• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1797
  • Last Modified:

Exchange 2003 not accepting Messagelabs emails

Hi Guys,

We've got an SBS2003 box that accepts mail from the outside fine except when it goes through Messagelabs. I have checked filtering on the server and cannot see anywhere why these emails would be blocked. We have tried from different domains that go through Messagelabs and they all return the following error:

-----Original Message-----
From: MAILER-DAEMON@messagelabs.com [mailto:MAILER-DAEMON@messagelabs.com]
Sent: 12 December 2009 12:06
To: User
Subject: Expired Delivery Retry Notification (1 day ): Update

This is the mail delivery agent at messagelabs.com.
I was not able to deliver your message to the following addresses.

Connected to (wan ip of server) but connection died. (#4.4.2) Despite repeated attempts, this message could not be delivered.

--- Below this line is a copy of the message.

The server has AVG fro Exchange on the Protocols tree of the Exchange server but there's no console for it and it doesn't appear to be doing anything.

Any ideas would be great.

  • 5
  • 4
1 Solution
That would tend to point to a problem with Message Labs. However unless you are a customer of Message Labs they will not talk to you.
You will need to get one of the recipients who is a Message Labs customer to call them and find out what the problem is.

If you receive an error such as:

Connected to <IP address> but connection died
Connected to <IP address> but connection died. Possible duplicate!

There could be a number of reasons for this including below:

1. Your mailserver is overloaded.

a.) All of our servers are ganging up on an old mailserver and it can't cope. You may need to set a limit on the amount of concurrent connections it will accept. Try and find a happy medium by looking at the bandwidth available, the capability of the mailserver and the number of connections to accept. (50 is usually a good number)

b.) The mailserver is not quick enough in its reply so we talk at it until it does reply. For a number of reasons a mailserver may not send us the 250 OK message quick enough, it might be set to do reverse DNS lookups before accepting or performing security checks before accepting mails for example. In these instances we will not wait for it, we just send the mail again.

c.) Email size limit. Most customers have unlimited size limits and we may have to give them a mail that is simply rather large. Two possible things could occur here, either the mailserver will spend so long trying to process the mail we will think it has not been delivered and we send it again or the mailserver may have other mails to process at that time and just won't cope with this extra mail so it won't finish of the transaction will us and so we will send it again.

d.) Dos/SPAM attack. If for some reason you are the target of a DOS/spam attack then all of your bandwidth may be taken up when we try and deliver mail. Again, the mailserver will be trying to sort out all the connections and may not finish the conversation with us so we send it again.

2. Pix Firewall
Customers with Pix firewalls with old software versions sometimes get duplicate emails. There is a bug in the Cisco software that resets the connection if the . and at the end of a mail are in two different TCP packets. Because it won't have a proper conversation with us we resend the mail.
Users with this problem can disable the "SMTP fixup protocol" in the Cisco PIX configuration so that our mail servers can send email directly to your mail servers instead of PIX acting as an intermediate relay. However, the best way to solve the problem is to upgrade the PIX software which fixes the bug. For reference, go to the www.cisco.com web site and search for the keyword CSCds90792, which is the Cisco bug number.
This bug was patched in the PIX software versions 5.2.4 and 5.2.5, but apparently still exists in older and newer versions, including 5.3.1. Cisco should be able to provide a patch for this problem.

For newer versions of Pix, we recommend disabling "ESMTP Inspect"

3. Vague Email client issues:
a.) Mutt
If you uses Mutt with Quail - check that you have not taken the send mail invocation line from the quail FAQ and put it in the mutter. If you have, then remove that line from mutter.

b.) Evolution
Evolution downloads all messages in a batch from the POP3 mailbox and subsequently deletes them from the server, instead of deleting each individual message right after downloading it into the local folder. This can cause possible duplicates.

4. POP Issues
A POP server will only set the email status to "downloaded" after mails are downloaded. So if the email retrieving process is interrupted for any reason for example the connection has died before completion of the download, the email client will restart downloading emails from the very beginning, including those emails that have already been successfully retrieved.

5. Set-up Issues
The server has not been set to delete mails from the server after downloading.

6. The mail is sent multiple times by the sender.
Please check the message ID's of 2 different e-mails to see if they differ.

This post came from mesagelabs may be helpful?
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

NetexpertsAuthor Commented:
There is no DNS lookup for reverse and mail is SMTP direct to the server so there's no POP3 or 3rd party inbetween. All other mail is fine so the server itself appears not be be struggling and i would agree it seems a problem at Messagelabs but as the emails don't arrive from any user /domain that passes through them i cannot see why. I can't see what difference Messagelabs emails have from normal apart from coming out of the messagelabs servers ?
It's very odd .
I'll check with Messagelabs and will post back.

have you tried an external telnet session to your server purporting to be a sender from one of the blocked domains to see what that reveals? Microsoft has an article on the subject though I expect from your username this is familiar to you

Also This question on EE exhibits same problem ID 22755515 Author:ckirt Date:10/08/07 08:04 PM Question
and may be worth a look?

Best of luck with messagelabs
NetexpertsAuthor Commented:

Thanks but i've not known you are able to Telnet as someone else. I'll take a look.

Many Thanks
NetexpertsAuthor Commented:

I can't find where the Microsoft article is to send as another domain. Do you have a link ?


NetexpertsAuthor Commented:
There's been another development in that we're getting NDR's from other (non - messagelabs) companies and it shows the following:

The mail system
user@emailaddress.com:lost connection with mailserver.domain.com[WAN IP ADDRESS] while receiving the initial server greeting.

It looks like it's sort of timing out.

Any ideas ?

Is your sbs one or two nic's, is the external ip static (any firewall between the server and your router?

Microsoft article is at Article ID: 153119 - Last Review: December 3, 2007 - Revision: 6.6
use support@cpmcomputers.com as an external domain/user if it helps or
If you wish provide me with a valid user email address on your domain (set up a test account ?) and I will test from this end?

In your shoes I would install a trial version of "mailmonitor" from this link (I would do this prior to the telnet test

It runs fine on an sbs2003 box but not 2008 - If you need help configuring goto www.cpmcomputers.com and click the get online help. Up and running on your external interface it shows all smtp connections\conversations in real time so you can really see what is happening.

NetexpertsAuthor Commented:
Thanks CPM

The client decided to scrap the lot and go hosted but the mailmonitor was a great tool which i'll use again.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now