Solved

Exchange SMTP timeout for certain incoming sender domain if sender sends attachment

Posted on 2008-10-07
13
3,624 Views
Last Modified: 2012-05-05
I have a server with Exchange 2003 which fails to receive mail from certain outside domain if sender sends attachment. If sender from this same domain sends email without attachments it will arrive normally. I have this Exchange server behind Watchguard Edge firewall with port redirection configured. I sent mail with 15Mb attachment from other outside server and it did arrive normally.

So far I have updated NIC card drivers, lowered MTU to 1300 (tested with ping -f -l) and set smtp server timeout up to 20 minutes. I see constantly 2-3 open STMP sessions from this trouble domain, they will be cut at 20 minutes and after while they are back. From logs I found following:

2008-10-07 19:46:40 xxx.xxx.xxx.xxx sender.domain.fi server xxx.xxx.xxx.xxx EHLO 250 0 313 23 0 SMTP -
2008-10-07 19:46:40 xxx.xxx.xxx.xxx sender.domain.fi server xxx.xxx.xxx.xxx MAIL 250 0 52 51 0 SMTP -
2008-10-07 19:46:40 xxx.xxx.xxx.xxx sender.domain.fi server xxx.xxx.xxx.xxx RCPT 250 0 37 34 0 SMTP -
2008-10-07 19:46:40xxx.xxx.xxx.xxx sender.domain.fi server xxx.xxx.xxx.xxx MAIL 250 0 50 49 15 SMTP -
2008-10-07 19:46:40 xxx.xxx.xxx.xxx sender.domain.fi server xxx.xxx.xxx.xxx RCPT 250 0 37 34 0 SMTP -
2008-10-07 19:47:05 xxx.xxx.xxx.xxx sender.domain.fi server xxx.xxx.xxx.xxx TIMEOUT 121 2126935634 84 4 3625282 SMTP -

Also sender sent me delivery delayed message:

< sender.domain.fii #4.0.0 X-Symantec-Brightmail-Gateway; conversation with    receiver.domain.fi [xxx.xxx.xxx.xxx] timed out while sending message body>

So the connection time outs even if I have set timeout limit to 60min. What to do?
0
Comment
Question by:ObiLan
  • 5
  • 4
  • 3
  • +1
13 Comments
 
LVL 32

Expert Comment

by:gupnit
ID: 22669682
Hi ObiLan.
I would trust my setup if I am not facing this problem from any other place. If the issue is only with this domain, then I would rather check with admin of the remote domain.
See, rather than changing your settings, verify from multiple external domains whether they are facing issues, if not, then it could be an issue with that particular domain itself and they got to look at their connectivity.
Thanks
Nitin
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22670077
Are you using SMTP proxy for the incoming traffic; if yes, may be the proxy is causing some problem; if that is the case we can configure incoming SMTP rule instead [normal packet filter]; we would leave the current service as configured and configure SMTP service as below:
Enabled; from specific-domain-public-ip; to internal-ip-addess-of-SMTP-server

Please check and update.

Thank you.
0
 

Author Comment

by:ObiLan
ID: 22671773
It seems that now this problem is with several outside domains (max 5 I think). Server had McAfee Virusscan 8.5i installed but I uninstalled it. I tried to create another smtp connector but connections will hang there max time and time out also. I don't have proxy rule in firebox, only port forward rule.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 32

Expert Comment

by:dpk_wal
ID: 22675279
If only port forward rule then at least the firewall is not playing the spoil sport; as you have now also uninstalled McAfee then this only points to some server setting which can cause problem; I would not be able to assist you best with server, may be some other expert would be able to help you further with the server settings.

Thank you.
0
 

Author Comment

by:ObiLan
ID: 22675830
OK, thanks anyway dpk_wal

I installed wireshark and looked what happens in protocol level and I get following packets with trouble domains:

Response code: 451
Response parameter: Timeout waiting for client input
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22675848
I think gupnit might be able to help here as he has already posted; check with the troubled domain admins if they can point out something.

Thank you.
0
 

Author Comment

by:ObiLan
ID: 22710216
It seems that those trouble domain admins has decided mostly to ignore me. I know that atleast one of them uses Symantec Mail Security which probably causes problems.

So I made workaround: I bought a relay service from local ISP where they add their server as a seconday in domain MX servers and it will just relay incoming messages to exchange server. This seems to work pretty well, though there is now extra 10-20min (10min timeout) delay for mails from these trouble domains.
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22710447
Hi,
Then you got to look at your ISP and talk to them about SLAs, 10 min is a huge time lag.
I would rather suggest get yourself unblocked from those domains. Can you elaborate what all have your tried. It seems I lost track of your quesiton and didn't get reminder mails.
Thanks
Nitin
0
 

Author Comment

by:ObiLan
ID: 22710862
The original problem is that connections from some domains (~5 domains at the moment) to our exchange server will open but they will time out without any clear reason. The timeout value is 10mins. We tried to drop proxy from firewall, adjust MTU:s, adjust timeout but nothing seemed to help. If we put timeout to 30mins, connections from trouble domains will be open for 30min and timeout.

Our workaround was to put ISP mail server as secondary MX for domain so that after these trouble domains have timed out from our Exchange server, they will connect to ISP server which will will relay these mails back to our Exchange server. This will cause lag for these trouble domains, ISP server relays
mails immediately.
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22710947
Great, Like I hd said in the begining the remote domains could be an issue and the incoming working from ISP confirms the same.
Still we can use SMTPDiag to troubleshoot if there is any issue at your end.
Download and Use :: :http://www.microsoft.com/downloads/details.aspx?familyid=bc1881c7-925d-4a29-bd42-71e8563c80a9&displaylang=en
Let me know the results
Thanks
Nitin
0
 

Author Comment

by:ObiLan
ID: 22718421
Hi Nitin

Sorry for delay  but all tests passed with Smtpdiag.

-Tomi
0
 
LVL 32

Accepted Solution

by:
gupnit earned 500 total points
ID: 22718835
LIke I said....I would trust my setup !! You are clean as far as Exchange is concerned and well any Smart Host ?
Talk to those guys and see their network issues and test their Smart Host to your SMart host communication
Thanks
Nitin
0
 

Expert Comment

by:si-support
ID: 23902164
One of our clients received this error message when trying to send an email with an attachment to us.  We are behind a Watchguard Firewall.  I had to go into the firewall and allow the ip addresses for the sender's mx record - Setup\Intrusion Prevention\Blocked Sites Exception.  The email was then able to be received.

-Roger
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question