Exchange 2007 throwing Firewall 500 error outbound

Having really annoying issues with Exchange 2007. Before the migration on 2003, there were no issues with sending emails out of the server, and now getting the following emails bouncing back "randomly".


Undeliverable: (Email Subejct)

(Recicpient Name - randomnly from any server)
eg1. mailproxy1.pacific.net.au #500 Firewall Error ##
eg2. bay0-mc7-f1.bay0.hotmail.com #500 Firewall Error ##
eg3. bay0-mc4-f1.bay0.hotmail.com #500 Firewall Error ##


Current Settings
Server: Windows Serve 2003
Email: MS Exchange 2007
Hardware: Single DC/Mail Hub
Communication: SMTP 25 (inbound/outbound port is unrestricted on DC)
Email Clients: MS Outlook 2007

ISP Provider: Pacific Internet (Australia)
AntiSPAM: Enabled on Mail Hub
Send Connector: smtp.pacific.net.au
Firewall - Hardware: Cisco 1760 (unrestricted port forwarding 25 to Mail Hub)
Firewall - Software: Have been disabled during testing period on DC/Mail Hub and still occurs

Internet Conenct: 2 ADSL connections from the SAME ISP, although different conenction types (dont ask me why, this will be changed to 2 bonded conenctions in the future once I get this email issue resolved)


This issue seems absolutely random whereby clients can send out 10 emails to a single person and 3 of them bounce back. The average bounce back rate is approx 20% from what I can gather, and the majority of these issues had the errorstated above.

From what I can gatherthe majority seems to be public servers such as GMAIL and primarily HOTMAIL. I am believing that it could be the Exchange trying to handle all the outbound email and sending them directly without going through the proper mail host.

It was more apparent when I DID NOT configure smart host and channelled outbound emails via DNS, and it seems to have cut down the numbers as soon as smart host was enabled for out ISP.

There were other errors, which I do not believe have any relation to this particular type of errors.
InexperiencedPorkRollAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Michael WorshamStaff Infrastructure ArchitectCommented:
0
InexperiencedPorkRollAuthor Commented:
Thanks mwecomputers.

I have looked at that EE solution before and it did not resolve our problem and have attached the error message that generally appears.

In a way, it was similar to the person at the MS site here:
http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=1708868&SiteID=17

But the thing is, most of the users are using Office 2007, and those with 2003 are not experiencing any issues what so ever (from my knowledge).

Yes Hotmail may have restricted email size, although this mssage occurs also on other non Hotmail/Gmail servers whom I know previous to the upgrade were accepting the emails as normal without any rejection or email size restrictions. The attached error was simply a set of emails being set back and forth previously without any problems until this one, and have asked for the client to resend the email, to which it went through.

The Cisco 1760 has version 12.1 (I think from memory), and I got our Cisco guy to look into IP filtering/packet inspection and the CBAC, both he said were not enabled and should not block any types of packets based on any IP rules. So I might request for the ISO to be upgraded as see how that goes.


On a slightly more positive note, after leaving Smart Host enabled, the number of bounce back errors have reduced by 60-80% depending on the client - but is not completely stopping. I will post more where possible with any outcomes.
Diagnostic information for administrators:
 
Generating server: my.domain.local
 
emailingThisPerson@hotmail.com
bay0-mc7-f1.bay0.hotmail.com #500 Firewall Error ##
 
Original message headers:
 
Received: from my.domain.local ([192.168.188.1]) by
 my.domain.local ([192.168.188.1]) with mapi; Wed, 30 Jan
 2008 12:18:02 +1100
From: From This Person <fromEmail@domain.com>
To: =?gb2312?B?za/Uwrb7?= <emailingThisPerson@hotmail.com>
Date: Wed, 30 Jan 2008 12:17:55 +1100
Subject: RE: Revised Quotes
Thread-Topic: Revised Quotes
Thread-Index: Achi3WScpVs+0pyHRiywsGTuPeKGGQAAERwQ
Message-ID: <9C3BA0C44260AA439F6A4AB3B8D32EF603405B09@my.domain.local>
References: <9C3BA0C44260AA439F6A4AB3B8D32EF603405AEF@my.domain.local>
 <BAY112-W6137852D895D34CB40D13A4360@phx.gbl>
In-Reply-To: <BAY112-W6137852D895D34CB40D13A4360@phx.gbl>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: multipart/mixed;
	boundary="_004_9C3BA0C44260AA439F6A4AB3B8D32EF603405B09wickhamdcwickha_"
MIME-Version: 1.0
 
 
Final-recipient: RFC822; emailingThisPerson@hotmail.com
Action: failed
Status: 5.0.0
Remote-MTA: dns; bay0-mc7-f1.bay0.hotmail.com
X-Supplementary-Info: <bay0-mc7-f1.bay0.hotmail.com #5.0.0 smtp;500 Firewall
 Error>
X-Display-Name: =?gb2312?B?za/Uwrb7?=

Open in new window

0
InexperiencedPorkRollAuthor Commented:
What I dont understand is why there is a set of random text in the to email before the persons email:
Line14:  To: =?gb2312?B?za/Uwrb7?= <emailingThisPerson@hotmail.com>

Or in line 21 and 22, why it is going to a phx.gbl domain?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Michael WorshamStaff Infrastructure ArchitectCommented:
That message format usually is from a bot that is running on your internal network attempting to use your Exchange server to send its spam messages. You might want to scan your internal network of PCs to see if one or more have been infected by a spam bot/worm.

0
InexperiencedPorkRollAuthor Commented:
After initlaly changing the mail delivery through Smart Host, it help reducing the overall bounce back, although still occuring, but it seemed to significantly affect 1 client now. I have recently installed Exchange 2007 SP1 and it did not seem to have helped.

I reverted the outbound back to DNS and outbound emails seemed to behave in the same manner and majority of clients have not reported any issues - not to say that it does not bounce back, guessing at a low level which does not impact them much.

What I have noticed is that when a message was queued, the emails would be received in the queue, then after about 1-5 minutes, the same bounce back emails (stated earlier) would appear for the client and deleted from the queue.

How do I test/check in 2007 if the server is relaying outside of the domain?

I looked into the message queue, and have found some SPAM which is outbound and cannot trace who is sending them - does anyone know of an applicationto  trace who is sending an email from the mail queue? or help me interpret the messages?

Here some examples:
Identity: serverName\1733\8064
Subject: Undeliverable: Aggressive investors alert
Internet Message ID: <7b9772cc-8cd7-496e-98ed-4b3dd0db555f>
From Address: <>
Status: Ready
Size (KB): 9
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 4/02/2008 7:31:11 PM
Expiration Time: 6/02/2008 7:31:11 PM
Last Error: 400 4.4.7 Message delayed
Queue ID: serverName\1733
Recipients:  AlonzoannumFrench@faqts.com

Identity: serverName\1731\8061
Subject: Undeliverable: Habbo Adevtisement
Internet Message ID: <1100e64d-e65d-4260-8545-a23ad3974f39>
From Address: <>
Status: Ready
Size (KB): 6
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 4/02/2008 1:40:56 PM
Expiration Time: 6/02/2008 1:40:56 PM
Last Error: 421 4.4.0 Remote server response was not RFC conformant
Queue ID: serverName\1731
Recipients:  flooder@habboearth.net.ms

Identity: serverName\1734\8066
Subject: Undeliverable: gissam
Internet Message ID: <fd0cb8a5-3c7b-4701-baf0-990f92d6933c>
From Address: <>
Status: Ready
Size (KB): 6
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 4/02/2008 7:32:55 PM
Expiration Time: 6/02/2008 7:32:55 PM
Last Error: 400 4.4.7 Message delayed
Queue ID: serverName\1734
Recipients:  _gireigte@bfdwsd.nu
0
InexperiencedPorkRollAuthor Commented:
The following error was thrown when outbound is DNS based. The client has sent an email to 4 clients (2 within domain, 2 Bigpond accounts), to which 1 has passed, and the other rejected with the same Error 500 Firewall error. The 2 interal were recieved ok.


Delivery has failed to these recipients or distribution lists:

[Recipients Name]
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.

The following organization rejected your message: iaamta01ps.mx.bigpond.com.
0
Michael WorshamStaff Infrastructure ArchitectCommented:
You need to scan your internal network for a possible server and/or PC that might have a spam/malware bot running upon it. Until that is done, your Exchange server is just acting as the outbound point for having it send messages.

As for checking your domain for relay, goto DNSStuff.com and run the DNSReport for your site. It will give an in-depth scan of your DNS records, including MX records as well.
0
InexperiencedPorkRollAuthor Commented:
Performed the following on 13 (including 2 servers) of the 15 devices (2 laptops unavilable) on the network:

* Ad-Aware (def Feb 04, 2008)
* Spybot S&D (def Feb 06, 2008)
* Eset NOD32 (def Feb 06, 2008)

Majority of systems, no spyware/adware/virus were found apart from Tracking Cookies and MRUs. On 1 system (that did not have any email issues) a spyware was found and removed.

Confirmed RDNS that it points back to our mail server
Send Connector FQDN is the same as the mail server (mail.ourdomain.com)
Send Connector configured for Smart host (smtproam.pacific.net.au)
Receive is allowed for all (*)
Static IP has been assigned, and as above, not configured for direct delivery (unless a suggestion is made)

FURTHER ANALYSIS
I have found that it seems to "primarily" affect emails with attachments (WMV, AVI, PPTP) over 100kb. Alhtough this is not definitive as some word only emails at 75kb have also bounced back.

But what I have realised is that I sent 5 emails to an external account, emails 1,3,5 were received ok, emails 2,4 were bounced back with the above error.

This was tested again with another email which was sent twice for which the 1st came through and the 2nd bounced.

Analysed mail queue and it "seems" that all emails get to the queue and leaves without problems, so I can only guess that it is leaving our servers correctly and forwarded to the Pacific STMP server.
0
InexperiencedPorkRollAuthor Commented:
I think I may have found the problem to this and lies with the Cisco 1760 and its configuration.

For testing purposes, I installed a DLink DSL-G604T GenII router with all specs at default and sent 4x 3mb emails. Usually 2 would go through, and 2 would bounce back with the firewall 500 error, but it seems that all 4 has gone through without any hassles.

All this and I was thinking it was something else - now I need to reconfigure the Cisco accordingly to suit our ISP, MTU and connections.

Hope my foolishness will help someone else.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
silent_watersCommented:
Hi PorkRoll, did you figure out how to get the Cisco working? I've got the same thing with a similar router and if you solved it I would love to know how.
Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.