brenti
asked on
Exchange server not receiving some email
I'm not an exchange expert by any means, but I know very basic things. I've run into an issue with a client and they are nto receiving emails, but only from various domains. I don't know the full list, but namely, msn, hotmail, comcast, aol to name a few. I can email them from my company's exchange server no problem and it goes through almost instantly. If I email them from my comcast or gmail account, the message never makes it through. I checked the smtp logs and I can identify, for instance, the comcast servers trying to connect in ... but all the log reports is quit - 240 at the end of the line of the log from comcast. Various places can send emails to them successfully, but others, like comcast, aren't successful. I've replaced the modem, bypassed the barracude spam/firewall, I can telnet to port 25 on their mail server (quickly, too), I can send from their server no problem; I did various mx record lookups and mail server health checks and I don't see any problems anywhere ... except that various places cannot email them successfully. I even recreated their virtual smtp server incase something was corrupt, but it did not fix it. PLEASE HELP!!!
when you send mail from your hotmail or aol account are you getting any NDR?
please paste the NDR here.
also do this on the command prompt:
telnet localhost 25
ehlo
mail from: user@hotmail.com
rcpt to:user@YourDomain.com
data
Test mail
.
quit
--> check if you get this mail.. in the user;'s inbox. Do you get any error when you do this?
_ > Let me know
Suraj
please paste the NDR here.
also do this on the command prompt:
telnet localhost 25
ehlo
mail from: user@hotmail.com
rcpt to:user@YourDomain.com
data
Test mail
.
quit
--> check if you get this mail.. in the user;'s inbox. Do you get any error when you do this?
_ > Let me know
Suraj
ASKER
The issue is not that I cannot send to them - I can send to them perfectly fine.
X-Sam:
This is an automatically generated Delivery Status Notification.
Delivery to the following recipients is still underway after 49.2 hour(s):
* acs@johnolsonbuilder.com
Will keep trying and contact you if the message can't be delivered permanently.
Also attached is:
Reporting-MTA: dns; QMTA06.emeryville.ca.mail.
Received-From-MTA: dns; OMTA16.emeryville.ca.mail.
Arrival-Date: Tue, 06 Oct 2009 18:00:01 +0000
Final-recipient: rfc822; acs@johnolsonbuilder.com
Action: delayed
Status: 4.1.1
Last-attempt-Date: Thu, 08 Oct 2009 19:14:04 +0000
In the SMTP Logs I see the following:
2009-10-08 19:47:56 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 422 13901 4 422 SMTP - - - -
2009-10-08 19:47:57 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 547 14022 4 547 SMTP - - - -
2009-10-08 19:47:57 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 234 14143 4 234 SMTP - - - -
2009-10-08 19:47:57 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 218 14264 4 218 SMTP - - - -
2009-10-08 19:47:57 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 235 15996 4 235 SMTP - - - -
2009-10-08 19:47:58 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 203 16117 4 203 SMTP - - - -
2009-10-08 19:47:58 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 156 16238 4 156 SMTP - - - -
2009-10-08 19:48:01 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 125 16359 4 125 SMTP - - - -
2009-10-08 19:48:01 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 407 14385 4 407 SMTP - - - -
2009-10-08 19:48:18 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 219 14506 4 219 SMTP - - - -
2009-10-08 19:48:18 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 219 14627 4 219 SMTP - - - -
2009-10-08 19:48:26 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 219 14748 4 219 SMTP - - - -
2009-10-08 19:48:28 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 250 14869 4 250 SMTP - - - -
2009-10-08 19:48:34 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 234 14990 4 234 SMTP - - - -
2009-10-08 19:48:45 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 125 15111 4 125 SMTP - - - -
2009-10-08 19:48:45 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 235 15232 4 235 SMTP - - - -
2009-10-08 19:48:51 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 141 15353 4 141 SMTP - - - -
2009-10-08 19:48:52 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 219 15474 4 219 SMTP - - - -
2009-10-08 19:48:56 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 187 15595 4 187 SMTP - - - -
2009-10-08 19:49:00 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 687 15716 4 687 SMTP - - - -
2009-10-08 19:49:05 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 156 15837 4 156 SMTP - - - -
2009-10-08 19:49:05 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 125 15958 4 125 SMTP - - - -
These one's don't have the comcast IP on it, but they are the same.
In response to your other request:
all worked fine:
220 johnolsonbuilder.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 re
ady at Thu, 8 Oct 2009 14:07:38 -0600
ehlo
250-johnolsonbuilder.com Hello [127.0.0.1]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK
mail from: bryeds@comcast.net
250 2.1.0 bryeds@comcast.net....Send
rcpt to: acs@johnolsonbuilder.com
250 2.1.5 acs@johnolsonbuilder.com
data
354 Start mail input; end with <CRLF>.<CRLF>
test mail
quit
ehlo
test Mail
.
250 2.6.0 <SBSSERVERA2DreBBsQw000000
ivery
quit
221 2.0.0 johnolsonbuilder.com Service closing transmission channel
Connection to host lost.
C:\Documents and Settings\acs>
X-Sam:
This is an automatically generated Delivery Status Notification.
Delivery to the following recipients is still underway after 49.2 hour(s):
* acs@johnolsonbuilder.com
Will keep trying and contact you if the message can't be delivered permanently.
Also attached is:
Reporting-MTA: dns; QMTA06.emeryville.ca.mail.
Received-From-MTA: dns; OMTA16.emeryville.ca.mail.
Arrival-Date: Tue, 06 Oct 2009 18:00:01 +0000
Final-recipient: rfc822; acs@johnolsonbuilder.com
Action: delayed
Status: 4.1.1
Last-attempt-Date: Thu, 08 Oct 2009 19:14:04 +0000
In the SMTP Logs I see the following:
2009-10-08 19:47:56 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 422 13901 4 422 SMTP - - - -
2009-10-08 19:47:57 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 547 14022 4 547 SMTP - - - -
2009-10-08 19:47:57 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 234 14143 4 234 SMTP - - - -
2009-10-08 19:47:57 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 218 14264 4 218 SMTP - - - -
2009-10-08 19:47:57 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 235 15996 4 235 SMTP - - - -
2009-10-08 19:47:58 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 203 16117 4 203 SMTP - - - -
2009-10-08 19:47:58 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 156 16238 4 156 SMTP - - - -
2009-10-08 19:48:01 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 125 16359 4 125 SMTP - - - -
2009-10-08 19:48:01 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 407 14385 4 407 SMTP - - - -
2009-10-08 19:48:18 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 219 14506 4 219 SMTP - - - -
2009-10-08 19:48:18 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 219 14627 4 219 SMTP - - - -
2009-10-08 19:48:26 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 219 14748 4 219 SMTP - - - -
2009-10-08 19:48:28 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 250 14869 4 250 SMTP - - - -
2009-10-08 19:48:34 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 234 14990 4 234 SMTP - - - -
2009-10-08 19:48:45 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 125 15111 4 125 SMTP - - - -
2009-10-08 19:48:45 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 235 15232 4 235 SMTP - - - -
2009-10-08 19:48:51 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 141 15353 4 141 SMTP - - - -
2009-10-08 19:48:52 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 219 15474 4 219 SMTP - - - -
2009-10-08 19:48:56 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 187 15595 4 187 SMTP - - - -
2009-10-08 19:49:00 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 687 15716 4 687 SMTP - - - -
2009-10-08 19:49:05 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 156 15837 4 156 SMTP - - - -
2009-10-08 19:49:05 192.168.0.250 - SMTPSVC2 SBSSERVER 192.168.0.250 0 QUIT - - 240 125 15958 4 125 SMTP - - - -
These one's don't have the comcast IP on it, but they are the same.
In response to your other request:
all worked fine:
220 johnolsonbuilder.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 re
ady at Thu, 8 Oct 2009 14:07:38 -0600
ehlo
250-johnolsonbuilder.com Hello [127.0.0.1]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK
mail from: bryeds@comcast.net
250 2.1.0 bryeds@comcast.net....Send
rcpt to: acs@johnolsonbuilder.com
250 2.1.5 acs@johnolsonbuilder.com
data
354 Start mail input; end with <CRLF>.<CRLF>
test mail
quit
ehlo
test Mail
.
250 2.6.0 <SBSSERVERA2DreBBsQw000000
ivery
quit
221 2.0.0 johnolsonbuilder.com Service closing transmission channel
Connection to host lost.
C:\Documents and Settings\acs>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Simon,
there is only a basic DSL modem between the server and the internet. The modem in question is a 2wire 2700HG-D - very VERY annoying to configure. I'm setting up a 3rd modem right now. The 2 wire is the second modem we tried to use to resolve the isse, but I don't know anything about its history or why is was sitting in a box unused. It could be because of issues like this for all I know, there's no one to ask. I did call qwest and they confirmed that the connection is solid, even perfect, and nothing is being blocked.
there is only a basic DSL modem between the server and the internet. The modem in question is a 2wire 2700HG-D - very VERY annoying to configure. I'm setting up a 3rd modem right now. The 2 wire is the second modem we tried to use to resolve the isse, but I don't know anything about its history or why is was sitting in a box unused. It could be because of issues like this for all I know, there's no one to ask. I did call qwest and they confirmed that the connection is solid, even perfect, and nothing is being blocked.
The telnet test which i asked is not for sending mail out Test
i asked you to do it localhost 25 to check if exchange has any issues receiving mails from hotmai.
I am sure, since that happened good... its not the exchange server who is creating the issue
Something before the server is the issue... which takes the mail in...
i asked you to do it localhost 25 to check if exchange has any issues receiving mails from hotmai.
I am sure, since that happened good... its not the exchange server who is creating the issue
Something before the server is the issue... which takes the mail in...
ASKER
I can't stand it when people have problems like this and then don't post the fix for them. In this case, the issue was with an "untangle" network appliance which looks at all network traffic that comes in after the router. I don't know the details on it, but I'd assume it intercepts ALL network traffic, processes it, then sends it on its way.
What happened in my case was the the untangle, which I've never heard of, was interpreting the traffic from various sources as P2P traffic from a chinese P2P program called KuGoo, and then thusly blocking all traffic which it interpreted as bad.
I did see the network appliance before, but considering nothing in the modem pointed to it, i assumed it was defunct, or only was scanning network traffic. I logged back into the untangle as a last resort and found the even logs for the various features and noticed the comcast IP being blocked under the protocol control. Turning off the protocol control repaired the issue. IT IS FIXED!!!
Thank you for your help X-Sam
What happened in my case was the the untangle, which I've never heard of, was interpreting the traffic from various sources as P2P traffic from a chinese P2P program called KuGoo, and then thusly blocking all traffic which it interpreted as bad.
I did see the network appliance before, but considering nothing in the modem pointed to it, i assumed it was defunct, or only was scanning network traffic. I logged back into the untangle as a last resort and found the even logs for the various features and noticed the comcast IP being blocked under the protocol control. Turning off the protocol control repaired the issue. IT IS FIXED!!!
Thank you for your help X-Sam
We had suggested and help you on this issue. Please grant appropriate points.
Thank you
x-sam
Thank you
x-sam
Ahmed.