YMNORR
asked on
Problems with SMTP connections dropping
Hi,
We are experiencing problems with SMTP connections between to a specific domain. The MX record for the Y domain points to an SMTP gateway at the X domain. The X domain SMTP gateway is MDaemon Server 10.0.5. The SMTP server for the Y domain is Microsoft Exchange 2007 (SP1 with Rollup 7). The problem is that the Y domain is dropping connections almost exactly 60 seconds after the email is sent. See the enclosed SMTP log from the X domain:
Tue 2009-05-12 15:08:29: Session 376; child 29
Tue 2009-05-12 15:07:28: Parsing message <e:\mdaemon\queues\remote\
Tue 2009-05-12 15:07:28: * From: info@zzzzz.zz
Tue 2009-05-12 15:07:28: * To: name@yyyyyyyy.yy
Tue 2009-05-12 15:07:28: * Subject: Subject Line
Tue 2009-05-12 15:07:28: * Size (bytes): 6166
Tue 2009-05-12 15:07:28: * Message-ID: <22740960.1242140802090.Ja
Tue 2009-05-12 15:07:28: * Route slip host: mail.yyyyyyyy.yy
Tue 2009-05-12 15:07:28: * Route slip port: 25
Tue 2009-05-12 15:07:28: Attempting SMTP connection to [mail.yyyyyyyy.yy]
Tue 2009-05-12 15:07:28: Resolving MX records for [mail.yyyyyyyy.yy] (DNS Server: 172.31.0.102)...
Tue 2009-05-12 15:07:28: * Name server has no valid records of the requested type for that domain
Tue 2009-05-12 15:07:28: Attempting SMTP connection to [mail.yyyyyyyy.yy:25]
Tue 2009-05-12 15:07:28: Resolving A record for [mail.yyyyyyyy.yy] (DNS Server: 172.31.0.102)...
Tue 2009-05-12 15:07:28: * D=mail.yyyyyyyy.yy TTL=(40) A=[y.y.y.y]
Tue 2009-05-12 15:07:28: Attempting SMTP connection to [y.y.y.y:25]
Tue 2009-05-12 15:07:28: Waiting for socket connection...
Tue 2009-05-12 15:07:28: * Connection established (172.31.0.104:3323 -> y.y.y.y:25)
Tue 2009-05-12 15:07:28: Waiting for protocol to start...
Tue 2009-05-12 15:07:28: <-- 220 mail.yyyyyyyy.yy Microsoft ESMTP MAIL Service ready at Tue, 12 May 2009 15:05:45 +0200
Tue 2009-05-12 15:07:28: --> EHLO xxxxxxx.xx
Tue 2009-05-12 15:07:28: <-- 250-mail.yyyyyyyy.yy Hello [x.x.x.x]
Tue 2009-05-12 15:07:28: <-- 250-SIZE 25845760
Tue 2009-05-12 15:07:28: <-- 250-DSN
Tue 2009-05-12 15:07:28: <-- 250-ENHANCEDSTATUSCODES
Tue 2009-05-12 15:07:28: <-- 250-AUTH
Tue 2009-05-12 15:07:28: <-- 250-8BITMIME
Tue 2009-05-12 15:07:28: <-- 250-BINARYMIME
Tue 2009-05-12 15:07:28: <-- 250 CHUNKING
Tue 2009-05-12 15:07:28: --> MAIL From:<info@zzzzz.zz> SIZE=6166
Tue 2009-05-12 15:07:28: <-- 250 2.1.0 Sender OK
Tue 2009-05-12 15:07:28: --> RCPT To:<name@yyyyyyyy.yy>
Tue 2009-05-12 15:07:28: <-- 250 2.1.5 Recipient OK
Tue 2009-05-12 15:07:28: --> DATA
Tue 2009-05-12 15:07:28: <-- 354 Start mail input; end with <CRLF>.<CRLF>
Tue 2009-05-12 15:07:28: Sending <e:\mdaemon\queues\remote\
Tue 2009-05-12 15:07:28: Transfer Complete
****** This is where a normal session should end:
Tue 2009-05-12 15:08:29: <-- 250 2.6.0 <OF6F352B6C.54290197-ONC12
Tue 2009-05-12 15:08:29: --> QUIT
Tue 2009-05-12 15:08:29: <-- 221 2.0.0 Service closing transmission channel
Tue 2009-05-12 15:08:29: SMTP session successful (Bytes in/out: 513/4969365)
****** But this is how the session actually ends:
Tue 2009-05-12 15:08:29: Socket connection closed by the other side (how rude!)
Tue 2009-05-12 15:08:29: This message is 1 minutes old; it has 59 minutes left in this queue
Tue 2009-05-12 15:08:29: SMTP session terminated (Bytes in/out: 333/6267)
As you can see, the Microsoft Exchange Server 2007 SMTP ends the session by closing the connection. I've seen in some logs that it says "Bad sequence of commands" but now I don't see that even anymore. The SMTP log on the Y domain (Exchange) looks like this for the same message:
2009-05-12T13:06:54.575Z,E
2009-05-12T13:06:54.575Z,E
2009-05-12T13:06:54.575Z,E
2009-05-12T13:06:54.637Z,E
2009-05-12T13:06:54.637Z,E
2009-05-12T13:06:54.637Z,E
2009-05-12T13:06:54.637Z,E
2009-05-12T13:06:54.637Z,E
2009-05-12T13:06:54.637Z,E
2009-05-12T13:06:54.637Z,E
2009-05-12T13:06:54.637Z,E
2009-05-12T13:06:54.637Z,E
2009-05-12T13:06:54.637Z,E
2009-05-12T13:06:54.637Z,E
2009-05-12T13:06:54.669Z,E
2009-05-12T13:06:54.669Z,E
2009-05-12T13:06:54.669Z,E
2009-05-12T13:06:54.700Z,E
2009-05-12T13:06:54.700Z,E
2009-05-12T13:06:54.731Z,E
2009-05-12T13:06:54.731Z,E
2009-05-12T13:07:56.969Z,E
As far as I can read these logs, the SMTP serve at the Y domain (Exchange) awaits the <CRLF>.<CRLF> but seems like it for some reason never gets it. After one minute, according to both SMTP logs then session is ended. Has anyone experienced anything like this? Does anyone interpret the logs differently than me?
All mail going to the Y domain gets the same treatment by the Y SMTP, when sent from the X domain. When I try from the server that runs the X domain SMTP server by using telnet to port 25 at the Y domain, it lets me send email without any trouble.
Regards,
Tomas Andersson
We are experiencing problems with SMTP connections between to a specific domain. The MX record for the Y domain points to an SMTP gateway at the X domain. The X domain SMTP gateway is MDaemon Server 10.0.5. The SMTP server for the Y domain is Microsoft Exchange 2007 (SP1 with Rollup 7). The problem is that the Y domain is dropping connections almost exactly 60 seconds after the email is sent. See the enclosed SMTP log from the X domain:
Tue 2009-05-12 15:08:29: Session 376; child 29
Tue 2009-05-12 15:07:28: Parsing message <e:\mdaemon\queues\remote\
Tue 2009-05-12 15:07:28: * From: info@zzzzz.zz
Tue 2009-05-12 15:07:28: * To: name@yyyyyyyy.yy
Tue 2009-05-12 15:07:28: * Subject: Subject Line
Tue 2009-05-12 15:07:28: * Size (bytes): 6166
Tue 2009-05-12 15:07:28: * Message-ID: <22740960.1242140802090.Ja
Tue 2009-05-12 15:07:28: * Route slip host: mail.yyyyyyyy.yy
Tue 2009-05-12 15:07:28: * Route slip port: 25
Tue 2009-05-12 15:07:28: Attempting SMTP connection to [mail.yyyyyyyy.yy]
Tue 2009-05-12 15:07:28: Resolving MX records for [mail.yyyyyyyy.yy] (DNS Server: 172.31.0.102)...
Tue 2009-05-12 15:07:28: * Name server has no valid records of the requested type for that domain
Tue 2009-05-12 15:07:28: Attempting SMTP connection to [mail.yyyyyyyy.yy:25]
Tue 2009-05-12 15:07:28: Resolving A record for [mail.yyyyyyyy.yy] (DNS Server: 172.31.0.102)...
Tue 2009-05-12 15:07:28: * D=mail.yyyyyyyy.yy TTL=(40) A=[y.y.y.y]
Tue 2009-05-12 15:07:28: Attempting SMTP connection to [y.y.y.y:25]
Tue 2009-05-12 15:07:28: Waiting for socket connection...
Tue 2009-05-12 15:07:28: * Connection established (172.31.0.104:3323 -> y.y.y.y:25)
Tue 2009-05-12 15:07:28: Waiting for protocol to start...
Tue 2009-05-12 15:07:28: <-- 220 mail.yyyyyyyy.yy Microsoft ESMTP MAIL Service ready at Tue, 12 May 2009 15:05:45 +0200
Tue 2009-05-12 15:07:28: --> EHLO xxxxxxx.xx
Tue 2009-05-12 15:07:28: <-- 250-mail.yyyyyyyy.yy Hello [x.x.x.x]
Tue 2009-05-12 15:07:28: <-- 250-SIZE 25845760
Tue 2009-05-12 15:07:28: <-- 250-DSN
Tue 2009-05-12 15:07:28: <-- 250-ENHANCEDSTATUSCODES
Tue 2009-05-12 15:07:28: <-- 250-AUTH
Tue 2009-05-12 15:07:28: <-- 250-8BITMIME
Tue 2009-05-12 15:07:28: <-- 250-BINARYMIME
Tue 2009-05-12 15:07:28: <-- 250 CHUNKING
Tue 2009-05-12 15:07:28: --> MAIL From:<info@zzzzz.zz> SIZE=6166
Tue 2009-05-12 15:07:28: <-- 250 2.1.0 Sender OK
Tue 2009-05-12 15:07:28: --> RCPT To:<name@yyyyyyyy.yy>
Tue 2009-05-12 15:07:28: <-- 250 2.1.5 Recipient OK
Tue 2009-05-12 15:07:28: --> DATA
Tue 2009-05-12 15:07:28: <-- 354 Start mail input; end with <CRLF>.<CRLF>
Tue 2009-05-12 15:07:28: Sending <e:\mdaemon\queues\remote\
Tue 2009-05-12 15:07:28: Transfer Complete
****** This is where a normal session should end:
Tue 2009-05-12 15:08:29: <-- 250 2.6.0 <OF6F352B6C.54290197-ONC12
Tue 2009-05-12 15:08:29: --> QUIT
Tue 2009-05-12 15:08:29: <-- 221 2.0.0 Service closing transmission channel
Tue 2009-05-12 15:08:29: SMTP session successful (Bytes in/out: 513/4969365)
****** But this is how the session actually ends:
Tue 2009-05-12 15:08:29: Socket connection closed by the other side (how rude!)
Tue 2009-05-12 15:08:29: This message is 1 minutes old; it has 59 minutes left in this queue
Tue 2009-05-12 15:08:29: SMTP session terminated (Bytes in/out: 333/6267)
As you can see, the Microsoft Exchange Server 2007 SMTP ends the session by closing the connection. I've seen in some logs that it says "Bad sequence of commands" but now I don't see that even anymore. The SMTP log on the Y domain (Exchange) looks like this for the same message:
2009-05-12T13:06:54.575Z,E
2009-05-12T13:06:54.575Z,E
2009-05-12T13:06:54.575Z,E
2009-05-12T13:06:54.637Z,E
2009-05-12T13:06:54.637Z,E
2009-05-12T13:06:54.637Z,E
2009-05-12T13:06:54.637Z,E
2009-05-12T13:06:54.637Z,E
2009-05-12T13:06:54.637Z,E
2009-05-12T13:06:54.637Z,E
2009-05-12T13:06:54.637Z,E
2009-05-12T13:06:54.637Z,E
2009-05-12T13:06:54.637Z,E
2009-05-12T13:06:54.637Z,E
2009-05-12T13:06:54.669Z,E
2009-05-12T13:06:54.669Z,E
2009-05-12T13:06:54.669Z,E
2009-05-12T13:06:54.700Z,E
2009-05-12T13:06:54.700Z,E
2009-05-12T13:06:54.731Z,E
2009-05-12T13:06:54.731Z,E
2009-05-12T13:07:56.969Z,E
As far as I can read these logs, the SMTP serve at the Y domain (Exchange) awaits the <CRLF>.<CRLF> but seems like it for some reason never gets it. After one minute, according to both SMTP logs then session is ended. Has anyone experienced anything like this? Does anyone interpret the logs differently than me?
All mail going to the Y domain gets the same treatment by the Y SMTP, when sent from the X domain. When I try from the server that runs the X domain SMTP server by using telnet to port 25 at the Y domain, it lets me send email without any trouble.
Regards,
Tomas Andersson
ASKER
No idea where those extra bytes come from. Must be some header information that's been added or something. I don't think that is the issue though, that should give me a more clear error message I think. Just for the heck of it, I tried by using telnet, information in the MAIL FROM command that the size was 314 bytes but I sent just a subject line. It went through with no problems after I sent <CRLF>.<CRLF>
ASKER
Could it be that the Exchange server is having problems intrpreting the <CRLF>.<CRLF> that should be inside the .msg file that MDaemon tries to send? How would I go about to find that out? Hm... I'll see if I can find the .msg file in MDaemon somewhere.
>that should give me a more clear error message I think
Microsoft? Clear error message? :-))
It's fine for the Size parameter to show a figure that is bigger than the message, but not the other way round.
The reasoning behind my first comment is that Exchange is looking for the end of message identifier within the size given to it. It looks possible that the end of message identifier was not seen within this span and Exchange decided to give up on the session.
Microsoft? Clear error message? :-))
It's fine for the Size parameter to show a figure that is bigger than the message, but not the other way round.
The reasoning behind my first comment is that Exchange is looking for the end of message identifier within the size given to it. It looks possible that the end of message identifier was not seen within this span and Exchange decided to give up on the session.
ASKER
Hm... I see that MDaemon is doing someting I'm not in control of. The .msg file does not contain <CRLF>.<CRLF> at the end of the file. It must be sent after, but it's not logged by MDaemon. I checked another Exchange server where it actually works to send to, but the log doesn't show the <CRLF>.<CRLF> command.
ASKER
Oh well, I admit I was a bit hasty on the comment about Microsoft being clear ;-) but they do tend to follow the SMTP standard :-)
Can you try knocking off any size restrictions temporarily in Exchange? Mdaemon may not then advertise the size of its' message, and Exchange will then wait for proper termination.
ASKER
I tried by setting it like this:
set-receiveconnector "Default" -SizeEnabled Disabled
Then the Exchange server doesn't advertise the SIZE in the banner anymore, and MDaemone doesn't send the size with MAIL FROM either. The bad part is that it had no effect what so ever. It still drops the connections aftter the 60 second timeout.
set-receiveconnector "Default" -SizeEnabled Disabled
Then the Exchange server doesn't advertise the SIZE in the banner anymore, and MDaemone doesn't send the size with MAIL FROM either. The bad part is that it had no effect what so ever. It still drops the connections aftter the 60 second timeout.
I assume that you've checked Reverse DNS, etc. on the mdaemon domain. I know you are anonymising things, but if zzzzz.zz does not match when a reverse lookup is done on it by Exchange, this could be where the problem lies. Talking of zzzzz, I'm off to bed now...
ASKER
Well, it doesn't receive email from any domain, so I doubt that it could be RDNS related. Is RDNS lookups enabled by default on Exchange 2007? In that case, how do I disable it? But it really sounds strange if the RDNS lookup would occur after they have introduced eachother, and the email has actually been sent but not properly terminated by the sending side as it seems here.
Sending and Receiving of emails are very different. Sending of emails is now about proving to the recipient, or rather, the recipient's mail server that you are who you are, and not someone who has taken over your mail server - turning it into an open relay - and is bombarding the world with spam.
Put your sending IP in here to check correct setup of rdns:-
http://postmaster.aol.com/cgi-bin/dns_tool.pl
Ideally, run the dnsreport found here which gives a more comprehensive check:-
www.dnsstuff.com
Put your sending IP in here to check correct setup of rdns:-
http://postmaster.aol.com/cgi-bin/dns_tool.pl
Ideally, run the dnsreport found here which gives a more comprehensive check:-
www.dnsstuff.com
ASKER
Well, I do know how RDNS works. I just don't think that would be the issue in this case. The Y domain does not have a RDNS entry at their ISP though.
>Well, I do know how RDNS works.
Please accept my apologies, but a lot of questions on EE don't get properly solved because not all of the obvious boxes are ticked before heading off at a tangent.
Y is not doing the sending so I don't think that is an issue. I think you're implying that X does have RDNS setup correctly? (Can you confirm so that we can "tick the box"?)
Is
zzzzz.zz
equal to
xxxxxxx.xx
?
If not, then this may look like an Open Relay to the recipient. (Consider zzzzz.zz to be verifyyourpasswordbyclicki
Please accept my apologies, but a lot of questions on EE don't get properly solved because not all of the obvious boxes are ticked before heading off at a tangent.
Y is not doing the sending so I don't think that is an issue. I think you're implying that X does have RDNS setup correctly? (Can you confirm so that we can "tick the box"?)
Is
zzzzz.zz
equal to
xxxxxxx.xx
?
If not, then this may look like an Open Relay to the recipient. (Consider zzzzz.zz to be verifyyourpasswordbyclicki
ASKER
X has RDNS correctly setup. Y does not. Z is not equal to Z, it is simply the original sending domain. X is just a forwarding SMTP gateway for Y. Complex enough? ;-)
Anyway, I managed to solve the problem. According to the MDaemon support, nothing is wrong on their side. I'm pretty sure that Microsoft would say the same thing if I would have called them. I started looking into the ESMTP things and I saw that when sending directly from a W domain (running out of letter now...lol) that also runs Exchange 2007 to the Y domain, the email gets sent with no problem. It ended with BDAT though, which is weird since Microsoft is not supposed to support that verb. Anyway, I disabled the use of EHLO instead of the traditional HELO on the MDaemon server, and all the emails went through fine. It's reported as a bug with Alt-N but I doubt that they will look into it. What I could have done to help them would have been to run a sniffer on the receiving and sending sides, since the SMTP logs don't reveal all information apprently. For example, when the MDaemon log says "Transfer complete", that is supposed to mean that <CRLF>.<CRLF> has been sent. I don't trust that though, I would like to see it with my own eyes in the log.
Anyway, I managed to solve the problem. According to the MDaemon support, nothing is wrong on their side. I'm pretty sure that Microsoft would say the same thing if I would have called them. I started looking into the ESMTP things and I saw that when sending directly from a W domain (running out of letter now...lol) that also runs Exchange 2007 to the Y domain, the email gets sent with no problem. It ended with BDAT though, which is weird since Microsoft is not supposed to support that verb. Anyway, I disabled the use of EHLO instead of the traditional HELO on the MDaemon server, and all the emails went through fine. It's reported as a bug with Alt-N but I doubt that they will look into it. What I could have done to help them would have been to run a sniffer on the receiving and sending sides, since the SMTP logs don't reveal all information apprently. For example, when the MDaemon log says "Transfer complete", that is supposed to mean that <CRLF>.<CRLF> has been sent. I don't trust that though, I would like to see it with my own eyes in the log.
Id contact the admins for the problematic site - that looks like greylisting to me
ASKER
If only it would be that easy. As I have explained before, the problem is sending to any domain. I'm the admin for both Y and X domain in question.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If I'm reading the log correctly the size of the message being sent is certainly within Exchange's max advertised acceptable capacity (25845760), but is slightly over the size that was advertised by mdaemon (6166) prior to sending. 6267 bytes were in fact sent. Has Exchange got the hump about those extra bytes?