foad
asked on
Attachments from OUTSIDE email, take hours to deliver
We have a FE and BE exchange server, the FE is on a DMZ, BE is on local LAN. What is happening is emails with attachments take hours to deliver?
If i go into exchange system manager and look at queue under FE, it shows the link with BE is in the "retry" state and if i go into there and look at waiting emails they all have attachments. I can "force" connection, still no good. It comes back with "the connection was dropped by remote host"???
If i let it wait, it will eventually; about 4-6 hrs, deliver the email locally??
What can i check ???
If i go into exchange system manager and look at queue under FE, it shows the link with BE is in the "retry" state and if i go into there and look at waiting emails they all have attachments. I can "force" connection, still no good. It comes back with "the connection was dropped by remote host"???
If i let it wait, it will eventually; about 4-6 hrs, deliver the email locally??
What can i check ???
Andres Perales
Do you have some sort of antivirus installed on those exchange servers? if so check to see if those systems are the root cause of the problem...that is where I would start.
ASKER
Yes, symantec for exchange on FE and symantec for server on BE. I don't see anything wrong with their setup????
are you running the antivirus client on those servers? If so uninstall...also to test, disable the symantec for exchange on your exchange servers to see if that makes a difference.
Another outstanding reason why Exchange FEs don't go in the DMZ
ASKER
well some of us HAVE to do it that way for PCI standards. Ok i have tested everything, still emails with attachments (1) meg or larger take hours to get delivered?
>>well some of us HAVE to do it that way for PCI standards.
I am aware of no standards which force you to weaken security to qualify.
Have you uninstalled the Symantec software yet?
I am aware of no standards which force you to weaken security to qualify.
Have you uninstalled the Symantec software yet?
ASKER
yes, still any email with an attachment over 200k, stays in "queue" directory until about (8) hrs later. I'm at a loss here, nothing seems to make them go through.
All i can say is that we never had this issue before we split exchnage from "basic"; behind firewall to FE/BE.
All i can say is that we never had this issue before we split exchnage from "basic"; behind firewall to FE/BE.
What more can I say - remove the FE from the DMZ and replace it with ISA - Exchange servers in the DMZ weaken security, and are a bad, bad idea
ASKER
LOL, wish i could, but we have to use DMZ. Where can i find the correct setup for "FE/BE" as far as virtual smtp, and all as i've read numerous cases that say:
The number one reason for mail delivery failure in these circumstances is a smart host on the SMTP Virtual Server on the original server.
ESM, Servers, <your server>, Protocols, SMTP. Right click on the Default SMTP VS and choose Properties. Click on the tab Delivery and then Advanced. Ensure that smart host is blank.
If you need to use a smart host for delivery then use an SMTP Connector instead.
And i have no clue if this is what i should do or how to do it, as the person who "split" our setup does not work here and we have not been able to contact them...
Al
The number one reason for mail delivery failure in these circumstances is a smart host on the SMTP Virtual Server on the original server.
ESM, Servers, <your server>, Protocols, SMTP. Right click on the Default SMTP VS and choose Properties. Click on the tab Delivery and then Advanced. Ensure that smart host is blank.
If you need to use a smart host for delivery then use an SMTP Connector instead.
And i have no clue if this is what i should do or how to do it, as the person who "split" our setup does not work here and we have not been able to contact them...
Al
>>And i have no clue if this is what i should do or how to do it,
I doubt that is your problem - if it were, it would probably reject mail completely, not just add a delay.
Has this delay been there from the beginning of the FE/BE split?
Unfortunately, I don't really know how much use I am going to be to you now - when I hit a situation like this commercially, I fix it by not using and Exchange FE, but rather an ISA FE. The only options I can give you are call Microsoft (or if you are cunning, buy a technet subscription and use one of the free calls you get with that) - or get an Exchange consultant in (but I imagine they will tell you to pull the FE from the DMZ).
MS actually do support an FE in the DMZ, but I know of no other Exchange MVPs that recommend it - still, it means that MS support (if you call them) *should* be able to get it working and fix it.
I doubt that is your problem - if it were, it would probably reject mail completely, not just add a delay.
Has this delay been there from the beginning of the FE/BE split?
Unfortunately, I don't really know how much use I am going to be to you now - when I hit a situation like this commercially, I fix it by not using and Exchange FE, but rather an ISA FE. The only options I can give you are call Microsoft (or if you are cunning, buy a technet subscription and use one of the free calls you get with that) - or get an Exchange consultant in (but I imagine they will tell you to pull the FE from the DMZ).
MS actually do support an FE in the DMZ, but I know of no other Exchange MVPs that recommend it - still, it means that MS support (if you call them) *should* be able to get it working and fix it.
ASKER
Thanks for the quick response, i'll be calling Microsoft to open a ticket...
I'll update this question as i go...
Al
I'll update this question as i go...
Al
Excellent - let us know how you get on.
ASKER
OK, while i;m waiting for ticket, I've been doing some more digging, and this is what i've found on the BE server in the IIS logs:
17:05:51 FEmailserver EHLO - 250
17:05:51 FEmailserver x-exps - 0
17:05:51 FEmailserver x-link2state - 200
17:05:51 FEmailserver MAIL - 250
17:05:51 FEmailserver RCPT - 250
17:05:51 FEmailserver xexch50 - 354
17:05:51 FEmailserver BDAT - 250
17:05:51 FEmailserver MAIL - 250
17:05:51 FEmailserver RCPT - 250
17:05:51 FEmailserver xexch50 - 354
17:05:51 FEmailserver BDAT - 250
17:05:51 FEmailserver MAIL - 250
17:05:51 FEmailserver RCPT - 250
17:05:51 FEmailserver xexch50 - 354
is this normal?
and what does it all mean?
17:05:51 FEmailserver EHLO - 250
17:05:51 FEmailserver x-exps - 0
17:05:51 FEmailserver x-link2state - 200
17:05:51 FEmailserver MAIL - 250
17:05:51 FEmailserver RCPT - 250
17:05:51 FEmailserver xexch50 - 354
17:05:51 FEmailserver BDAT - 250
17:05:51 FEmailserver MAIL - 250
17:05:51 FEmailserver RCPT - 250
17:05:51 FEmailserver xexch50 - 354
17:05:51 FEmailserver BDAT - 250
17:05:51 FEmailserver MAIL - 250
17:05:51 FEmailserver RCPT - 250
17:05:51 FEmailserver xexch50 - 354
is this normal?
and what does it all mean?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.