the other party issue EHLO and your server replies, the other party will proceed with ESMTP since it got a reply confirming that your server.  If it gets negative response, it will then use SMTP instead.
The problem is Microsoft only implemented limited set of ESMTP commands and BDAT is not one of them.  It is like you took 1 year of French in highschool; therefore you know French - but if you like me, you are in no way fluent like a native speaker.
Here is the list of support Exchange 2007 ESMTP commands:
250-SIZE 10485760
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-X-ANONYMOUSTLS
250-AUTH
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 XEXCH50

3.  I don't know why.  If I have to guess, I would say hotmail\msn does not use Exchange since it would be nearly impossible to scale Exchange to support million of users.  Remember, MS purchased hotmail and it has roots in UNIX - while MS converted hotmail into a Windows shop, hotmail is still using proprietary codes; so it does not have the vulnerabilities that Exchage suffers.

0
 
tgtranCommented:
BDAT is part of ESMTP protocol - while Ex2007 supports ESMTP, it does not support BDAT due to vulnerabilities that would crash smtp server (back in Exchange 2000 days).  You can see all the ESMTP commands Exchange 2007 supports by telnet to the box and execute EHLO.  While only very small number of domains still use BDAT, it is not neccessary to make any changes to Exchange 2007.

If you want to fix this problem, you have to disable ESMTP on Exchange.  To do this, issue this:

Set-SendConnector -Identity <name of your send connector> -ForceHELO $true
0
 
PaulRAuthor Commented:
Thank you very much for the info, but this brings up several questions.

1. What are the repercussions of disabling ESMTP?

2. If BDAT is an ESMTP command, why does disabling ESMTP make messages using BDAT work?  I would think the opposite would be true.

3. If BDAT is not supported in Exchange 2007, why does Microsoft use BDAT in their hotmail & msn mail mesages? Or conversely, if Microsoft uses BDAT in their mail services, why do they not make a mail server that can accept BDAT safely?

Paul
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
PaulRAuthor Commented:
One other thing - I notice that the shell command you provided is for a send connector - our problem is with receiving mail - would this same command work for our receive connector?

Paul
0
 
PaulRAuthor Commented:
I thought that completely disabling ESMTP was a bit of overkill if it wasn't necessary, using your answers, and with a little other research that seemed to tied Chunking with BDAT, i decided to just disable Chunking, which also required disabling BinaryMime (both) on the receive connector.  This appears to have stopped senders from attempting to use the BDAT command, and the mail comes through.
Thanks, and also for the elaboration on my follow-up questions.
0
 
PaulRAuthor Commented:
For others who may have the same issue, instead of disabling ESMTP completely, I only disabled the ESMTP verbs BinaryMime and Chunking (which from my research on this issue, is tied to BDAT - BinaryDATa).  The Exchange Shell commands to do this are:

Set-ReceiveConnector -Identity "nameofconnector" -BinaryMimeEnabled $False
Set-ReceiveConnector -Identity "nameofconnector" -Chunking $False

Note BinaryMimeEnabled must be done before Chunking

Paul
0
 
lukecaCommented:
Paul - thanks for posting that, it fixed this problem for my exchange 2007 server.
0
All Courses

From novice to tech pro — start learning today.