Tech or Treat! Write an article about your scariest tech disaster to win gadgets!Learn more

x
?
Solved

Funky SMTP connection termination

Posted on 2009-05-12
4
Medium Priority
?
801 Views
Last Modified: 2013-11-30
We a small network with about 25 users and host our own Exchange and our own spam box, that sits "between" the firewall (Cisco ASA 5505) and the Exchange box (Server 2003 w/ Exchange 2003)... The Cisco ASA 5505 routes all (MX) port 25 traffic to our spam "server," which is a dedicated Windows XP Pro box that houses our spam software (Praetor). Besides the occasional delayed delivery issues cause by XP Pro's virtual SMTP server only allowing 10 concurrent connections, we are having some vexing SMTP issues. This issue seems to be mainly with ATT-Worldnet, but I have had it happen to a couple of G-mail emails as well. Here's the issue:

The spam box will accept the SMTP connection, but then the session ends (is terminated) before transferring any data (the email). To me it looks like it is the ATT server sending the QUIT, but ATT is saying that we are blocking them... And I can guarantee that we are not blocking them, or anyone else for that matter. And its not the spam software terminating the connection due to the AT&T server being on an RBL, as the connection is terminated before the spam software can even act&
Ive included the SMTP logs for one of the troubled connections as well as a good connection from a Gmail account that shows the proper connection flow, including the scanning by the spam software and the transfer to the Exchange server for final delivery to the recipient. Ive also included the header information from an AT&T email on which the connection was canceled&

BAD CONNECTION:
2009-05-11 08:40:56 204.127.217.106 fmailhost06.isp.att.net SMTPSVC1 PRAETOR 192.168.0.32 0 EHLO - +fmailhost06.isp.att.net 250 0 177 28 0 SMTP - - - -
---
2009-05-11 08:40:56 204.127.217.106 fmailhost06.isp.att.net SMTPSVC1 PRAETOR 192.168.0.32 0 MAIL - +FROM:<rj@att.net> 250 0 43 40 16 SMTP - - - -
2009-05-11 08:40:56 204.127.217.106 fmailhost06.isp.att.net SMTPSVC1 PRAETOR 192.168.0.32 0 RCPT - +TO:<rj@my-domain.com> 250 0 41 38 0 SMTP - - - -
---
2009-05-11 08:40:56 204.127.217.106 fmailhost06.isp.att.net SMTPSVC1 PRAETOR 192.168.0.32 0 QUIT - fmailhost06.isp.att.net 0 875 46 4 328 SMTP - - - -

GOOD CONNECTION:
2009-05-12 16:03:42 209.85.217.158 mail-gx0-f158.google.com SMTPSVC1 PRAETOR 192.168.0.32 0 EHLO - +mail-gx0-f158.google.com 250 0 176 29 0 SMTP - - - -
---
2009-05-12 16:03:43 209.85.217.158 mail-gx0-f158.google.com SMTPSVC1 PRAETOR 192.168.0.32 0 MAIL - +FROM:<rj@gmail.com> 250 0 45 32 0 SMTP - - - -
2009-05-12 16:03:43 209.85.217.158 mail-gx0-f158.google.com SMTPSVC1 PRAETOR 192.168.0.32 0 RCPT - +TO:<rj@my-domain.com> 250 0 41 38 0 SMTP - - - -
2009-05-12 16:03:43 209.85.217.158 mail-gx0-f158.google.com SMTPSVC1 PRAETOR 192.168.0.32 0 DATA - +<ac41179b0905120908p3003bc4eh555647e0d52bde30@mail.gmail.com> 250 0 145 1708 78 SMTP - - - -
2009-05-12 16:03:43 - OutboundConnectionResponse SMTPSVC1 PRAETOR - 25 - - 220+EXCHANGE01.my-domain.com+Microsoft+ESMTP+MAIL+Service,+Version:+6.0.3790.3959+ready+at++Tue,+12+May+2009+12:06:08+-0400+ 0 0 128 0 0 SMTP - - - -
2009-05-12 16:03:43 EXCHANGE.my-domain.com OutboundConnectionCommand SMTPSVC1 PRAETOR - 25 EHLO - Praetor.my-domain.com 0 0 4 0 0 SMTP - - - -
2009-05-12 16:03:43 EXCHANGE.my-domain.com OutboundConnectionResponse SMTPSVC1 PRAETOR - 25 - - 250-EXCHANGE01.my-domain.com+Hello+[192.168.0.32] 0 0 53 0 0 SMTP - - - -
2009-05-12 16:03:43 EXCHANGE.my-domain.com OutboundConnectionCommand SMTPSVC1 PRAETOR - 25 MAIL - FROM:<rj@gmail.com> 0 0 4 0 0 SMTP - - - -
2009-05-12 16:03:43 EXCHANGE.my-domain.com OutboundConnectionResponse SMTPSVC1 PRAETOR - 25 - - 250+2.1.0+rj@gmail.com....Sender+OK 0 0 43 0 16 SMTP - - - -
2009-05-12 16:03:43 EXCHANGE.my-domain.com OutboundConnectionCommand SMTPSVC1 PRAETOR - 25 RCPT - TO:<rj@my-domain.com> 0 0 4 0 16 SMTP - - - -
2009-05-12 16:03:43 EXCHANGE.my-domain.com OutboundConnectionResponse SMTPSVC1 PRAETOR - 25 - - 250+2.1.5+rj@my-domain.com+ 0 0 39 0 16 SMTP - - - -
2009-05-12 16:03:43 EXCHANGE.my-domain.com OutboundConnectionCommand SMTPSVC1 PRAETOR - 25 BDAT - 1987+LAST 0 0 4 0 16 SMTP - - - -
2009-05-12 16:03:43 EXCHANGE.my-domain.com OutboundConnectionResponse SMTPSVC1 PRAETOR - 25 - - 250+2.6.0++<ac41179b0905120908p3003bc4eh555647e0d52bde30@mail.gmail.com>+Queued+mail+for+delivery 0 0 97 0 16 SMTP - - - -
2009-05-12 16:03:43 EXCHANGE.my-domain.com OutboundConnectionCommand SMTPSVC1 PRAETOR - 25 QUIT - - 0 0 4 0 16 SMTP - - - -
2009-05-12 16:03:43 EXCHANGE.my-domain.com OutboundConnectionResponse SMTPSVC1 PRAETOR - 25 - - 221+2.0.0+EXCHANGE01.my-domain.com+Service+closing+transmission+channel 0 0 75 0 16 SMTP - - - -
---
2009-05-12 16:04:14 209.85.217.158 mail-gx0-f158.google.com SMTPSVC1 PRAETOR 192.168.0.32 0 QUIT - mail-gx0-f158.google.com 0 30328 74 4 0 SMTP - - - -

BAD EMAIL HEADER:
From postmaster@isp.att.net Tue May 12 01:13:58 2009
Return-Path: <>
Authentication-Results: mta144.sbc.mail.mud.yahoo.com  from=isp.att.net; domainkeys=neutral (no sig); from=isp.att.net; dkim=neutral (no  sig)
Received: from 204.127.217.106  (EHLO fmailhost06.isp.att.net) (204.127.217.106)
  by mta144.sbc.mail.mud.yahoo.com with SMTP; Tue, 12 May 2009 01:14:15 -0700
Received: from fmailhost06.isp.att.net (localhost[127.0.0.1])
          by isp.att.net (frfwmhc06) with ESMTP
          id <20090512081414H0600rqsq7e>; Tue, 12 May 2009 08:14:14 +0000
From: postmaster@isp.att.net
Subject: Returned mail: delivery problems encountered
Message-Id: <20090512081358H060074g00e@isp.att.net>
Date: 12 May 2009  8:13:58 +0000
To: <ricjenkins@att.net>
Mime-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status; boundary="_4a092fc6.1c90.0+isp.att.net=_"
Content-Length: 2317


Any information or assistance would be greatly appreciated. Thanks.

Ric J.
0
Comment
Question by:ricjenkins
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 65

Accepted Solution

by:
Mestha earned 2000 total points
ID: 24367143
Have you turned off the SMTP mail guard or whatever it is called on the ASA device? That can cause this problem.

Simon.
0
 

Author Comment

by:ricjenkins
ID: 24367637
No I haven't. I would imagine that if that were it, it would affect ALL SMTP connections and email... And it's only affecting AT&T Worldnet email, almost exclusively. I'll look at it though. Thanks.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24370393
Alas no.
It causes problems with certain types of connections. On the predecessor (PIX) it was so notorious that Microsoft actually had a KB article on how to turn it off!

Simon.
0
 

Author Closing Comment

by:ricjenkins
ID: 31580630
This appears to have done it! On the ASA5505 it's under the ESMTP policy inspection. Go to Configuration > Security Policy > Service Policy Rules > *edit policy* Rule Actions > Protocol Inspection, and un-check ESMTP, and apply (and copy to flash). I had the troubled address send a few test emails and I got them all just fine! Thanks a bunch for the help!  
0

Featured Post

Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Suggested Courses

647 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question