Solved

Exchange2007/SBS2008; issue receiving emails from some servers; 451 4.7.0 Timeout waiting for client input,

Posted on 2010-08-26
15
2,655 Views
Last Modified: 2013-11-30
Hi,

I have an outside vendor who sends us large attachments (that are still under our 10MB limit) who has an account with sympatico.ca.  Sympatico emails are sent by Microsoft hosted servers; all the emails come from 65.54.190.x servers.  

If they send us a text only email, it is received ok.  Even small attachments work sometimes.  Any email with an attachment over a few 100k is never received.  The Exchange server never sees it.  The SMTP logs show repeated connections to my server, but the tranactions always ends with "451 4.7.0 Timeout waiting for client input"

I can send myself the same attachment with my Hotmail account to my work email account, no problem.

The Exchange 2007 is SP2 and is part of SBS2008.  I have all the latest Forefront updates, and updates in general.  The server was last restarted last Sunday.

I have a Fortigate 100a in front of my network.  It has all the IPS, AV, and spam features turned on.  There is nothing in its logs that suggests it rejected the traffic.  It shows it allowed the connection to go to the SMTP server.

Here is what the SMTP log looks like:

2010-08-26T17:01:24.289Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,0,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,+,,
2010-08-26T17:01:24.290Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,1,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2010-08-26T17:01:24.290Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,2,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,"220 mail.mydomainname.ca Microsoft ESMTP MAIL Service ready at Thu, 26 Aug 2010 13:01:23 -0400",
2010-08-26T17:01:24.374Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,3,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,<,EHLO bay0-omc2-s26.bay0.hotmail.com,
2010-08-26T17:01:24.374Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,4,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250-mail.mydomainname.ca Hello [65.54.190.101],
2010-08-26T17:01:24.374Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,5,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250-SIZE 10485760,
2010-08-26T17:01:24.374Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,6,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250-PIPELINING,
2010-08-26T17:01:24.374Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,7,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250-DSN,
2010-08-26T17:01:24.374Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,8,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250-ENHANCEDSTATUSCODES,
2010-08-26T17:01:24.375Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,9,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250-STARTTLS,
2010-08-26T17:01:24.375Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,10,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250-AUTH,
2010-08-26T17:01:24.375Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,11,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250-8BITMIME,
2010-08-26T17:01:24.375Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,12,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250-BINARYMIME,
2010-08-26T17:01:24.375Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,13,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250 CHUNKING,
2010-08-26T17:01:24.450Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,14,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,<,MAIL FROM:<username@sympatico.ca> SIZE=2237702,
2010-08-26T17:01:24.450Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,15,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,*,08CD103768357F7B;2010-08-26T17:01:24.289Z;1,receiving message
2010-08-26T17:01:24.450Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,16,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250 2.1.0 Sender OK,
2010-08-26T17:01:24.525Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,17,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,<,RCPT TO:<username@mydomainname.ca>,
2010-08-26T17:01:24.529Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,18,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250 2.1.5 Recipient OK,
2010-08-26T17:01:24.604Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,19,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,<,BDAT 2237702 LAST,
2010-08-26T17:20:44.582Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,20,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,451 4.7.0 Timeout waiting for client input,
2010-08-26T17:20:44.582Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,21,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,-,,Local

Any suggestions appreciated.

 
0
Comment
Question by:IWinsor
  • 9
  • 3
  • 3
15 Comments
 
LVL 13

Expert Comment

by:markusdamenous
Comment Utility
I had a problem with incoming SMTP and attachements when a SonicWall firewall was placed in front of our connection.  It was doing filtering/inspection of the SMTP traffic, but not actually blocking it.  This caused similar time out error, rather than hard drops.

Try temporarily disabling the filtering on the Fortigate box and get the person to send again.
0
 

Author Comment

by:IWinsor
Comment Utility
Thanks.

I have opened a case with Fortinet, and as might expect, they don't think they are at fault.  

I had thought of your suggestion as an easy way to prove its the Fortigate or not, but I wanted to talk to their escalation support first.  Turning off the protection it provides could lead to a whole other set of problems.

Thanks.
0
 
LVL 13

Expert Comment

by:markusdamenous
Comment Utility
Yep.  Although, if you prime the other end ready to send at a particular time, you'd only need to open it for 5-10mins to demontrate whether it solves the issue.  This is what I did, then went back to SonicWall to work out the issues.

If you have the luxury of time, then go straight for the Fortigate route.
0
 

Author Comment

by:IWinsor
Comment Utility
OK.  I will try that tomorrow.  You are probably correct, I can have this answer before i even hear from Fortinet excalation.
0
 
LVL 6

Accepted Solution

by:
Shack-Daddy earned 500 total points
Comment Utility
I would do some MTU ping tests from your server out to a site on the internet. I've noticed that when there is an MTU problem related to mail, it usually manifests with attachments larger than a certain size and causes timeouts.

Alternately, you may find that you need to set the MTU on the Fortinet to something different. To determine that, you'd want to put a host on a hub in front of the Fortinet and try some MTU tests to internet hosts and then set the MTU appropriately on the firewall.
0
 

Author Comment

by:IWinsor
Comment Utility
Interesting suggestion.

I followed these instructions:
http://www.dslreports.com/faq/5793

From my exchange server's console, I worked back to a packet size of 1472.  Add 28 for headers and you get 1500.  Windows 2008's MTU is 1500.  My fortigate's MTU default is 1500.

Did I miss something in where you were going with suggestion.

Also, if it was the MTU, wouldn't that affect all inbound emails, and not just a few specific ones?
0
 
LVL 13

Expert Comment

by:markusdamenous
Comment Utility
Any further news on this case?  Did Fortinet come back with any answers?
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 

Author Comment

by:IWinsor
Comment Utility
They asked for a copy of my config file, and asked me to review the "How to configure AV features" documentation.

Waiting for an engineer to be assigned.
0
 
LVL 6

Expert Comment

by:Shack-Daddy
Comment Utility
The MTU thing I've seen affect outbound emails with attachments larger than a certain size. If you have success with some destinations and not others, it probably wouldn't be MTU.

But I recently worked on a situation in which an Exchange server could send attachments out to any domain except for a Yahoo domain (sbcglobal, att, etc). When an attachment was sent to a Yahoo mail server, the attachment would get stuck in a sending loop and would generate a collossal amount of traffic, so much that the ISP would block outbound port 25. This wouldn't happen to attachments sent to any other destination. Our workaround for that was to set up a smarthost or mail relay and just use it for Yahoo-bound mail.
0
 

Author Comment

by:IWinsor
Comment Utility
Thanks, Shack-daddy.

My issue is receiving email from some, but not all, MS Sympatico mail servers.
0
 

Author Comment

by:IWinsor
Comment Utility
OK, so I shut off the IPS features for my firewall email rule and had the sender resend.  The result was the same, so It appears that the issue is not the IPS.

0
 
LVL 6

Expert Comment

by:Shack-Daddy
Comment Utility
Since beating down-and-out horses is fun--back to the MTU thing, what happens when you do an MTU ping test from your server to the IP of one of the servers that's failing to reach you?

Here's something that might be relevant:
http://social.technet.microsoft.com/Forums/en-US/exchangesvrtransport/thread/defc53b7-424f-4354-ba3e-5eae2a9c2282
0
 

Author Comment

by:IWinsor
Comment Utility
Talked to Fortigate. They sent me an updated IPS engine that I don't have and can't download anywhere.  

The mail servers in question cannot be pinged.  I have however used the "How to Troubleshoot Black Hole Router Issues" instructions to successfully ping all the hops that can be pinged between myself and the servers with the issue.

I am starting to think there is a bad MTU config'd somwhere on the other end.  Where does one start if one wants to tell a big ISP/ASP like Microsoft or Bell Canada that you thin they have a technical issue?!??!  this should be fun.
0
 

Author Comment

by:IWinsor
Comment Utility
I doucmented everything I know about this issue and sent it to the person with the Sympatico account and asked her to open a technical support case with them.  We will see what happens.
0
 

Author Comment

by:IWinsor
Comment Utility
The outside vendor moved her accounts to Gmail; problem solved.
0

Featured Post

Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now