Emails not coming through

Hi,
Did you have any changes made recently. Ask you ISP if there have been any changes.
Also, ask the Webmaster of the site to try to telnet to your Server on Prt 25 and see what happens. How are the mails originating and being received. Ask them to check their logs as to where are the mails being pushed to.
Check settings on Postini, see if those IDs are blocked etc.
Thanks
Nitin

i checked with my ISP and they said they do not filter our emails. ..i also checked with postini and they checked their logs and it seems nothing came through from the webmaster@test.com. is they anything i can do on the exchange server to track the messages? like using the logs on the server. please give step by step instructions.

Hi,
If nothing came to Postini, which inturn pushes mails to Exchange, then I doubt those mails would be there. Still goto ESM -> Tools -> Message Tracking and search for mails from that email address. I would rather check with Postini again or the Webmaster to do some tests.
Your mails are received at Postini and then moved to Exchange right?
Thanks
Nitin

go to the default smtp virtual server --> under general tab--> in the botton select NCSA in the drop down..
restart the smtp and MSexchange routing engine service.
now test a mail again.
do message tracking for that mail. {Make sure u enable message tracking before we do all this steps. for that go to server name properties in exchange system manager --> check the option for enable message tracking}

what does it show...... no result or does it show the mail came to exchange?
if no result then i am sure there is somethng before the exchange blockig it, if it found it then where is it stuck... ples paste the result.........

2) go to start-> run --> type in logfiles
open the ncsa log file and see if you see any connections made for that email...........

let me know the results......

---------x-sAm--------

so here is what i found in the log files. i picked this as an example of the email that is not coming through. What is weird though is that other emails from same domain as this address come through. i checked with postini and it appears that postini is letting these emails through. It appears they get to our server but they never get into our mailboxes.

X.x..x.x- psmtp.com [09/Jan/2009:10:10:45 -0600] "MAIL -? FROM: <webmasterb@test.com> SMTP" 250 55
y.y.y.y - psmtp.com [09/Jan/2009:10:10:45 -0600] "QUIT -?psmtp.com SMTP" 240 69
Z.z.z.z - psmtp.com [09/Jan/2009:10:10:45 -0600] "RCPT -? TO: <benjamin.button@company.org> SMTP" 250 34
p.p.p.p - psmtp.com [09/Jan/2009:10:10:45 -0600] "HELO -? psmtp.com SMTP" 250 45

Just to give a background of the problem, we initially had only on exchange called ex1 but we started having hardware problems some time in august 2008 so we bought a new server moved all mailboxes to the new server which we called ex2.
then we dismounted all the databases on ex1. emails started coming through fine to ex2 and everyone was happy. it has been working fine for months now. until 01/01/2009 when we started having sporadic emails not like the webmaster@logiforms not coming through.
Right now when we go into our system manager under first administrative -> servers we still have two servers ex1 and ex2.  Ex1 has all databases disabled and having it around has not caused any problems. Ex2 is what we are using right now.

i noticed one thing today when i go badmail under ex2 it is completelyy empty as well as pickup folder and queue folder. is that normal for an exchange server? I have disconnected ex1 and emails are still coming through to ex2 which tells me it is not the one causing the problem.

Yes its normal. Messages do not stuck in the pickup folder. if you find any emails stuck that means there is some issue. so Yours is good !
do we have any spam filterings on the server??

no, spam filtering other than AVG anti virus and i have excluded the databases and exchsrvr folder from being scanned.

it should also exclude inetpub and inetsrv too...
do a telnet localhost 25
ehlo


mail from:webmasterb@test.com
rcpt to:benjamin.button@company.org
data
Test mail from telnet
.
quit

see if u get the mail

if u try to telnet from webmaster@test.com to your exchange what do u get...... is connection dropping? can you ask them.....

one thing i noticed is when i go to message tracking on the ESM and try to search for a message it automatically defaults to my old exchange server ex1 instead of ex2. even when i do a search for ex2 i still end up with ex1 replacing ex2.

Do i need to delete the ex1 since i am not using it?

have you uninstalled it ? or is it shut down..? where is your MX record pointed? is it on the old server or the new one?

the mx-record is pointing to the new one. I have not uninstalled it yet. But i did shut it down. i simply changed the ip address of the new one to what was on the old one and also changed its name.

may i know your domain name?
or do Nslookup
then type
set =q=mx
domainname.com

see where it is pointing the MX to....

it is pointing to our domain. I found out something interesting about all the emails that are not reaching our server. they are all from alias email accounts. so these email addresses do not really exist. they are simply set up to send automatic emails to customers. say for example when you make a payment online it automatically sends you an email receipt. those emails are not coming through to our server.

DO you have any spam filterings on the exchange server? or before the exchange server? go to properties of default smtp virtual server and then go to advance botton..
see if any filters is enabled or not?
how is your inbound mail flow topology
for example is it somethng like :
Internet--> firewall--> spam filter--> exchange server

do this : on the command prompt:

do a telnet localhost 25
ehlo


mail from:webmasterb@test.com
rcpt to:benjamin.button@company.org
data
Test mail from telnet
.
quit

see if u get the mail

do i need to have someone from the other company with the webmaster@test.com try it out? thank you.

we have the internet->spam filtering(postini)->firewall ->exchange server . so i am able to see the emails in our postini spam filter (message center) but i cannot see these emails when i use message tracking. Is there setting in exchange that i may have enabled that is stopping these automatically generated emails from coming through?

under smtp virtual server i do not see anything. is there a specific setting that could be set that scans incoming emails in exchange? i know the intelliggent message filter is set to 9 and 8  and no action is selected.

no  no ..

just do this and tell me if you are getting the email........

Do the telnet thing first...
then .... lets move further
Ok.. now you said you see that the message came into Postini........
good..
Have you enabled the NCSA Logs?? which i had asked you to do long back....?
if no enable it on the default smtp virtual server (under general tab.. there is a drop down for that)
then restart the smtp service
then do a test again .........

and then
go to start-> run --> type in logfiles
open the ncsa log file
please attach the log file here.... it will clearly give us all the information...
if ther was any connection hiting exchage server and what happend...
please attach it....
txn

autoweb@test.com is the email we are having problems receving from. crystal.joe@trust.org is one of the domain email.

65.20.0.92 - psmtp.com [14/Jan/2009:09:59:45 -0600] "HELO -? psmtp.com SMTP" 250 45
65.20.0.83 - psmtp.com [14/Jan/2009:09:59:45 -0600] "DATA -? <20090114155154.AD9F844AE765@mailer1.shermanstravel.com> SMTP" 250 140
65.20.0.92 - psmtp.com [14/Jan/2009:09:59:45 -0600] "MAIL -? FROM: <autoweb@test.com> SMTP" 250 55
65.20.0.83 - psmtp.com [14/Jan/2009:09:59:45 -0600] "QUIT -?psmtp.com SMTP" 240 69
65.20.0.92 - psmtp.com [14/Jan/2009:09:59:45 -0600] "RCPT -? TO: <crystal.joe@trust.org> SMTP" 250 37
65.20.0.92 - psmtp.com [14/Jan/2009:09:59:46 -0600] "QUIT -?psmtp.com SMTP" 240 69
65.20.0.67 - psmtp.com [14/Jan/2009:09:59:48 -0600] "DATA -? <30054918.141231948860179.JavaMail.root@itt203> SMTP" 250 131
65.20.0.67 - psmtp.com [14/Jan/2009:09:59:48 -0600] "QUIT -?psmtp.com SMTP" 240 69
65.20.0.57 - psmtp.com [14/Jan/2009:09:59:51 -0600] "HELO -? psmtp.com SMTP" 2

Select allOpen in new window

i attempted the tenet and nothing happened after i enter quit. unless i am not doing it correctly. i performed the steps on our exchange server.

informations mentioned here are less . please attach the entire log...
i want to see where its breaking the sequence of mail...... thanks

or just sort out all the connections comming from :65.20.0.92
drom that log file....and paste it here

here are all the ones from 65.20.0.92 . autoinsuranceweb@test.com.com is the one having problems. is there something that might be preventing these emails from coming through? i know it all started on 12/31/2008. it only affected the emails that are auto generated from websites. Some come through and others do not.

Also when i did the telnet test from the exchange server the email did not come through. Could there be a setting in exchange that could be preventing me from performing that action?

65.20.0.92 - psmtp.com [14/Jan/2009:09:59:45 -0600] "HELO -? psmtp.com SMTP" 250 45
65.20.0.83 - psmtp.com [14/Jan/2009:09:59:45 -0600] "DATA -? <20090114155154.AD9F844AE765@mailer1.shermanstravel.com> SMTP" 250 140
65.20.0.92 - psmtp.com [14/Jan/2009:09:59:45 -0600] "MAIL -? FROM: <autoinsuranceweb@test.com.com> SMTP" 250 55
65.20.0.83 - psmtp.com [14/Jan/2009:09:59:45 -0600] "QUIT -?psmtp.com SMTP" 240 69
65.20.0.92 - psmtp.com [14/Jan/2009:09:59:45 -0600] "RCPT -? TO: <crystal.thomas@trust.com> SMTP" 250 37
65.20.0.92 - psmtp.com [14/Jan/2009:09:59:46 -0600] "QUIT -?psmtp.com SMTP" 240 69
 
65.20.0.92 - psmtp.com [14/Jan/2009:09:59:45 -0600] "HELO -? psmtp.com SMTP" 250 45
65.20.0.83 - psmtp.com [14/Jan/2009:09:59:45 -0600] "DATA -? <20090114155154.AD9F844AE765@mailer1.shermanstravel.com> SMTP" 250 140
65.20.0.92 - psmtp.com [14/Jan/2009:09:59:45 -0600] "MAIL -? FROM: <autoinsuranceweb@test.com.com> SMTP" 250 55
65.20.0.83 - psmtp.com [14/Jan/2009:09:59:45 -0600] "QUIT -?psmtp.com SMTP" 240 69
65.20.0.92 - psmtp.com [14/Jan/2009:09:59:45 -0600] "RCPT -? TO: <crystal.thomas@trust.com> SMTP" 250 37
65.20.0.92 - psmtp.com [14/Jan/2009:09:59:46 -0600] "QUIT -?psmtp.com SMTP" 240 69
 
65.20.0.92 - psmtp.com [14/Jan/2009:10:11:11 -0600] "HELO -? psmtp.com SMTP" 250 45
65.20.0.92 - psmtp.com [14/Jan/2009:10:11:11 -0600] "MAIL -? FROM:<andy@imajdesigns.net> SMTP" 250 45
65.20.0.92 - psmtp.com [14/Jan/2009:10:11:11 -0600] "RCPT -? TO:<tony.mullenger@trust.com> SMTP" 250 37
65.20.0.92 - psmtp.com [14/Jan/2009:10:11:12 -0600] "QUIT -?psmtp.com SMTP" 240 69
 
65.20.0.92 - psmtp.com [14/Jan/2009:10:13:34 -0600] "HELO -? psmtp.com SMTP" 250 45
65.20.0.92 - psmtp.com [14/Jan/2009:10:13:35 -0600] "MAIL -? FROM:<return@notacanthus.com> SMTP" 250 47
65.20.0.92 - psmtp.com [14/Jan/2009:10:13:35 -0600] "RCPT -? TO:<deanna.brook@trust.com> SMTP" 250 35
65.20.0.92 - psmtp.com [14/Jan/2009:10:13:36 -0600] "QUIT -?psmtp.com SMTP" 240 69
65.20.0.68 - psmtp.com [14/Jan/2009:10:13:38 -0600] "HELO -? psmtp.com SMTP" 250 45
65.20.0.68 - psmtp.com [14/Jan/2009:10:13:38 -0600] "MAIL -? FROM: <crumbling@obriley.com> SMTP" 250 46
65.20.0.68 - psmtp.com [14/Jan/2009:10:13:38 -0600] "RCPT -? TO: <shirley.fenton@trust.com> SMTP" 250 37
65.20.0.68 - psmtp.com [14/Jan/2009:10:13:39 -0600] "QUIT -?psmtp.com SMTP" 240 69

Select allOpen in new window

i tested the telnet it seems to work fine. i forgot to put the period before typing quit. but i still cannot get these emails to come through.

That was a great  information. The reason why i asked you to do that test is to check IF EXCHANGE HAS ANY ISSUES RECEIVING EMAILS FOR THAT DOMAIN..
since the mail came in that means its not the exchange server ....let me check the log... give me few minutes

here are the results
65.20.0.92 - psmtp.com [14/Jan/2009:09:59:45 -0600] "HELO -? psmtp.com SMTP" 250 45

65.20.0.92 - psmtp.com [14/Jan/2009:09:59:45 -0600] "MAIL -? FROM: <autoinsuranceweb@test.com.com> SMTP" 250 55

65.20.0.92 - psmtp.com [14/Jan/2009:09:59:45 -0600] "RCPT -? TO: <crystal.thomas@trust.com> SMTP" 250 37

65.20.0.92 - psmtp.com [14/Jan/2009:09:59:46 -0600] "QUIT -?psmtp.com SMTP" 240 69

Postini sends helo.... exchange responses with 250 45
then postini says mail from : autoinsuranceweb@test.com exchange accepts by saying 250 55

then postini says : rcpt to : crystal.thomas@trust.com exchagne says ok 250 37

BUT AFTER THAT POSTINI DIRECTLY QUITS !!!
so its postini who is the culprit !!

Just contact them and tell them whats happening....

Your issue is resolved ;-)

More over we did telnet localhost for that domain... and u got the mail --> that shows exchange do not have any issues receiving mail from that domain (test)

----x-SaM------

well i just checked with postini again. and they are claiming the problemis not on their side because they can see the emails in their spam filfer.

Postini  has a message center which you can set up to deliver emails to the user and still keep a copy of the email in the qurantine. that feature has been turned on for emails coming from test.com.
So when i log into the message center for our users i see the email sitting in quarantine. but when i select the email to be delivered to the users box it does not come through.  

so something is going on between the time the email reaches the spam filter and the time it gets delivered to the users box. postini is going to run some logs on their system to see what response they are getting from the time the email reaches them to the time they try to deliver it.

i will post as soon as i have something.

 

just show them the logs... i had a similar issue yesterday while i was helping one of the customers.
postili said the same. but when we showed the logs they agreed and fixed it...

They should help you

yes. Unfortunately they are still being adamant and are claiming. that the problem is with us. i am try to escalate the problem.

i was curious when looking at the ncsa.logs  for the exchange should all incoming emails have a:
ehlo
mail from:
rcpt to:
data:
quit:

for it to be delivered to the receipient? when i view the logs i see a lot of emails having only the first three and the last one as shown below.
ehlo:
mail from:
rcpt to:
quit:

please clarify. thank you.

Yes...
look here is how it goes in a normal senario..........

the one who sends u the mail here is Postini...
so it wil establish a connection to your exchange......
1) he wil do telnet and you wil give him the exchange banner.........
2) then postini wil put EHLO
--> exchange will show your VERBS...
3) POSTINI Will then send u mail from :autoinsuranceweb@test.com
--> In response to that exchange will give him SMTP" 250 55 (thats means sender OK)
4) then postini will ask RCPT TO:crystal.thomas@trust.com
--> EXCHANGE will check its AD and if finds the use it will give recipient OK [SMTP" 250 37]
5) then Postini says DATA:
--> EXCHANGE will say : start input data
6) postini will then send the data
once the data is sent completely popstini will send   "  .  " [DOT]
7) Exchange will say Message queud for delivery....

Then Postini quits the connection...

Thats HOW IT SHOULD WORK.... if u want to escalate, escalate it at postini end..
Dont waste time calling Microsoft ... You will get the same result at the end..
still if u are calling them... tell them our finding...
:-)

In your senario... exchange waits for Postini to send the DATA command...
but Postini directly Quits the connection......
No idea why they are doing that...........
So its Postini !!!
telnet Local host works as u said... so matter ends there.....


--Suraj ---

so i spoke to postini and they are saying that they are getting a 250 ok that the emails are being delivered. we are just going back and forth on the same issue. i showed them our logs but they they claim their system is saying the email has been delivered.

is there a way i can prove to them that the problem is on their end? because we are just going back and forth they re blaming my system and i am telling them the problem is on their end.

please advise thank you.

so i tried to get postini out of the picture and point my mx records directly to my server but the email did not come through stilll. i checked to see if the mail guard on our cisco asa 5510 was causing this problem. so  i turned off mail guard but that did not help here are the captures from wireshark that are showing that the connection is being reset.

the source email address is donotreply@test.com it never comes throught to the user amyy.keeling@trust.com. the ip address 143.61.195.4 is the ip address for the server that is relayin the messages to the emails to the server.

No.     Time        Source                Destination           Protocol Info
    322 30.560480   66.150.167.215        143.61.195.4          SMTP     Command: EHLO mail.federal.com
 
 
 
No.     Time        Source                Destination           Protocol Info
    323 30.561174   143.61.195.4          66.150.167.215        SMTP     Response: 250-HORMEL.trust.local Hello [66.150.167.215]
 
 
 
No.     Time        Source                Destination           Protocol Info
    324 30.562183   66.150.167.215        143.61.195.4          TCP      57074 > smtp [ACK] Seq=23 Ack=209 Win=5824 Len=0 TSV=820990275 TSER=6085009
 
 
 
No.     Time        Source                Destination           Protocol Info
    325 30.734611   66.150.167.215        143.61.195.4          SMTP     Command: MAIL FROM:<DoNotReply@test.com> SIZE=1366
 
 
 
No.     Time        Source                Destination           Protocol Info
    326 30.735196   143.61.195.4          66.150.167.215        SMTP     Response: 250 DoNotReply@test.com....Sender OK
 
 
 
No.     Time        Source                Destination           Protocol Info
    327 30.736308   66.150.167.215        143.61.195.4          TCP      57074 > smtp [ACK] Seq=67 Ack=248 Win=5824 Len=0 TSV=820990292 TSER=6085012
 
 
 
No.     Time        Source                Destination           Protocol Info
    328 30.736792   66.150.167.215        143.61.195.4          SMTP     Command: RCPT TO:<amy.keeling@trust.com>
 
 
 
No.     Time        Source                Destination           Protocol Info
    329 30.737036   143.61.195.4          66.150.167.215        SMTP     Response: 250 amy.keeling@trust.com
 
 
 
No.     Time        Source                Destination           Protocol Info
    330 30.771820   66.150.167.215        143.61.195.4          TCP      57074 > smtp [ACK] Seq=100 Ack=276 Win=5824 Len=0 TSV=820990296 TSER=6085012
 
 
No.     Time        Source                Destination           Protocol Info
    331 30.930135   66.150.167.215        143.61.195.4          SMTP     Command: rset
 
 
 
No.     Time        Source                Destination           Protocol Info
    332 30.930269   143.61.195.4          66.150.167.215        SMTP     Response: 250 Resetting
 
 
 
No.     Time        Source                Destination           Protocol Info
    333 30.931588   66.150.167.215        143.61.195.4          TCP      57074 > smtp [ACK] Seq=106 Ack=291 Win=5824 Len=0 TSV=820990311 TSER=6085014
 
 
 
No.     Time        Source                Destination           Protocol Info
    334 30.931830   66.150.167.215        143.61.195.4          SMTP     Command: QUIT
 
 
 
No.     Time        Source                Destination           Protocol Info
    335 30.931868   143.61.195.4          66.150.167.215        SMTP     Response: 221 HORMEL.aaaokla.local Service closing transmission channel
 
 
 
No.     Time        Source                Destination           Protocol Info
    336 30.931932   143.61.195.4          66.150.167.215        TCP      smtp > 57074 [FIN, ACK] Seq=354 Ack=112 Win=65424 [TCP CHECKSUM INCORRECT] Len=0 TSV=6085014 TSER=820990312
 
 
 
No.     Time        Source                Destination           Protocol Info
    337 30.933290   66.150.167.215        143.61.195.4          TCP      57074 > smtp [FIN, ACK] Seq=112 Ack=355 Win=5824 Len=0 TSV=820990312 TSER=6085014
 
 
 
No.     Time        Source                Destination           Protocol Info
    338 30.933307   143.61.195.4          66.150.167.215        TCP      smtp > 57074 [ACK] Seq=355 Ack=113 Win=65424 [TCP CHECKSUM INCORRECT] Len=0 TSV=6085014 TSER=820990312

Select allOpen in new window

What is the Ip address of your firewall to which Postini sends you email.
also give me a user's email address so that i will do a telnet to that ipaddres and try to send a mail to you.
if this comes to you then it will prove us that the issue is with Postini.
I am also reviewing your trace. Give me some time for that..

Thanks
Smm

actually i already tested that. when people from outside our company do telnets to our external ip address from outside verything works fine,i get the email fine without any problems.

now i was thinking maybe the ASA 5510 cisco firewall might be the problem according to this article http://support.microsoft.com/kb/295725 i disabled the smtp fixup but no success.

i tried to point the mx records straight back to us bypassing postini but that did not work it seems according to the wireshark logs above.

what else do you want to prove that postini is the culprit....

On cisco ASA you should disable "ESMTP PACKET INSPECTION." This is recomended by MS.

if i do a telnet to your mX which is on Postini.. you do not get mail...
but if i do a telnet to your firewall and if that mail goes.. then its definitely Not exchange server.. That makes sence right... :-)

One more good example........... i want you to copy the above trace you took to an excel sheet....

I am sure 66.150.167.215  is Postini...
If you check tht properly on the 45th line... where Postini is the Source..... it suddenly does a "RSET" Which means it Breaks the communication in between....

Postini never gives the Data part of it..
I agree to what x-sam said earlier.. we now has two proof with us...

what else do you want ;-)

Smm

And thats the thing 66.150.167.215 is not Postini's ip address it is the actual sender's ip address. this was after i pointed the MX records to my company directly. Bypassing the postini system. I thought doing  that would determine whether the problem was on our end. Which i am thinkin might be since pointing the MX to us still yielded the same result maybe the problem is on out end.
if it were coming through postini the ip address source would have been 65.20.x.x because they gave us a subnet which all their emails would come from.

One thig is clear for sure.. This is not an exchange issue for sure......

After pointing the Mx Back to your exchange server.......
Check the receive connector... on the network tab... what is mentioned in the remote IP range??
it should be 0.0.0.0 to 255.255.255.255 ... coz i have seen in many cases that ...if you are using Postini they recomend you to pur thiir range Only... just to receive connections from themm...

check and let me know...

can you give the step by step instructions on how to get to the network tab . is this on the ESM or is it on postini administrative page?

OOps... i am sorry for that comment... those were for exch 2007..
Ok the same settings we do have in ESM..
go to properties of Default Smtp virtual server--> Access tab--> connection..

what is selected there... and do you have any IPS listed in them ?

x-SaM

this ia what is selected "all except the list below".

i was also wondering could it be that the timeout our firewall is not long enough? because postini claims they are getting a "250 ok data has been received" from one of our devices for the emails that are not coming through.
 but they  get "250 queued mail for delivery" for the emails that are coming through.

 one other thing we did is we captured the traffic from postini (65.20.0.0 255.255.240.0) to our firewall (external ip for exchange server 65.207.0.235) and also traffic from postini(65.20.0.0 255.255.240.0) to our exchange server internal ip address(143.61.195.26)

we noticed that for the email that was not coming through traffic from postini--->firewall was showing a 250 ok data received.(helo,mail from,rcpt to,data,quit)
but for traffic from postini ---> exchange server internal ip address the  we were getting a 250 reset and then finally quit. (helo,mail from,rcpt to,rset,resetting,quit)

so i am not sure if the firewall is getting in the way or what. I have attached the results of the capture on the firewall

Postini to Firewall (enternal exchange Ip address)
 
No.     Time        Source                Destination           Protocol Info
   1005 117.873237  65.20.0.122           65.207.0.235        SMTP     C: MAIL FROM:<DoNotReply@test.org>
 
No.     Time        Source                Destination           Protocol Info
   1006 117.875739  65.207.0.235        65.20.0.122           SMTP     S: 250 2.1.0 DoNotReply@test.org....Sender OK
 
No.     Time        Source                Destination           Protocol Info
   1009 117.972002  65.20.0.122           65.207.0.235        SMTP     C: RCPT TO:<amy.john@trust.com
 
No.     Time        Source                Destination           Protocol Info
   1010 117.973772  65.207.0.235        65.20.0.122           SMTP     S: 250 2.1.5 amy.john@trust.com
 
No.     Time        Source                Destination           Protocol Info
   1015 118.159202  65.20.0.122           65.207.0.235       SMTP     C: DATA
 
No.     Time        Source                Destination           Protocol Info
   1016 118.159401  65.207.0.235        65.20.0.122           SMTP     S: 354 End data with <CR><LF>.<CR><LF>
 
No.     Time        Source                Destination           Protocol Info
   1029 118.441191  65.207.0.235        65.20.0.122           SMTP     S: 250 OK: data received
 
No.     Time        Source                Destination           Protocol Info
   1031 118.537225  65.20.0.122          65.207.0.235        SMTP     C: QUIT
 
 
Postini to Internal exchange Ip address
 
 
No.     Time        Source                Destination           Protocol Info
    934 125.000244  65.20.0.122           143.61.195.26         SMTP     C: MAIL FROM:<DoNotReply@test.org>
 
No.     Time        Source                Destination           Protocol Info
    935 125.001327  143.61.195.26         65.20.0.122           SMTP     S: 250 2.1.0 DoNotReply@test.org....Sender OK
 
No.     Time        Source                Destination           Protocol Info
    940 125.098444  65.20.0.122           143.61.195.26         SMTP     C: RCPT TO:<amy.john@trust.com>
 
No.     Time        Source                Destination           Protocol Info
    941 125.099360  143.61.195.26         65.20.0.122           SMTP     S: 250 2.1.5 amy.john@trust.com 
 
No.     Time        Source                Destination           Protocol Info
    946 125.543740  65.20.0.122           65.20.195.26         SMTP     C: rset
 
No.     Time        Source                Destination           Protocol Info
    947 125.544121  143.61.195.26         65.20.0.122           SMTP     S: 250 2.0.0 Resetting
 
No.     Time        Source                Destination           Protocol Info
    957 125.663606  65.20.0.122           143.61.195.26         SMTP     C: QUIT

Select allOpen in new window

You definitely have a point here. i know its difficult for you to try bypassing the firewall.. but you can surely check the firewall settings... Any ways your exchange server is perfectly fine and that we proved already. You can surely proceed ...

x

anyone else with any Ideas?

I agree... i and syedm2 had proved you in several ways that your exchange is not creating this problem...
you can surely go ahead and lookinto the firewall settings.....

cchibonga: we are surely going on the right direction... let me know if you have any questions....

-x

alright guys thanks for all your help and sticking with this question. your relentlessness has led me to the answe we eventually found out that the firewall was blocking the emails

here is what we had to do to fix it. we had to disable the csc policy on the firewall
ciscoasa(config)# policy-map csc
ciscoasa(config-pmap)#  class csc
ciscoasa(config-pmap-c)# no csc fail-open
ciscoasa(config-pmap-c)#

Perfect !!!

This Is not done... We proved you that Your exchagne server is not the Problem...
I said Postini coz exchange server was receiving emails from them...
coz of Our help you atleast realised that its Postini or the Firewall...

Closing the question without granting Points after Such a long troubleshooting is not good...
You got the logic to work on Firewall Only after we took the Logs right....

I Just wasted time....

i gave points to syedm2 and xsam.
I think this application is not working fine. It gave me an option to accept multiple solutions and i gave 250 points to syedm2 and 250 to xsam.

but they have not been given apparently need help here.