Solved

Unable to receive email from people using Lotus Notes

Posted on 2008-06-11
27
684 Views
Last Modified: 2013-12-18
Hello All,

We are using Microsoft Exchange Server 2003 SP2 and for the past 6 months we have been unable to receive email from people using Lotus Notes.

The users trying to send us email work for very large companies so I'm sure their email servers are tied down pretty tight.  Here's the problem - When we send email via our MS Exchange Server 2003 to people using Lotus Notes, the message goes through and is received just fine.  When the Lotus Notes user replys to the email, they get a timed-out NDR after X minutes.

Here's one of the NDRs the Lotus Notes user has received:

The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < mlnyc904er.ml.com #4.0.0 X-Postfix; conversation with    pcescorpserver.pcescorp.com[64.207.246.11] timed out while sending RCPT TO>

Does anyone know what needs to be done, on either side, to get these emails to stop timing out and go through?  I've discussed this issue with the people who host our DNS and they told me there's nothing else they can do.  We've added a SPF record, tried correcting any issues reported in DNSSTUFF.com.

Any thoughts?

Thanks.
0
Comment
Question by:Bob Berryman
  • 15
  • 12
27 Comments
 
LVL 17

Expert Comment

by:fgrushevsky
Comment Utility
I did a quick check and, indeed, the response from RCPT TO command takes a bit longer then usual when connecting to your server (mostly when user is not in your directory).
It is not DNS or SPF issue.
I would check your GCs performance to see why lookup takes a bit of long time. Also, do you have anything unusual in your recipient policies?
0
 
LVL 1

Author Comment

by:Bob Berryman
Comment Utility
I checked my recipient policies - just the default settings there.

I don't mean to sound ignorant, but what do you mean by "check your GCs performance "?

Do you think there would be a DNS resolving issue between the 2 servers when an email is sent?
0
 
LVL 17

Expert Comment

by:fgrushevsky
Comment Utility
The delay seems to happened when your server checks if mail recipient exist in your environment.
At that moment, all possible DNS checks are executed prior to that. Your and sender system would already "act" if DNS checks would be unsucceful (direct lookup check, ptr reverse check,  helo domain check etc)
SPF is important, but only when you send mail. It does not affect your mail receiving.

slow recipient lookup on your system could be caused by GC performance, this is why I suggested  "check your GCs performance "
0
 
LVL 1

Author Comment

by:Bob Berryman
Comment Utility
I'm sorry, but what I meant earlier was what does GC stand for?  Again, sorry for the ignorance.
0
 
LVL 17

Expert Comment

by:fgrushevsky
Comment Utility
GC stands for Global catalog. one or more of your domain controllers are carrying this function
0
 
LVL 1

Author Comment

by:Bob Berryman
Comment Utility
I will check it and get back to you.  Thanks.
0
 
LVL 1

Author Comment

by:Bob Berryman
Comment Utility
In the middle of looking into this, I notice that the checkbox "Perform reverse DNS lookup on incoming messages" is checked in the properties of my SMTP virtual server.  Is this a correct setting or does this not have anything to do with the issue?
0
 
LVL 17

Expert Comment

by:fgrushevsky
Comment Utility
This is correct setting. When this settings enabled, your system takes IP address of the connecting system, perform reverse lookup and add results to the message header. Assuming that your DNS servers are working fine it would not have anything to do with this issue
0
 
LVL 1

Author Comment

by:Bob Berryman
Comment Utility
I have checked out a few different things.  Firdt, I looked in my DNS Event Viewer for any errors.  Here's one from 5/28/08:

Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4015
Date:            5/25/2008
Time:            2:00:45 AM
User:            N/A
Computer:      PCESCORPSERVER
Description:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 51 00 00 00               Q...    

Is this connected to my original issue?  I got this error 5 times within 1 minute.  It happened a month before that just like this one.  Also, I checked the Catagorizer Queue Length in the System Monitor - all results come back as normal (all at zeros).

Is there any other items I should be checking?
0
 
LVL 17

Expert Comment

by:fgrushevsky
Comment Utility
well, this is quite serious error. It could cause your issue(s)
there are many reasons for this error, depending on your AD configuration and history (what domain controllers you had before, what changed etc)
You might want to check these links
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_21301445.html
http://support.microsoft.com/kb/267855/EN-US/
http://www.chicagotech.net/troubleshooting/eventid4004.htm
0
 
LVL 1

Author Comment

by:Bob Berryman
Comment Utility
I reviewed the links you referenced. Our configuration is only 1 DC with about 30 users so the multiple DC configuration tips would not apply to us.  The DNS Server service is running just fine - as of now.  All users are able to access domain and domain features.  No one has reported any connectivity issues with our network.

Our server is configured to auto reboot after updates have been installed overnight.  Is it possible that these errors are just from the DNS Server service starting before the AD is loaded during the reboot process?  The errors are reporting during the overnight hours.
0
 
LVL 1

Author Comment

by:Bob Berryman
Comment Utility
ok - here's another Event ID log message.  This is not an error - just an informational log.

Event Type:      Information
Event Source:      DNS
Event Category:      None
Event ID:      5504
Date:            6/9/2008
Time:            12:08:53 PM
User:            N/A
Computer:      PCESCORPSERVER
Description:
The DNS server encountered an invalid domain name in a packet from 204.2.178.133. The packet will be rejected. The event data contains the DNS packet.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: db 37 84 00 01 00 08 00   Û7„.....
0008: 00 00 00 00 0f 63 61 63   .....cac
0010: 68 65 30 31 2d 6d 75 73   he01-mus
0018: 69 63 30 32 0a 6d 79 73   ic02.mys
0020: 70 61 63 65 67 65 6f 06   pacegeo.
0028: 61 6b 61 64 6e 73 03 6e   akadns.n
0030: 65 74 00 00 1c 00 01 c0   et.....À
0038: 0c 00 05 00 01 00 00 01   ........
0040: 2c 00 1a 0f 63 61 63 68   ,...cach
0048: 65 30 31 2d 6d 75 73 69   e01-musi
0050: 63 30 32 07 6d 79 73 70   c02.mysp
0058: 61 63 65 c0 27 c0 43 00   aceÀ'ÀC.
0060: 01 00 01 00 00 00 1e 00   ........
0068: 04 d8 b2 2c 0d c0 43 00   .ز,.ÀC.
0070: 01 00 01 00 00 00 1e 00   ........
0078: 04 d8 b2 2e 0b c0 43 00   .ز..ÀC.


Perhaps this is referring to the emails these companies are sending us but we never get, ultimately resulting in a timed-out NDR for the sender?
0
 
LVL 17

Expert Comment

by:fgrushevsky
Comment Utility
this is not a problem, and it is not refering to your emails issues
there are several posible causes for this issue. Most likely it could be because of NDR's that your server is trying to send back to the spammer (and spammer address was spoofed)
0
The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

 
LVL 1

Author Comment

by:Bob Berryman
Comment Utility
Back to your comment "The delay seems to happened when your server checks if mail recipient exist in your environment.
At that moment, all possible DNS checks are executed prior to that. Your and sender system would already "act" if DNS checks would be unsucceful (direct lookup check, ptr reverse check,  helo domain check etc)
SPF is important, but only when you send mail. It does not affect your mail receiving.

slow recipient lookup on your system could be caused by GC performance, this is why I suggested  "check your GCs performance ", would the sender receive a timed-out NDR for their message after it has cleared the DNS checks?  I would think that once the their server gets a DNS "all clear" so to speak or the DNS resolves, they wouldn't receive NDRs for issues on our server.  Unless the 2 server's handshake is not initiating.  

Am I just completely wrong?
0
 
LVL 17

Accepted Solution

by:
fgrushevsky earned 500 total points
Comment Utility
ok, here how it goes.
Server S is sending server in the domain abc.com (sending domain). It has a message for xyz.com domain (your domain).
Server S queries its DNS for MX record for xyz.com and gets server R.xyz.com (your server) as receiving server for domain xyz.com.
The server S obviously also queries DNS for IP address of the server R.xyz.com .

Next thing server S open connection to server R on port 25
Server R received incoming connection from xx.zz.yy.dd IP address (this is address of server S)
Server R performs reverse lookup of this IP address and get S.abc.com - the name of server S.   If lookup is succesful, and there is no rules on server R that would prevent acception connections from S, the server R would greet server S in following fashion:

"220 pcescorpserver.pcescorp.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.
3959 ready at  Thu, 12 Jun 2008 13:16:30 -0500"


Server S initiates SMTP session by using "helo" command
helo s.abc.com

Server R receives helo command and verifies that the name in the helo command match to what was returned from reverse DNS check. If everything is in order, server R response OK to the helo command - see below ((250 means OK)

250 pcescorpserver.pcescorp.com Hello [204.10.132.12]


Server S continues SMTP session with "mail from" command
mail from: <sender@abc.com>
Server R accept the command, this is where you R server would check if there are any rules (policies) for accepting email from specific email address. If address is valid and there is no rules, server R response OK to the "mail from" command

"mail from: fil
250 2.1.0 abc@pcescorp.com....Sender OK"


Server S continues SMTP session with "rcpt to" command
rcpt to: <recipient@xyz.com>

Once server R receives this command, it goes to check that recipient@xyz.com exists within yout organization - i.e. such address does exist in your global address list.
If address does not exist, server R response is

rcpt to: joe
550 5.1.1 User unknown

If the address is valid server R response is:

rcpt to: jballard
250 2.1.5 jballard@pcescorp.com

The problem is that it takes a long time for your server to provide response for "rcpt to" command. All mail server will only wait a short period of time for a response. If timeout is exceeded, the sending server will close connection and return NDR to the sender.

Do you have any anti spam or antivirus products installed on your server? They may do additional checks and slow your server
Also, since you have SP2 installed, the anti-spam functionality that comes with it also might slow your server responses

http://msexchangeteam.com/archive/2005/07/18/407838.aspx
0
 
LVL 1

Author Comment

by:Bob Berryman
Comment Utility
Thank you for the in-depth explanation.  Yes, we have Symantic Antivirus 10.2 Corp. installed.

Then, is there a fix to this, like speeding our server response up or is the sender's time-out response set too high?
0
 
LVL 17

Assisted Solution

by:fgrushevsky
fgrushevsky earned 500 total points
Comment Utility
Within SMS, check how many RBL (real time black lists) you have installed.  see if removing them would solve the issue

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_22154756.html
0
 
LVL 1

Author Comment

by:Bob Berryman
Comment Utility
Will check.  Thanks so much for your help.  Here's some points.
0
 
LVL 1

Author Comment

by:Bob Berryman
Comment Utility
Our Symantec Antivirus version does not have SMS included.  Is there something else within Symantec that could be causing this?
0
 
LVL 17

Expert Comment

by:fgrushevsky
Comment Utility
what recipient filters do you have enabled?
0
 
LVL 1

Author Comment

by:Bob Berryman
Comment Utility
None.  There is a checkbox that is ticked - Filter recipients who are not in the Directory.  Is this correct?
0
 
LVL 17

Expert Comment

by:fgrushevsky
Comment Utility
any allow or deny lists?

also, check in registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMTPSVC\Parameters if you have TarpitTime listed there
0
 
LVL 1

Author Comment

by:Bob Berryman
Comment Utility
Nothing under Allow or Deny lists.  Do have the registry entry set at 5, which I'm assuming is default.
0
 
LVL 17

Expert Comment

by:fgrushevsky
Comment Utility
I believe default is no entry, which assumes value 0. Somebody has enabled tar pitting, setting 5 seconds delay for "RCPT TO" SMTP communications
Reduce the number - set it to 1 or 2. It should fix your issue
0
 
LVL 1

Author Comment

by:Bob Berryman
Comment Utility
Filter is enabled on my SMTP virtual server - both recipient and sender.  Is that the way it's supposed to be?
0
 
LVL 17

Expert Comment

by:fgrushevsky
Comment Utility
this is the way you (or somebody else) wanted to.  i would say it is OK
0
 
LVL 1

Author Comment

by:Bob Berryman
Comment Utility
Thanks a bunch for your help.  You are AWESOME!!!!
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now