Solved

Exchange SMTP timeout for certain incoming sender domain if sender sends attachment

Posted on 2008-10-07
13
3,601 Views
Last Modified: 2012-05-05
I have a server with Exchange 2003 which fails to receive mail from certain outside domain if sender sends attachment. If sender from this same domain sends email without attachments it will arrive normally. I have this Exchange server behind Watchguard Edge firewall with port redirection configured. I sent mail with 15Mb attachment from other outside server and it did arrive normally.

So far I have updated NIC card drivers, lowered MTU to 1300 (tested with ping -f -l) and set smtp server timeout up to 20 minutes. I see constantly 2-3 open STMP sessions from this trouble domain, they will be cut at 20 minutes and after while they are back. From logs I found following:

2008-10-07 19:46:40 xxx.xxx.xxx.xxx sender.domain.fi server xxx.xxx.xxx.xxx EHLO 250 0 313 23 0 SMTP -
2008-10-07 19:46:40 xxx.xxx.xxx.xxx sender.domain.fi server xxx.xxx.xxx.xxx MAIL 250 0 52 51 0 SMTP -
2008-10-07 19:46:40 xxx.xxx.xxx.xxx sender.domain.fi server xxx.xxx.xxx.xxx RCPT 250 0 37 34 0 SMTP -
2008-10-07 19:46:40xxx.xxx.xxx.xxx sender.domain.fi server xxx.xxx.xxx.xxx MAIL 250 0 50 49 15 SMTP -
2008-10-07 19:46:40 xxx.xxx.xxx.xxx sender.domain.fi server xxx.xxx.xxx.xxx RCPT 250 0 37 34 0 SMTP -
2008-10-07 19:47:05 xxx.xxx.xxx.xxx sender.domain.fi server xxx.xxx.xxx.xxx TIMEOUT 121 2126935634 84 4 3625282 SMTP -

Also sender sent me delivery delayed message:

< sender.domain.fii #4.0.0 X-Symantec-Brightmail-Gateway; conversation with    receiver.domain.fi [xxx.xxx.xxx.xxx] timed out while sending message body>

So the connection time outs even if I have set timeout limit to 60min. What to do?
0
Comment
Question by:ObiLan
  • 5
  • 4
  • 3
  • +1
13 Comments
 
LVL 32

Expert Comment

by:gupnit
Comment Utility
Hi ObiLan.
I would trust my setup if I am not facing this problem from any other place. If the issue is only with this domain, then I would rather check with admin of the remote domain.
See, rather than changing your settings, verify from multiple external domains whether they are facing issues, if not, then it could be an issue with that particular domain itself and they got to look at their connectivity.
Thanks
Nitin
0
 
LVL 32

Expert Comment

by:dpk_wal
Comment Utility
Are you using SMTP proxy for the incoming traffic; if yes, may be the proxy is causing some problem; if that is the case we can configure incoming SMTP rule instead [normal packet filter]; we would leave the current service as configured and configure SMTP service as below:
Enabled; from specific-domain-public-ip; to internal-ip-addess-of-SMTP-server

Please check and update.

Thank you.
0
 

Author Comment

by:ObiLan
Comment Utility
It seems that now this problem is with several outside domains (max 5 I think). Server had McAfee Virusscan 8.5i installed but I uninstalled it. I tried to create another smtp connector but connections will hang there max time and time out also. I don't have proxy rule in firebox, only port forward rule.
0
 
LVL 32

Expert Comment

by:dpk_wal
Comment Utility
If only port forward rule then at least the firewall is not playing the spoil sport; as you have now also uninstalled McAfee then this only points to some server setting which can cause problem; I would not be able to assist you best with server, may be some other expert would be able to help you further with the server settings.

Thank you.
0
 

Author Comment

by:ObiLan
Comment Utility
OK, thanks anyway dpk_wal

I installed wireshark and looked what happens in protocol level and I get following packets with trouble domains:

Response code: 451
Response parameter: Timeout waiting for client input
0
 
LVL 32

Expert Comment

by:dpk_wal
Comment Utility
I think gupnit might be able to help here as he has already posted; check with the troubled domain admins if they can point out something.

Thank you.
0
Wish Marketing would stop bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

 

Author Comment

by:ObiLan
Comment Utility
It seems that those trouble domain admins has decided mostly to ignore me. I know that atleast one of them uses Symantec Mail Security which probably causes problems.

So I made workaround: I bought a relay service from local ISP where they add their server as a seconday in domain MX servers and it will just relay incoming messages to exchange server. This seems to work pretty well, though there is now extra 10-20min (10min timeout) delay for mails from these trouble domains.
0
 
LVL 32

Expert Comment

by:gupnit
Comment Utility
Hi,
Then you got to look at your ISP and talk to them about SLAs, 10 min is a huge time lag.
I would rather suggest get yourself unblocked from those domains. Can you elaborate what all have your tried. It seems I lost track of your quesiton and didn't get reminder mails.
Thanks
Nitin
0
 

Author Comment

by:ObiLan
Comment Utility
The original problem is that connections from some domains (~5 domains at the moment) to our exchange server will open but they will time out without any clear reason. The timeout value is 10mins. We tried to drop proxy from firewall, adjust MTU:s, adjust timeout but nothing seemed to help. If we put timeout to 30mins, connections from trouble domains will be open for 30min and timeout.

Our workaround was to put ISP mail server as secondary MX for domain so that after these trouble domains have timed out from our Exchange server, they will connect to ISP server which will will relay these mails back to our Exchange server. This will cause lag for these trouble domains, ISP server relays
mails immediately.
0
 
LVL 32

Expert Comment

by:gupnit
Comment Utility
Great, Like I hd said in the begining the remote domains could be an issue and the incoming working from ISP confirms the same.
Still we can use SMTPDiag to troubleshoot if there is any issue at your end.
Download and Use :: :http://www.microsoft.com/downloads/details.aspx?familyid=bc1881c7-925d-4a29-bd42-71e8563c80a9&displaylang=en
Let me know the results
Thanks
Nitin
0
 

Author Comment

by:ObiLan
Comment Utility
Hi Nitin

Sorry for delay  but all tests passed with Smtpdiag.

-Tomi
0
 
LVL 32

Accepted Solution

by:
gupnit earned 500 total points
Comment Utility
LIke I said....I would trust my setup !! You are clean as far as Exchange is concerned and well any Smart Host ?
Talk to those guys and see their network issues and test their Smart Host to your SMart host communication
Thanks
Nitin
0
 

Expert Comment

by:si-support
Comment Utility
One of our clients received this error message when trying to send an email with an attachment to us.  We are behind a Watchguard Firewall.  I had to go into the firewall and allow the ip addresses for the sender's mx record - Setup\Intrusion Prevention\Blocked Sites Exception.  The email was then able to be received.

-Roger
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video discusses moving either the default database or any database to a new volume.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now