We help IT Professionals succeed at work.

Emails to msn and a few select domains fail due to time out

MrJunix
MrJunix asked
on
Medium Priority
1,120 Views
Last Modified: 2013-11-30
We moved physical locations and now have a new external IP address on an Exchange 2003 server (windows server 2003 standard)
Email addresses we previously sent to at Hotmail, MSN, Live are no longer making it through.
With more investigating, the first failed messages occurred two weeks before the more (when no changes had been made)

Many email conversations work perfectly.
In a three-way conversation between our domain, Gmail and Live.com
Gmail and Our domain receive all mail correctly.
msn does not receive mail from our domain but does see replies from gmail.

From our domain's exchange server.

Start > Run > CMD > telnet mx1.hotmail.com 25

220 bay0-mc5-f10.bay0.hotmail.com Sending unsolicited commercial or bulk e-mail
to Microsoft's computer network is prohibited. Other restrictions are found at h
ttp://privacy.msn.com/Anti-spam/. Violations will result in use of equipment loc
ated in California and other states. Tue, 17 Feb 2009 11:42:00 -0800
helo OURDOMAIN
250 bay0-mc5-f10.bay0.hotmail.com (3.8.0.31) Hello [OURIP]
mail from: kevin@OURDOMAIN
250 kevinf@OURDOMAIN....Sender OK
rcpt to: OURDOMAIN@live.com
250 OURDOMAIN@live.com
bdat 361 LAST
Date: Tue, 17 Feb 2009
To: OURDOMAIN@live.com; OURDOMAIN@gmail.com
From: kevin@OURDOMAIN
Subject: Testing Manual Telnet Email

Good Morning,

To correct an email delivery problem between us and your servers,
I am sending this email manually using a telnet session.

Please reply at your earliest convenience to help me troubleshoot this issue...
.......250 <BAY0-MC5-F10XAUJ49i0003923d@bay0-mc5-f10.bay0.hotmail.com> Queued ma
il for delivery
quit
221 bay0-mc5-f10.bay0.hotmail.com Service closing transmission channel


Connection to host lost.

This Email is received from our exchange server by msn.  I can do the same to google.

Google and msn can reply and our domain email address receives both.

If I click reply-all from my domain outlook account,
The smtp log shows

65.55.37.120, OutboundConnectionResponse, 2/17/2009, 11:49:28, SMTPSVC1, EXCHANGE, -, 16, 0, 309, 0, 0, -, -, 220 col0-mc4-f42.Col0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.msn.com/Anti-spam/. Violations will result in use of equipment located in California and other states. Tue, 17 Feb 2009 11:55:23 -0800 ,
65.55.37.120, OutboundConnectionCommand, 2/17/2009, 11:49:28, SMTPSVC1, EXCHANGE, -, 16, 0, 4, 0, 0, EHLO, -, OURDOMAIN,
65.55.37.120, OutboundConnectionResponse, 2/17/2009, 11:49:28, SMTPSVC1, EXCHANGE, -, 31, 0, 66, 0, 0, -, -, 250-col0-mc4-f42.Col0.hotmail.com (3.8.0.31) Hello [OURIP],
65.55.37.120, OutboundConnectionCommand, 2/17/2009, 11:49:28, SMTPSVC1, EXCHANGE, -, 31, 0, 4, 0, 0, MAIL, -, FROM:<kevin@OURDOMAIN> SIZE=6654,
65.55.37.120, OutboundConnectionResponse, 2/17/2009, 11:49:28, SMTPSVC1, EXCHANGE, -, 47, 0, 35, 0, 0, -, -, 250 kevin@OURDOMAIN....Sender OK,
65.55.37.120, OutboundConnectionCommand, 2/17/2009, 11:49:28, SMTPSVC1, EXCHANGE, -, 47, 0, 4, 0, 0, RCPT, -, TO:<OURDOMAIN@live.com>,
65.55.37.120, OutboundConnectionResponse, 2/17/2009, 11:49:28, SMTPSVC1, EXCHANGE, -, 78, 0, 24, 0, 0, -, -, 250 OURDOMAIN@live.com ,
65.55.37.120, OutboundConnectionCommand, 2/17/2009, 11:49:28, SMTPSVC1, EXCHANGE, -, 78, 0, 4, 0, 0, BDAT, -, 6654 LAST,

But not no mail is received at Live.com address.

We can see the actual packets being sent out to the correct IP addresses from outside of the firewall.

Microsoft says

Hello Kevin,

 

My name is Brad; I work on the Windows Live Hotmail Domain Support Team, helping to support Hotmail's anti-spam efforts.  I understand you are currently experiencing mail deliverability issues sending to hotmail/msn. Our goal in Windows Live Mail is to make sure that every wanted message sent to Hotmail customers arrives in their inbox, and I know how frustrating it is when this doesn't happen.

I have investigated the IP DOMAINIP and found no issues with delivery to our servers.

Day
      

# Data
      

# Mails
      

# Inbox
      

# Deleted
      

# Junked
      

# RCPTs
      

RCPT Success %

02/16/2009
      

0
      

0
      

0
      

0
      

0
      

3,851
      

1.00

02/15/2009
      

0
      

0
      

0
      

0
      

0
      

3,245
      

1.00

02/14/2009
      

6
      

6
      

6
      

0
      

0
      

2,881
      

1.00

 

This is the only connections showing dating back to 02/05/2009.

If you have any further issues please feel free to contact us again.

 

Thank-you,

 

        Brad

Windows Live Hotmail Domain Support


So, I have no idea what to do.

Messages sit in our queue and retry until they time out on our server.
Comment
Watch Question

Expert of the Quarter 2009
Expert of the Year 2009
Commented:
As a short term measure, send email for those domains through your ISPs SMTP Server using a smart host set on an SMTP Connector.

What is between the server and the internet?

-M

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
We tried an SMTP connector with our ISP (XO.com) but the information they provided changed our time out failures to immediate Recipient address rejected: No such account [0AP8ONTHJA00] rejections.

XO has exceedingly incompetent technical support and I gave up after several hours on the phone with them.

I looked for other companies that might provide simple connector services, but I did not have any luck there either.  I suspect I would also have to change our SPF records when we try that.

XO Gateway => Our Set of static IPs => Sonicwall tz190 => Lan IPs => Exchange server

The sonicwall
Ports 443, 993, 220, 143, 25
Firewall rule
from: WAN
to: LAN
Service: (ports above)
source: Any
Destination: Wan Primary IP
users: all
schedule: Always on
allow fragmented packets
dhcp: preserve

From LAN
to WAN
Allow any

NAT rule
source: any
Translate source: original
original Destination: WAN Primary IP
Translated Destination: Exchange LAN IP
Original Service: (ports above)
translated Service: Original
Inbound Interface:        any
Outbound Interface: any
Expert of the Quarter 2009
Expert of the Year 2009
Commented:
If you are looking for other services, then you need to look for mail hop services. There are lots of those around. Your ISP may require authentication to use their server as a smart host. As for ISP support -  I find most of them are useless.

I am not familiar with the SonicWalls, so don't know whether there is anything in their config that could be interfering with the SMTP traffic.

-M

Author

Commented:
I have full support on the sonicwall and they assure me my setup is correct and not the issue.  As evidenced, they say, by the responses on port 25 in my smtp log on the exchange server.

I can not isolate the problem beyond either

1 for some reason my exchange server is not correctly forming the DATA portion of the transaction.

or

2 Something in the DATA transaction is causing a premature termination of the session on the receiving mail server.

I can open and at my leisure send data and bdat over telnet without any time outs or interruptions in the connection.   My knowledge of exchange is limited but it should be doing the exact same type of conversation.  And exchange's SMTP log shows hotmail saying hello to my exchange server and the conversation continues.  250-col0-mc4-f42.Col0.hotmail.com (3.8.0.31) Hello [OURIP]

I just don't understand how there could be a problem...  Except the emails never show up in the recipients inbox and my exchange server never removes them from my outgoing queue.

Author

Commented:
An overwhelming number of the failed messages are using the BDAT command instead of the DATA command
Commented:
GAH

As it turns out...
the internet email Auto-Protect function of
Symantec AntiVirus version 10.0.0.359
engine: 103.0.2.7
was selectively deleting data transmission packets to some domains (all mail to msn, hotmail, live, and some others)
and that service is not stopped then you disable the general auto protect.

After ENTIRELY disabling the anti virus software, the mail left the queue and was delivered successfully.
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
Symantec strikes again. And people wonder why I kick it so much.

-M

Author

Commented:
In case anyone runs into this problem.

We could see from all exchange logs that the information was being sent.

So we installed Microsoft Network Monitor 3.2

The issue was only to domains Exchange used the BDAT command on.  DATA command emails were successful.

Successful conversations looked like this
SMTP:Rsp 220 , 310 bytes
SMTP:Cmd EHLO EXCHANGE, 23 bytes
SMTP:Rsp 250 -bay0-mc2-f1.bay0.hotmail.com (3.8.0.31) Hello [EXCHANGEIP], 186 bytes
SMTP:Cmd MAIL FROM:<mich@EXCHANGE> SIZE=5341, 42 bytes
SMTP:Rsp 250  mich@EXCHANGE....Sender OK, 37 bytes
SMTP:Cmd RCPT TO:<EXCHANGE@live.com>, 31 bytes
SMTP:Rsp 250  EXCHANGE@live.com , 26 bytes
SMTP:Cmd BDAT 5341 LAST, 16 bytes
MIME:Version =  1.0, multipart/alternative
SMTP:Rsp 250   <1339C72742E7494186C29EE2F9821FB0547373@EXCHANGE> Queued mail for delivery, 96 bytes
SMTP:Cmd QUIT, Terminates the mail session
SMTP:Rsp 221  bay0-mc2-f1.bay0.hotmail.com Service closing transmission channel, 71 bytes



Unsuccessful conversations looked like this
SMTP:Rsp 220  DNSEP11.correspondence.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at  Wed, 18 Feb 2009 13:41:44 -0600 , 122 bytes
SMTP:Cmd EHLO EXCHANGE, 23 bytes
SMTP:Rsp 250 -DNSEP11.correspondence.com Hello [EXCHANGEIP], 190 bytes
SMTP:Cmd MAIL FROM:<mich@EXCHANGE>, 38 bytes
SMTP:Rsp 250  2.1.0 mich@EXCHANGE....Sender OK, 49 bytes
SMTP:Cmd RCPT TO:<receivable@correspondence.com>, 54 bytes
SMTP:Rsp 250  2.1.5 receivable@correspondence.com , 55 bytes
SMTP:Cmd BDAT 8076 LAST, 16 bytes
SMTP:Rsp 451  Timeout waiting for client input, 38 bytes
SMTP:Data Payload, 44 bytes
SMTP:Cmd QUIT, Terminates the mail session

Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.