Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 295
  • Last Modified:

emails not being recevied from specific domains

Hi Experts,

we have recently upgraded our exchange from 2003 to 2007 , everything went smooth and all migration was perfect. but we are facing an issue which we cannot understand the reason for. the problem is that there are some domain we cannot recevie emails from also in some cases it is just specific sender from that domain e.g. which i am about to share with you all. our employee using gmail sends an email to his own email inside the organization, doesn't get recevied. If I myself send an email to my own email address inside the organization, get recevied.

Exchange 2007 SMTP recevie connector log shows that when the user send using gmail the connection was made from gmail server but when the session closes with "Remote"  where as with my email the log closes with "service closing transmission channel" and "Local". apperantly my email is seen in the inbox where as his email does not reach his inbox at all.. disappeared in thin air.

logs are attached for reference

addtionally, if you look into the log you will observe that the message was recevied but it didn't got queued for delivery.

by the way we have two server , one HUB/CAS and second Mailbox
recevied.txt
unable-to-recevie.txt
0
lomaree
Asked:
lomaree
  • 12
  • 11
1 Solution
 
Alan HardistyCo-OwnerCommented:
Please enable Message Tracking and then test the message flow to see if the messages are received by your server and if so, where they disappear:
http://www.msexchange.org/tutorials/Exchange-2007-Message-Tracking-Part1.html
What Anti-Virus software do you have installed on your server?  Usually this can be caused by Anti-Virus / Anti-Spam software interfering.
0
 
lomareeAuthor Commented:
Hi Alan,

I'll check the message tracking and we have mcafee anti-virus 8.7 installed and we have already excluded all the directories of exchange from anti-virus to scan it or do anything with it.

0
 
Alan HardistyCo-OwnerCommented:
Okay - thanks for the feedback.  Check the message trackjing to see if the messages arrive.  If they don't then that's one problem, but if they do, then disappear, that's another.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
lomareeAuthor Commented:
message tracking does not show that message at all, only smtp logs shows that the sender email server connected , authorized authenticated , submitted the message and gone without get a proper closing transmission.. check the logs and you will know what I am talking about.
0
 
Alan HardistyCo-OwnerCommented:
If the log shows that there is no proper close, then it sounds like it is being rejected or there is a communication issue.  As others are flowing properly, then it sounds like it may be getting rejected.
Have you got the built-in Spam Filtering or are you using 3rd party Anti-Spam software on the server?
0
 
lomareeAuthor Commented:
Yes we have 3rd party Anti-Spam software "GFI" but we even uninstalled it and tried  and same results i.e. same domain to different senders from one is recevied and from the second one it is not recevied. so if it was the communication issue then both should not be recevied. why one sends and everytime he/she sends it is recevied but the second one is not recevied no matter what he/she does... weird.
0
 
Alan HardistyCo-OwnerCommented:
Unfortunately, if the message tracking is not showing the message at all then it is not reaching your server fully, so either something is intercepting it before it can complete the send or it is getting rejected by your server for some random reason.
Are you using the built-in Exchange Anti-Spam tools in addition to the GFI mail-Essentials tools?
0
 
lomareeAuthor Commented:
bulti-in exchange anit-spam.. which is that? we are only using GFI mail-essentials and mail-security only.. recently I contacted microsoft and they adviced to uninstall the GFI so I did and was running a forefront 2010 for exchange to control the spam but nothing happened I mean same problem appeared.

What I cannot understand it that why one gets through and as many times as u send it and one does not as many times as you send... what is so special for that one user and other is not.
0
 
Alan HardistyCo-OwnerCommented:
Built-In Exchange Anti-Spam:
"we are only using GFI mail-essentials and mail-security" - what is the Mail Security part?
Are you still running Forefront or have you uninstalled it?
Yes - there is no logic to it yet - but if we can work out why - they the logic may appear!
0
 
lomareeAuthor Commented:
mail-security is anti-virus and mail-essential is anti-spam.
yes we still have forefront installed and running
0
 
Alan HardistyCo-OwnerCommented:
Okay - please remove Forefront, McAfee and GFI.  Reboot the server and then test mail-flow.
Once the server is clean of intefering products, you may see the mail arrive.  It is not enough to disable the products - they have to be removed I am afraid.
0
 
lomareeAuthor Commented:
Okay i'll do once back in the office.

lets see
0
 
Alan HardistyCo-OwnerCommented:
Thanks - will await your feedback.
0
 
lomareeAuthor Commented:
Hi

Unistalled Forefront, GFI and Mcafee and tried with same results , logs speak  the same thing. :S
0
 
Alan HardistyCo-OwnerCommented:
Okay - thanks. At least that should prove the problem is not the server.

What router do you have and what firmware version do you have?

Is your Exchange server on Service Pack 2 for Exchange yet?

Is the server up-to-date with updates.

Can you send a test message (the same message that fails to you) to me at alan @ it-eye.co.uk please.
0
 
malcouCommented:
Hi

Does  reverse DNS exist for your domain?
You can check this at http://mxtoolbox.com and choose diagnostics and type in your ip address
Or http://www.hq42.net/net_tools/index.php and choose Reverse Lookup

Some Domains will not send the e-mail if the reverse DNS test fails

0
 
lomareeAuthor Commented:
we have router 3361 router and ASA 5520 and IPS tipping point , versions are

3361 : c3660-i-mz.123-11.T.bin
ASA5520 : asa722-k8.bin
IPS : 2.5.5.6994

we dont have yet sp2 installed but have roll up 9 installed

2003 x64 sp2 installed and updated

0
 
Alan HardistyCo-OwnerCommented:
Your Cisco has SMTP fixup enabled which may be causing the problems - please turn this off and then re-test.
mail.yourdomain.com.qa claims to be invalid hostname '********************************************************************************************': <br />   220 ******************************************************************************************** <br />
This is classic SMTP fixup and causes mail-flow problems.
0
 
lomareeAuthor Commented:
Hi Alan,

I had done this but same results and also the version which I am running on ASA is the one which covered this problem, i mean in older version there was a bug with SMTP fixup which causes the ASA to even reboot.
but i didn't understand you point that our mail server claims to be invalid.... how ?
0
 
lomareeAuthor Commented:
hi malcou,

I have checked the reverse DNS and things are fine ... this was one of the first thing i had done..

0
 
Alan HardistyCo-OwnerCommented:
The issue is that when an external server queries your server, the response they get is:
'********************************************************************************************': <br />   220 ******************************************************************************************** <br />
This is not correct and may cause you problems with mail flow.  As we are discussing problems with mail-flow, it would be better to turn of SMTP fixup as this will correct the problem and will allow a suitable response from your mail server.
This is what should be seen (or similar):
220 mail.mydomain.co.uk Microsoft ESMTP MAIL Service ready at Tue, 22 Dec 2009 16:52:01 +0000
The reason your response is invalid is that the response should include your mailserver host name - which it does not.
Further extract from www.dnsstuff.com:
WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.
Whatever you feel about SMTP Fixup - please disable it for now at the very least and then if the problems go away - you are free to enable it again (but your problems may return).
It is well known that SMTP Fixup causes more problems than it solves.
0
 
lomareeAuthor Commented:
Hi

Well I have remove it and I am going to try with those domain
0
 
lomareeAuthor Commented:
Hi Alan

It worked, I removed it n restarted the ASA n all emails came in... WOooo.. thanks alot . u r an exchange guru..
0
 
Alan HardistyCo-OwnerCommented:
Great news - glad you are sorted.
Thanks for the points.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

  • 12
  • 11
Tackle projects and never again get stuck behind a technical roadblock.
Join Now