Avatar of albevier
albevier asked on

Exchanges stopped sending SMTP data

Environment:
Exchange 2003 with latest SP and patches
W2K3 Server Standard
PIX 501 Firewall

Symptoms:
No outgoing email makes it to destination

Background:
- Server has been up and running for at least two years so I believe that the PIX SMTP issue is not the cause of the problem
- About six weeks ago all traffic to hotmail stopped. All other traffic continued without interruption
- Followed all troubleshooting ideas from here and Microsoft -  SPF and Reverse DNS verification, regeister with MS Secure ID, verify that we were not listed on any RBLs
- No changes were made to the server configuration
- Moved problem to MS Support and they verified that my server was logging into their's but felt that our server was not transmitting data
- Telneted into my personal (non-hotmail) account and sent data without a problem
- Telneted into hotmail and got 250 return codes when expected but still no email went through to hotmail
- Worked with MS support to the point that they indicated that they needed to adjust their filters to accomodate either our IP or our domain name (they were not specific about what their filters were looking at)
- Several days later NO email is going out to ANY domain so something outside of MS Hotmail is going on.
- Still receive incoming email

Below an SMTP log from a single email sent to two domains - hotmail and mydomain (Date, Time and other column have been removed to make it cleaner.) Everything looks good but no email was received and either domain.

QUESTION: is there a way from the logs to verify that data was actually transmitted?

65.54.244.136 Response - 25 - - 220+bay0-mc5-f18.bay0.hotmail.com+Sending+unsolicited+commercial+or+bulk+e-mail+to+Microsoft's+computer+network+is+prohibited.+Other+restrictions+are+found+at+http://privacy.msn.com/Anti-spam/.+Violations+will+result+in+use+of+equipment+located+in+California+and+other+states.+Mon,+26+May+2008+08:37:16+-0700+ 0 0 309 0 203 SMTP
 65.54.244.136 Command - 25 HELO - mail.mydomain.com 0 0 4 0 203 SMTP
 65.54.244.136 Response - 25 - - 250+bay0-mc5-f18.bay0.hotmail.com+(3.5.0.22)+Hello+[75.100.100.59] 0 0 66 0 296 SMTP
 65.54.244.136 Command - 25 MAIL - FROM:<admin@mydomain.com> 0 0 4 0 296 SMTP
 208.00.000.00 Response - 25 - - 220+spamfilter-21.isp.com 0 0 26 0 203 SMTP
 208.00.000.00 Command - 25 HELO - mail.mydomain.com 0 0 4 0 203 SMTP
 65.54.244.136 Response - 25 - - 250+admin@mydomain.com....Sender+OK 0 0 46 0 421 SMTP
 65.54.244.136 Command - 25 RCPT - TO:<randomtestacct@hotmail.com> 0 0 4 0 421 SMTP
 65.54.244.136 Response - 25 - - 250+randomtestacct@hotmail.com+ 0 0 31 0 531 SMTP
 65.54.244.136 Command - 25 RCPT - TO:<user@hotmail.com> 0 0 4 0 531 SMTP
 65.54.244.136 Response - 25 - - 250+user@hotmail.com+ 0 0 25 0 656 SMTP
 65.54.244.136 Command - 25 DATA - - 0 0 4 0 656 SMTP
 65.54.244.136 Response - 25 - - 354+Please+start+mail+input. 0 0 28 0 656 SMTP
 65.54.244.136 Response - 25 - - 250+Mail+queued+for+delivery. 0 0 29 0 656 SMTP
 65.54.244.136 Command - 25 QUIT - - 0 0 4 0 656 SMTP

This has got to be resolved asap.

Thanks in advance for your help.



Email ProtocolsExchange

Avatar of undefined
Last Comment
kieran_b

8/22/2022 - Mon
ASKER
albevier

Update:
Email is flowing to domains other than hotmail.  For whatever reason the test email I sent today was simply delayed for about three hours and led me to believe that all email has stopped flowing.

ASKER CERTIFIED SOLUTION
kieran_b

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
albevier

The domain is domain.org and the IP address of the sending server is 75.x.x.x

Have to admit to being very hesitant to publish the name and IP so I'd appreciate the washing of the info once the question has been answered.

Update: MS Support is still attempting to "mitigate" my problems but I think they have also hit a wall as they simply repeat requests for me to send them a test message which they then say they did not recieve - would I please send them a test message. I'm not beating up on MS (well..... ok, maybe a little bit.) They have been very responsive especially given the size of the organization.
 


kieran_b

OK, that done, I need to know how you are sending mail out.

Can you successfully email any remote addresses like GMail?  If so, can you do that and post the headers here (I can tidy them up if necessary)
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
ASKER
albevier

Sorry for the delay in a response. Took the long weekend off and then got hit with several other issues.

Went to set up a GMAIL account and snag a larger bit of the SMTP logs to craft an aswer to your questions and low and behold, hotmail has started to recieve messages sent from the problem IP/domain!!!!!

No changes were made on our system so I have to assume that Microsoft re-configured one or more of their email servers or that I just happen to be getting routed through to a server that is allowing my traffic.

In case it will help others;
- SMTP and Telnet sessions to any domain other than hotmail (and msn) from any server or workstation on the network was successful
- SMTP and Telnet sessions to hotmail showed 250 codes for all steps (connection, acceptance of Mail From: and Rcpt To: and Data commands) but the messages were never received
- Microsoft indicated that they could see our SMTP server and Telnet session connect but from their perspective, no data was ever sent to them.
- It is not clear to me exactly what they meant by that statement. Looking at either the telnet session capture or our SMTP logs, their SMTP servers were accepting data or at least returning a 250 code all the way along to and including the Quit command.  

I recieved two conflicting messages from Microsoft
1. that they were "mitigating" our problem at the level of their filters
2. that clearly nothing was wrong with their servers, mine were just not sending any data after connection (neither the fact that a telnet session did not work nor the fact that the logs show an acceptance of data ever directly addressed.)

I could not get much out of them beyond a semi-canned response telling me I should re-check my connections and work with my ISP. I just never got to a support group high enough in the food chain.

I have to believe that a filter had been implemented somewhere in the stream directly behind their SMTP servers that blocked our IP address or possibly our domain.

But it works so who am I to complain?
ASKER
albevier

Seems I have to give out all or nothing in points and I couldn't leave you haning with nothing so you get it all. Thanks for working with me.
kieran_b

Good to hear that you sorted it out in the end - I would be very interested to see if it stays fixed now
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.