SMTP connector protocol event sink error
I am having a very odd problem with SMTP protocol sink error. Everything I've found points to dns, but all dns looks good, dnsdiag is not throwing any errors, etc. Here is the config:
Server uses Exchange Hosted Services for inbound and outbound email. Also uses Exchange hosted archive service. To complicate matters further, most users are using IMAP to get to the server, and relaying their sent mail through the server.
To lock down SMTP so it only received anonymous inbound mail from EHS servers, I did the following:
Set up default SMTP connector to NOT use anonymous authentication. Only authenticated users can send or relay mail. This connector is forced to IP 192.168.1.3 and has a one-to-one NAT in the firewall to a public IP. Users connect to this public IP on port 25, authenticate, and relay email. This is all working just fine, mail to internal Exchange users and external internet users is flowing correctly (as long as the users can actually connect to port 25 from their ISP). I call this connector "Inbound Authenticated Email".
Second SMTP connector set up for anonymous inbound email, but connection restrictions set up to only allow email from EHS server farm. This connector is force to 192.168.1.4 and is mapped to another public IP in the firewall. EHS is set to send all inbound mail to this IP only. This is working, it blocks anonymous connections from everyone but EHS, and inbound email is flowing fine.
Now, BOTH smtp connectors are set to use mail.global.frontbridge.co
Here's where it gets even more complicated:
I also use Exchange Journaling to journal ALL email to the EHS archive. The setup is like this: I have a mail enabled contact with the SMTP address of the archive user, and the mailbox store is set to journal to that contact. All mail seems to be journaled to the correct address, and mail sent to the archive address seems to randomly pick an SMTP connector to send out on. If it goes out the "Inbound Authenticated Email" connector all is well, it is delivered to the smart host. However, if it happens to pick "Inbound EHS Email" as a route, it stops in queue with an error "The connection was dropped due to an SMTP protocol event sink". Problem with DNS? Not that I can find. Here's the interesting part: If I stop and restart "inbound EHS email" SMTP connector, just once, the email in queue disappears. It looks like it all goes out the "Inbound Authenticated Email" connector. Then, mail starts building up in the "Inbound EHS email" queue again, all destined for the archive.
I mentioned the NDR issue above because there is also this symptom: All NDR's send through "Inbound EHS email" connector also generate the protocol sink error. The only thing in the queue for "inbound EHS email" connector are NDR's and journaled emails. OTHER EMAIL IS SENT TO THE SMARTHOST! Also, everything is sent to the smart host on the other connector, and there are never any NDR's in queue on that connector.
Since I have a smart host on both connectors, the expected behavior is I will never have anything in queue at all.
Of course, EHS/Microsoft has wiped their hands of this problem entirely, due to complexity. I thought I'd post here before I paid for an M$ "Support" call.
Here are SMTP log entries for both types, with names changed to protect the innocent:
Archive email on the connector that doesn't make it (note the FROM address is blank, I did not remove it, but I think the envelope in journaling doesn't set a from address).
213.199.154.22 - OutboundConnectionResponse
213.199.154.22 - OutboundConnectionCommand [05/Aug/2008:09:20:38 -0800] "EHLO -?mail.mydomain.com SMTP" 0 4
213.199.154.22 - OutboundConnectionResponse
213.199.154.22 - OutboundConnectionCommand [05/Aug/2008:09:20:38 -0800] "MAIL -?FROM:<> SIZE=50088 SMTP" 0 4
Here is a log snippet from the other connector, that does make it:
216.32.180.22 - OutboundConnectionResponse
216.32.180.22 - OutboundConnectionCommand [05/Aug/2008:09:26:43 -0800] "EHLO -?outbound.mydomain.com SMTP" 0 4
216.32.180.22 - OutboundConnectionResponse
216.32.180.22 - OutboundConnectionCommand [05/Aug/2008:09:26:43 -0800] "MAIL -?FROM:<> SIZE=7255 SMTP" 0 4
216.32.180.22 - OutboundConnectionResponse
216.32.180.22 - OutboundConnectionCommand [05/Aug/2008:09:26:43 -0800] "RCPT -?TO:<copy.1234@archive.me
216.32.180.22 - OutboundConnectionResponse
216.32.180.22 - OutboundConnectionCommand [05/Aug/2008:09:26:43 -0800] "DATA - SMTP" 0 4
216.32.180.22 - OutboundConnectionResponse
216.32.180.22 - OutboundConnectionResponse
216.32.180.22 - OutboundConnectionCommand [05/Aug/2008:09:26:44 -0800] "QUIT - SMTP" 0 4
216.32.180.22 - OutboundConnectionResponse
I've compared the settings on both connectors, and other than the settings that are different because of their purpose (i.e. connection filters on the inbound EHS, anonymous auth on the inbound authenticated connector), they are identical, including the smart host setting. I've also checked to make sure EHS lists the external public IP's of both connectors as valid relay hosts.
So, let's call this one a "selective" SMTP protocol event sink problem. :-)
Could still be a DNS issue, but limited to NDR's and journaled email, and only on ONE SMTP connector?
Anybody have any ideas?
Server uses Exchange Hosted Services for inbound and outbound email. Also uses Exchange hosted archive service. To complicate matters further, most users are using IMAP to get to the server, and relaying their sent mail through the server.
To lock down SMTP so it only received anonymous inbound mail from EHS servers, I did the following:
Set up default SMTP connector to NOT use anonymous authentication. Only authenticated users can send or relay mail. This connector is forced to IP 192.168.1.3 and has a one-to-one NAT in the firewall to a public IP. Users connect to this public IP on port 25, authenticate, and relay email. This is all working just fine, mail to internal Exchange users and external internet users is flowing correctly (as long as the users can actually connect to port 25 from their ISP). I call this connector "Inbound Authenticated Email".
Second SMTP connector set up for anonymous inbound email, but connection restrictions set up to only allow email from EHS server farm. This connector is force to 192.168.1.4 and is mapped to another public IP in the firewall. EHS is set to send all inbound mail to this IP only. This is working, it blocks anonymous connections from everyone but EHS, and inbound email is flowing fine.
Now, BOTH smtp connectors are set to use mail.global.frontbridge.co
Here's where it gets even more complicated:
I also use Exchange Journaling to journal ALL email to the EHS archive. The setup is like this: I have a mail enabled contact with the SMTP address of the archive user, and the mailbox store is set to journal to that contact. All mail seems to be journaled to the correct address, and mail sent to the archive address seems to randomly pick an SMTP connector to send out on. If it goes out the "Inbound Authenticated Email" connector all is well, it is delivered to the smart host. However, if it happens to pick "Inbound EHS Email" as a route, it stops in queue with an error "The connection was dropped due to an SMTP protocol event sink". Problem with DNS? Not that I can find. Here's the interesting part: If I stop and restart "inbound EHS email" SMTP connector, just once, the email in queue disappears. It looks like it all goes out the "Inbound Authenticated Email" connector. Then, mail starts building up in the "Inbound EHS email" queue again, all destined for the archive.
I mentioned the NDR issue above because there is also this symptom: All NDR's send through "Inbound EHS email" connector also generate the protocol sink error. The only thing in the queue for "inbound EHS email" connector are NDR's and journaled emails. OTHER EMAIL IS SENT TO THE SMARTHOST! Also, everything is sent to the smart host on the other connector, and there are never any NDR's in queue on that connector.
Since I have a smart host on both connectors, the expected behavior is I will never have anything in queue at all.
Of course, EHS/Microsoft has wiped their hands of this problem entirely, due to complexity. I thought I'd post here before I paid for an M$ "Support" call.
Here are SMTP log entries for both types, with names changed to protect the innocent:
Archive email on the connector that doesn't make it (note the FROM address is blank, I did not remove it, but I think the envelope in journaling doesn't set a from address).
213.199.154.22 - OutboundConnectionResponse
213.199.154.22 - OutboundConnectionCommand [05/Aug/2008:09:20:38 -0800] "EHLO -?mail.mydomain.com SMTP" 0 4
213.199.154.22 - OutboundConnectionResponse
213.199.154.22 - OutboundConnectionCommand [05/Aug/2008:09:20:38 -0800] "MAIL -?FROM:<> SIZE=50088 SMTP" 0 4
Here is a log snippet from the other connector, that does make it:
216.32.180.22 - OutboundConnectionResponse
216.32.180.22 - OutboundConnectionCommand [05/Aug/2008:09:26:43 -0800] "EHLO -?outbound.mydomain.com SMTP" 0 4
216.32.180.22 - OutboundConnectionResponse
216.32.180.22 - OutboundConnectionCommand [05/Aug/2008:09:26:43 -0800] "MAIL -?FROM:<> SIZE=7255 SMTP" 0 4
216.32.180.22 - OutboundConnectionResponse
216.32.180.22 - OutboundConnectionCommand [05/Aug/2008:09:26:43 -0800] "RCPT -?TO:<copy.1234@archive.me
216.32.180.22 - OutboundConnectionResponse
216.32.180.22 - OutboundConnectionCommand [05/Aug/2008:09:26:43 -0800] "DATA - SMTP" 0 4
216.32.180.22 - OutboundConnectionResponse
216.32.180.22 - OutboundConnectionResponse
216.32.180.22 - OutboundConnectionCommand [05/Aug/2008:09:26:44 -0800] "QUIT - SMTP" 0 4
216.32.180.22 - OutboundConnectionResponse
I've compared the settings on both connectors, and other than the settings that are different because of their purpose (i.e. connection filters on the inbound EHS, anonymous auth on the inbound authenticated connector), they are identical, including the smart host setting. I've also checked to make sure EHS lists the external public IP's of both connectors as valid relay hosts.
So, let's call this one a "selective" SMTP protocol event sink problem. :-)
Could still be a DNS issue, but limited to NDR's and journaled email, and only on ONE SMTP connector?
Anybody have any ideas?
ASKER
Not an NDR, it is an envelope journal in the queue.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
So what you are looking at in those logs is the NDR itself being delivered.