NDR from Exchange
First a description of our email flow:
We have Outlook (2003 on desktop or 2007 on TS)
email server is Exchange 2003 w/Trend Micro ScanMail
From Exchange it goes to an ISA server 2006 w/Trend Micro IMSS
It then goes to a Barracuda that is set for incoming so it doesn't do any checking on outgoing.
Now the issue
We have an attorney that we email with several times a day. Most email goes through both ways without a problem. However every once in awhile an email being sent TO the attorney goes into the Exchange Internet Queue and sits there retrying until it times out and returns an NDR.
I can track all messages through the entire system except the ones that sit in the Exchange queue. They never seem to leave the Exchange server.
The NDR is:
Could not deliver the message in the time limit specified. Please retry or contact your administrator.
<our.domain.LOCAL #4.4.7>
The message in the application event log is:
Event Type: Warning
Event Source: MSExchangeTransport
Event Category: Connection Manager
Event ID: 4006
Date: 6/10/2010
Time: 7:43:57 AM
User: N/A
Computer: <our exchange server>
Description:
Message delivery to the host 'x.x.x.x' failed while delivering to the remote domain '[x.x.x.x]' for the following reason: The connection was dropped by the remote host.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: d3 02 04 c0 Ó..À
The IP address is the ISA server. All other email is going through. There appears to be no consistancy to the emails that are blocked. Some have attachments and some don't. None of them are very big. The one today was on 166K.
We have Outlook (2003 on desktop or 2007 on TS)
email server is Exchange 2003 w/Trend Micro ScanMail
From Exchange it goes to an ISA server 2006 w/Trend Micro IMSS
It then goes to a Barracuda that is set for incoming so it doesn't do any checking on outgoing.
Now the issue
We have an attorney that we email with several times a day. Most email goes through both ways without a problem. However every once in awhile an email being sent TO the attorney goes into the Exchange Internet Queue and sits there retrying until it times out and returns an NDR.
I can track all messages through the entire system except the ones that sit in the Exchange queue. They never seem to leave the Exchange server.
The NDR is:
Could not deliver the message in the time limit specified. Please retry or contact your administrator.
<our.domain.LOCAL #4.4.7>
The message in the application event log is:
Event Type: Warning
Event Source: MSExchangeTransport
Event Category: Connection Manager
Event ID: 4006
Date: 6/10/2010
Time: 7:43:57 AM
User: N/A
Computer: <our exchange server>
Description:
Message delivery to the host 'x.x.x.x' failed while delivering to the remote domain '[x.x.x.x]' for the following reason: The connection was dropped by the remote host.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: d3 02 04 c0 Ó..À
The IP address is the ISA server. All other email is going through. There appears to be no consistancy to the emails that are blocked. Some have attachments and some don't. None of them are very big. The one today was on 166K.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
While neither response was the correct one they did turn on a light bulb in my head and I appreciate the comments. I have another email location that may benefit from the answers given here. It turns out the Tipping Point was the culprit. There was filter for .pdf files containing the JBIG2 format that was enabled. Tipping Point recommends disableing it which I did and the email is able to get through now with the attachment.
Again, thank you for your assistance and I will split the points between you.
Again, thank you for your assistance and I will split the points between you.
ASKER
Some more information that may be relevant.
I checked all the logs on the Exchange server, the ISA and the Barracuda after the failed email yesterday.
1. The email entered the queue of the Exchange server
2. The Trend ScanMail on the Exchange server does not show any email blocked or quarantined
3. No record of the email arriving at the ISA server (I even checked the Trend IMSS and there is no record of it there.
4. No record of the email on the Barracuda
5. The sender stipped the attachment (this one had a scanned document in .pdf format) and resent the email and I could follow it's entire path through the Barracuda and the recipient did receive it.
6. The entire size, including attachment, of the email was only 166K so it was not stopped for being to big.
7. I am not blocking any .pdf's from going through at the Exchange, ISA or Barracuda.
8. The NDR is saying it timed out waiting for the ISA which is on a different subnet than the Exchange server (Exchange = 10.2.3.x / ISA = 10.2.201.x)
9. Everything has to go through a Tipping Point in and out of the 10.2.3.x subnet.
I will look at the Tipping Point log today to see if maybe it is the culprit. I had forgot that little piece until describing this scenario.