Solved

SBS 2003 R2 Exchange Mail Issue!

Posted on 2008-10-24
18
584 Views
Last Modified: 2013-11-30
I have a client running Widnows SBS 2003 R2 who is unable to send email to a couple of domains.  They can send email no problem to everyone else.  The bounce back message they are receving is
"The following recipient(s) cannot be reached:
      maintenance@hawkair.ca on 23/10/2008 4:12 PM
            Could not deliver the message in the time limit specified.  Please retry or contact your administrator.
            <barxh.com #4.4.7>"

The log at the other end shows the session just drops.  The message on the other end is:

2008-10-23 18:46:12 1Kt8wS-0007rD-3k == ian@barxh.com R=lookuphost T=remote_smtp defer (-18): Remote host mail.barxh.com [24.66.32.247] closed connection in response to end of data

Any ideas would be of great assistance!  
0
Comment
Question by:DennisDavis
  • 6
  • 5
  • 5
  • +2
18 Comments
 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 22799331
Theoretically, if they can e-mail anywhere else, then the issue is not their server.

Check to make sure the server hasn't been blacklisted - go to DNSgoodies.com and use their "Spam Database Check" tool.
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 22799378
From a command prompt on the exchange (SBS) server do the following, have a watch handy:
TELNET mail.barxh.com 25
            How long does it take for a response from their server?
You can continue the conversation with
EHLO
MAIL FROM:<Email address>
RCPT TO:<Email address>
DATA
<Enter>
<Type whatever you feel like>
<Enter>
.   (That's a Period)
<Enter>
QUIT
 
What errors did you receive at any point of the conversation?
0
 
LVL 9

Expert Comment

by:ThaVWMan
ID: 22799392
Most likely the domains that you are trying to send to that do not allow the mail to come through are using either some sort of SPF lookup, or another DNS blacklist tool.  Given that you are working with SBS, I would venture to say that your customer is using either a cable modem or DSL line to get to the internet.  This is a common problem for SBS users now that more and more companies are trying to combat spam.  The best solution in this situation is to use a smart host.  This will most likely resolve your issue, and is better all around so that your mail is not blocked by other servers.  At the very least you need to set up a SPF record for the domain, regardless whether or not you use a smart host or not.
0
 
LVL 9

Expert Comment

by:ThaVWMan
ID: 22799417
Im sorry.. I did not finish my statement in my last post.  Being that you are most likely on a cable modem or DSL line, your customer's IP address is not considered well known.  A lot of email servers will just drop the connection when any mail trys to come from an IP like that, as well as if your IP is on a blacklist.  If you have an SPF record set up stating that official mail really does come from that IP, it can help things.  But this only helps if the receiving server is set up to check SPF records.
0
 

Author Comment

by:DennisDavis
ID: 22799418
the response is almos intantaneous..  i also see the message being delivered via smtp to antispam.sibername.com.  shortly after that i get the NDR.  Not sure if maybe this spamfiltering server is the problem however I am having the same problem sending to another customer who is not using a 3rd party spam filtering service..
0
 
LVL 8

Expert Comment

by:Jeff Perry
ID: 22799480
Sounds to me like the maintenance@hawkair.ca can be found but cannot deliever to the associated mailbox. It could be full or it could be denying mail from outside addresses. Or any number of things along those lines

Numeric Code: 4.4.7

Possible Cause: The message in the queue has expired. The sending server tried to relay or deliver the message, but the action was not completed before the message expiration time occurred. This NDR may also indicate that a message header limit has been reached on a remote server or that some other protocol timeout occurred during communication with the remote server.
Troubleshooting: This code typically indicates an issue on the receiving server. Verify the validity of the recipient address, and verify that the receiving server is configured to receive messages correctly. You may have to reduce the number of recipients in the header of the message for the host that you are receiving this NDR from. If you resend the message, it is placed in the queue again. If the receiving server is on line, the message is delivered.
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 22799484
Looking at ThaVWMan's point "The best solution in this situation is to use a smart host."

Unless you have the necessary MX records for your domain pointing to your server, you should be using a smart host.  Typically your ISP will provide this at little or no charge.
0
 
LVL 12

Expert Comment

by:florin_s
ID: 22799499
Hi,

Found this ip 72.55.137.108 listed in a black list, check your self

http://www.mxtoolbox.com/blacklists.aspx?IP=72.55.137.108
0
 

Author Comment

by:DennisDavis
ID: 22799504
I have verified our mail server is not an open relay and is not on any blacklists.  The connection is indeed a DSL connection but it is business class with a static IP address.  The mail tests seem to check out fine.  I don't believe we have any SPF records though.  We cannot send mail in either direction from these two companies...
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 22799524
Is the recipeint e-mail address the same as the domain of the server rejecting the message?

maintenance@hawkair.ca -versus- barxh.com
0
 

Author Comment

by:DennisDavis
ID: 22799575
i am trying to send an email from ian@barxh.com to maintenance@hawkair.ca.  It appears as though hawkair is routing their mail through antispam.sibername.com.  Based on florins response that IP address is blacklisted.  I have checked myself.  How can a spamfiltering service be blacklisted??
0
 
LVL 9

Expert Comment

by:ThaVWMan
ID: 22799628
It must not be a very good spam "filtering" service... maybe its just a spam service :-)

You may get this particular problem fixed with this company, but I can almost bet youll run into this again down the road.  Smarthosting is the best route, even if you are on a static IP and "business class" DSL.
0
 

Author Comment

by:DennisDavis
ID: 22799702
I have adjust some spam filter settings on our firewall so we will see what happens now.  How does the smarthosting work?
0
 
LVL 9

Expert Comment

by:ThaVWMan
ID: 22799743
You would set up exchange to send all outgoing mail through your smarthost.  Usually this is your ISP, which is on the "well known" email server list.  This way your mail has the best chance of being accepted by remote domains.  To set a smart host, you open up system manager, go down to connectors, goto the SBS SMTP connector, and the first tab under properties is a line that says "Use DNS To Route Mail" or "Forward all mail through the follwing smarthost".  Change it to the smarthost option, restart SMTP, and you should be good to go.
0
 
LVL 9

Expert Comment

by:ThaVWMan
ID: 22799767
Usually you can call your ISP and ask them if they allow smarthosting.  Or, usually, their smarthost server would be "smtp.yourispdomain.com"
0
 

Author Comment

by:DennisDavis
ID: 22799892
ok thanks I will look into this.  This is a full time job just trying to deal with email issues on SBS....
0
 
LVL 19

Expert Comment

by:Delphineous Silverwing
ID: 22799949
Usually Mail Administration is a full time job  ;-)
0
 

Accepted Solution

by:
DennisDavis earned 0 total points
ID: 23037830
turns out this was being cause by the filters in our firewall.  There was a bug in the firmware which was causing some issues with attachments so we updated the firmware, reapplied the filters and all was good.  Thanks for your help.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now