?
Solved

returned email over 2 months late, running exchange and symantec smtp gateway 4  where was the problem?

Posted on 2008-10-04
7
Medium Priority
?
597 Views
Last Modified: 2013-12-09
Few days ago our email system was flooded with several thousand emails in a matter of minutes. All were bounce backs of legitmates emails sent out several months ago.

I am running Symantec smtp gateway 4 for AV filtering and exchange 2003.

Question iwhere were the bounce backs all this time, why did i get them now and not when i was supposed to. I know the emails came from the gateway but i'm not sure how to tell if they were generated at the original time and never delivered, generated a few days ago when it happened (if so, why did it take 2 months for it to generate a ndr) or could there be other reasons altogether.

I went into the gateway logs for one of the bounce backs. When i sent it originally the log states that Action:message delivery attemp failed , Last response: could not connect to server. Then i received a ndr a few days ago after sending it out 2 months ago.

Also, not sure if its relevant but i am running BGP and i had a failure of my primary ISP an hour before all this happened. The session wasn't shutdown properly and we never kicked over to our secondary isp. Our primary came back up within 2 minutes.

Big question, are are my bounce backs so late.
0
Comment
Question by:Cyclonus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 2

Expert Comment

by:Highspade
ID: 22643566
what is your smtp virtual servers email expiration timeout setting? you can find the information on the delivery tab.
0
 

Author Comment

by:Cyclonus
ID: 22643574
Expiration timeout setting is 2 days. Just to clarify, the NDR's are for old messages but the NDR's themselves appear to have been generated at the time we received them.
0
 
LVL 2

Expert Comment

by:Highspade
ID: 22643618
0
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

 

Author Comment

by:Cyclonus
ID: 22643693
Highspade,

I having been reading about the greylisting issue as well. Just earlier find a pretty large thread including some work arounds. My problem is how to confirm it is in fact a greylisting issue. I will contact a few of the companys i had ndrs for and try to find out if they use grey listing. Only reason i beilieve it isn't grey listing is one of the ndrs was from an email sent to a yahoo account. According to yahoo they don't use grey listing. Also for the ndr's to suddenly start going nuts, it requires a restart of the server, smtp service or mail storage group. I can't seem to find any indication of either of those being restarted. Event logs dont show anything right before it happened.  So i'm still looking.
0
 
LVL 1

Expert Comment

by:livegirllove
ID: 24751689
Hmm.  I just had the same thing happen at a client site.  recived 3 NDRs all generated at close tothe same time for emails sent and accorfing to message tracking rejected up to 2 monthes ago.  I dont use any of the products above.  Exchange 2003 fully patched.  2 day exiration on delivery attempts.
0
 
LVL 1

Accepted Solution

by:
livegirllove earned 2000 total points
ID: 24751696
you may want to look at
http://forums.whirlpool.net.au/forum-replies-archive.cfm/896965.html

and

http://support.microsoft.com/default.aspx?scid=kb;EN-US;934709

says exchange 2003 borks on greylisted addresses from time to time.  That hotfix doesnt look like exactly the issue though..
0
 
LVL 1

Expert Comment

by:livegirllove
ID: 25755021
thanks but I think Highspade had the answer first...
0

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question