AboutPricingCommunityTeamsStart Free TrialLog in
Avatar of mrchatila
mrchatila
 asked on

Mail flow problem in receiving?

Dear Sir,

I have an Exchange 2007 SP1 up and running without any problem, I have noticed some users didn't receive some emails:
I tracked the sender email address and I found out That the message is received only but not delivered to the recipient email address inside my organization:
There no other Event ID like "FAIL" or "BADMAIL"

These are the details:

Timestamp: 2008/04/11 05:32:56
Event ID: RECEIVE
Source: SMTP
08CA6932AB590841;2008-04-11T02:32:42.234Z;0
<3D4D84C1A9151548B8DD598E22B571707F460B@sbser01.triwin.com.tw>
Subject: RE: AWW's May Issue: Last Call  - RESEND
Sender: trade05@triwin.com.tw
Recipients: marketing@awwmag.com
2344197
Client IP: 192.168.10.250  [Fortigate Hardware Firewall]
Server IP: 192.168.10.21 [My Exchange]
Server Hostname: exchange
Connector ID: EXCHANGE\Default EXCHANGE
Total bytes: 24516
ReturnPath: trade05@triwin.com.tw
00A:

Why this happen?
If GFI stop the email, I will notice an Evend ID: FAIL in the message Tracking..
please any help..

Thank you in advance.
Exchange
Avatar of undefined
Last Comment
0bfusc8
8/22/2022 - Mon
consultkhan
Hi,
Quick resolution technique is to check the user has a valid SMTP address and that address is "published" when sending emails from that account.
thanks.
mrchatila
ASKER
Could explain more please?
He has a valid IP but I have noticed that the domain @triwin.com.tw  IP:59.125.23.68 is blacklisted...
How can I ensure in my Exchange?

Thank you
mrchatila
ASKER
how can I ensure that the user has a valid SMTP address and that address is published in sending emails from his account?

Thank you again?
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
consultkhan
IP:59.125.23.68 is blacklisted...

IF YOUR IP is balcklisted sure you wont be able to receive messages from internet over that domain.
you need to clear the IP from blacklist first.
DO YOU have any anti-spam solution implemented ?
Are you using an open relay on SMTP ?
check and let me know
thanks.
mrchatila
ASKER
I have GFI Mail Essentail v12 implemented and the built-in agent of Exchange 2007 Anti-spam.

No I am not using SMTP relay, my Exchange is not an open RELAY.
mrchatila
ASKER
MY IP is not blacklisted... sure not.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
consultkhan
Are all uses on this domain triwin.com.tw   not able to recieve ?

is the domain triwin.com.tw   added to "accepted domains" lists in the exchagne 2007
please verify
thanks.
mrchatila
ASKER
Sir, my exchange is not triwin.com.tw, this is not my domain, it's the sender's domain....
The sender is @triwin.com.tw
peakpeak
Domain is not blacklisted:
http://www.anti-abuse.org/checkrbl.php?host=triwin.com.tw
Did you check the spam folder?
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
mrchatila
ASKER
So what's the problem?
It's listed on mxtoolbox.com, why triwin.com.tw resolve an IP 59.125.23.68 on mxtoolbox.com

PeakPeak: why I faced this problem?
I Tracked the sender email @triwin.com.tw and I found out:
The message is received only but not delivered to the recipient email address inside my organization:
There no other Event ID like "FAIL" or "BADMAIL"
These are the details:

Timestamp: 2008/04/11 05:32:56
Event ID: RECEIVE
Source: SMTP
08CA6932AB590841;2008-04-11T02:32:42.234Z;0
<3D4D84C1A9151548B8DD598E22B571707F460B@sbser01.triwin.com.tw>
Subject: RE: AWW's May Issue: Last Call  - RESEND
Sender: trade05@triwin.com.tw
Recipients: marketing@awwmag.com
2344197
Client IP: 192.168.10.250  [Fortigate Hardware Firewall]
Server IP: 192.168.10.21 [My Exchange]
Server Hostname: exchange
Connector ID: EXCHANGE\Default EXCHANGE
Total bytes: 24516
ReturnPath: trade05@triwin.com.tw
00A:

Why this happen?
If GFI stop the email, I will notice an Evend ID: FAIL in the message Tracking..
please any help..
consultkhan
workaround:-
STOP GFI temporarily and see if the message gets delivered.Bcoz once the message is arrived at the exchagne level ,exhange verifies for a valid SMTP available to be delivered to that user. I believe that before exchagne could start this process,"something" is rejecting the message directly.
NO BLAME ON GFI.but lets isolate the issue!
mrchatila
ASKER
Hello Consultkhan,
Thanks for your reply...

Now I received the message from the sender @triwin.com.tw without stopping GFI WEIRD!!!
What is the problem, Exchange receive the message but not delivered to the recipient?

Any idea, why this happened?

Thank you
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
consultkhan
all right track the message using the senders email address and let me know.

IT could be any one of the following:-
1.It reached Exchange server but was not delivered to the recipient's INBOX
4. It reached the recipient's mailbox but does not appear in OUTLOOK.

Also do the following:-
1.Disable all processing of rules in his outlook momentarily.

update your findings.
mrchatila
ASKER
I tracked the message using the sender email address:
Senders is: trade05@triwin.com.tw
Here are the details in the message tracking:

Timestamp: 2008/04/11 05:32:56
Event ID: RECEIVE
Source: SMTP
08CA6932AB590841;2008-04-11T02:32:42.234Z;0
<3D4D84C1A9151548B8DD598E22B571707F460B@sbser01.triwin.com.tw>
Subject: RE: AWW's May Issue: Last Call  - RESEND
Sender: trade05@triwin.com.tw
Recipients: marketing@awwmag.com
2344197
Client IP: 192.168.10.250  [Fortigate Hardware Firewall]
Server IP: 192.168.10.21 [My Exchange Server]
Server Hostname: exchange
Connector ID: EXCHANGE\Default EXCHANGE
Total bytes: 24516
ReturnPath: trade05@triwin.com.tw
00A:

It reached Exchange server but was not delivered to the recipient's INBOX...
There is no EVENT ID in the message tracking [DELIVER / STOREDRIVER] only "RECEIVE"

Please any help?
consultkhan
"receive" actually means its received the exchange through the connector.BUT you should also find "queued for local delivery" or "delivered to store" message in the tracking log.

Go to the exchange management shell and run
Get-MailboxServer SERVERNAME | fl *messagetracking*
COPY THE log from the location Program Files\Microsoft\Exchange Server\TransportRoles\Logs\MessageTracking.
also set the maximum logging size to keep the logs for max size
Set-TransportServer E2K7 MessageTrackingLogMaxDirectorySize 500MB (or select any value)

SEE this article for assistance
http://www.msexchange.org/tutorials/Exchange-2007-Message-Tracking-Part2.html
thanks.

Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
mrchatila
ASKER
I have already made this change to the message tracking from a long time ago:
Here are the details:

MessageTrackingLogEnabled               : True
MessageTrackingLogMaxAge                : 33.00:00:00
MessageTrackingLogMaxDirectorySize      : 500MB
MessageTrackingLogMaxFileSize           : 10MB
MessageTrackingLogPath                  : D:\Program Files\Microsoft\Exchange S erver\TransportRoles\Logs\MessageTrac
                                          king
MessageTrackingLogSubjectLoggingEnabled : True

then what should I  DO?
consultkhan
post the tracking log from the same location (full)
thanks.
mrchatila
ASKER
which log? there are many log files inside the folder, which day?
Thanks
 
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
mrchatila
ASKER
Here are the log file on 11/04/2008 and 15/04/2008

Thanks,
MSGTRKM20080410-1.LOG
MSGTRKM20080414-1.LOG
mrchatila
ASKER
Sorry maybe I attached the log of another day!!!
?
mrchatila
ASKER
Hello Again,
Here are the correct log files attached
MSGTRK20080409-1.LOG
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
mrchatila
ASKER
Here are the second log files attached


MSGTRK20080411-1.LOG
consultkhan
ok give me some time.I am digging thru the logs.
thanks.
ASKER CERTIFIED SOLUTION
consultkhan
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
consultkhan
I MUST TAKE FULL MUG COFFEE FOLLOWED BY DOUBLE CHOCLATE DONUT!
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
mrchatila
ASKER
Welcome MAN, DONUTS... Cheers!
Thank you.

The problem in GFI MAIL Essentials, but the weird problem that I have read their KBASE:
IF one or more GFI MailEssentials anti-spam actions are configured to "Move to the specified folder" (on the hard disk).
But in my case I don't have any actions to move the message to the HARD DISK.

Anyway, thank you very much...
0bfusc8
Just to clarify: "Move to the specified folder" in GFI refers to folders inside the user's mailbox - not a folder on the HDD.  If GFI tries to process something destined for a folder - for instance the keyword filter is set to set to put messages in the Inbox/SPAM/Keyword folder - AND fails (in the case of a distribution group, which has no mailbox and therefore no folders) then the message will be lost.  Basically any email sent to an email  group that triggers a filter that is set to move to a folder will fail.

Plans and Pricing
Resources
Product
Podcasts
Careers
Contact Us
Teams
Certified Expert Program
Credly Partnership
Udemy Partnership
Privacy Policy
Terms of Use

© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent