Solved

Exchange2007/SBS2008; issue receiving emails from some servers; 451 4.7.0 Timeout waiting for client input,

Posted on 2010-08-26
15
2,690 Views
Last Modified: 2013-11-30
Hi,

I have an outside vendor who sends us large attachments (that are still under our 10MB limit) who has an account with sympatico.ca.  Sympatico emails are sent by Microsoft hosted servers; all the emails come from 65.54.190.x servers.  

If they send us a text only email, it is received ok.  Even small attachments work sometimes.  Any email with an attachment over a few 100k is never received.  The Exchange server never sees it.  The SMTP logs show repeated connections to my server, but the tranactions always ends with "451 4.7.0 Timeout waiting for client input"

I can send myself the same attachment with my Hotmail account to my work email account, no problem.

The Exchange 2007 is SP2 and is part of SBS2008.  I have all the latest Forefront updates, and updates in general.  The server was last restarted last Sunday.

I have a Fortigate 100a in front of my network.  It has all the IPS, AV, and spam features turned on.  There is nothing in its logs that suggests it rejected the traffic.  It shows it allowed the connection to go to the SMTP server.

Here is what the SMTP log looks like:

2010-08-26T17:01:24.289Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,0,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,+,,
2010-08-26T17:01:24.290Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,1,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2010-08-26T17:01:24.290Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,2,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,"220 mail.mydomainname.ca Microsoft ESMTP MAIL Service ready at Thu, 26 Aug 2010 13:01:23 -0400",
2010-08-26T17:01:24.374Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,3,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,<,EHLO bay0-omc2-s26.bay0.hotmail.com,
2010-08-26T17:01:24.374Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,4,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250-mail.mydomainname.ca Hello [65.54.190.101],
2010-08-26T17:01:24.374Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,5,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250-SIZE 10485760,
2010-08-26T17:01:24.374Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,6,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250-PIPELINING,
2010-08-26T17:01:24.374Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,7,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250-DSN,
2010-08-26T17:01:24.374Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,8,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250-ENHANCEDSTATUSCODES,
2010-08-26T17:01:24.375Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,9,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250-STARTTLS,
2010-08-26T17:01:24.375Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,10,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250-AUTH,
2010-08-26T17:01:24.375Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,11,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250-8BITMIME,
2010-08-26T17:01:24.375Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,12,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250-BINARYMIME,
2010-08-26T17:01:24.375Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,13,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250 CHUNKING,
2010-08-26T17:01:24.450Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,14,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,<,MAIL FROM:<username@sympatico.ca> SIZE=2237702,
2010-08-26T17:01:24.450Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,15,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,*,08CD103768357F7B;2010-08-26T17:01:24.289Z;1,receiving message
2010-08-26T17:01:24.450Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,16,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250 2.1.0 Sender OK,
2010-08-26T17:01:24.525Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,17,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,<,RCPT TO:<username@mydomainname.ca>,
2010-08-26T17:01:24.529Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,18,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,250 2.1.5 Recipient OK,
2010-08-26T17:01:24.604Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,19,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,<,BDAT 2237702 LAST,
2010-08-26T17:20:44.582Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,20,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,>,451 4.7.0 Timeout waiting for client input,
2010-08-26T17:20:44.582Z,servername\Windows SBS Internet Receive servername,08CD103768357F7B,21,xxx.xxx.xxx.xxx:25,65.54.190.101:18620,-,,Local

Any suggestions appreciated.

 
0
Comment
Question by:IWinsor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 3
  • 3
15 Comments
 
LVL 13

Expert Comment

by:markusdamenous
ID: 33537014
I had a problem with incoming SMTP and attachements when a SonicWall firewall was placed in front of our connection.  It was doing filtering/inspection of the SMTP traffic, but not actually blocking it.  This caused similar time out error, rather than hard drops.

Try temporarily disabling the filtering on the Fortigate box and get the person to send again.
0
 

Author Comment

by:IWinsor
ID: 33537050
Thanks.

I have opened a case with Fortinet, and as might expect, they don't think they are at fault.  

I had thought of your suggestion as an easy way to prove its the Fortigate or not, but I wanted to talk to their escalation support first.  Turning off the protection it provides could lead to a whole other set of problems.

Thanks.
0
 
LVL 13

Expert Comment

by:markusdamenous
ID: 33537155
Yep.  Although, if you prime the other end ready to send at a particular time, you'd only need to open it for 5-10mins to demontrate whether it solves the issue.  This is what I did, then went back to SonicWall to work out the issues.

If you have the luxury of time, then go straight for the Fortigate route.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:IWinsor
ID: 33537192
OK.  I will try that tomorrow.  You are probably correct, I can have this answer before i even hear from Fortinet excalation.
0
 
LVL 6

Accepted Solution

by:
Shack-Daddy earned 500 total points
ID: 33543177
I would do some MTU ping tests from your server out to a site on the internet. I've noticed that when there is an MTU problem related to mail, it usually manifests with attachments larger than a certain size and causes timeouts.

Alternately, you may find that you need to set the MTU on the Fortinet to something different. To determine that, you'd want to put a host on a hub in front of the Fortinet and try some MTU tests to internet hosts and then set the MTU appropriately on the firewall.
0
 

Author Comment

by:IWinsor
ID: 33544665
Interesting suggestion.

I followed these instructions:
http://www.dslreports.com/faq/5793

From my exchange server's console, I worked back to a packet size of 1472.  Add 28 for headers and you get 1500.  Windows 2008's MTU is 1500.  My fortigate's MTU default is 1500.

Did I miss something in where you were going with suggestion.

Also, if it was the MTU, wouldn't that affect all inbound emails, and not just a few specific ones?
0
 
LVL 13

Expert Comment

by:markusdamenous
ID: 33562069
Any further news on this case?  Did Fortinet come back with any answers?
0
 

Author Comment

by:IWinsor
ID: 33562124
They asked for a copy of my config file, and asked me to review the "How to configure AV features" documentation.

Waiting for an engineer to be assigned.
0
 
LVL 6

Expert Comment

by:Shack-Daddy
ID: 33562272
The MTU thing I've seen affect outbound emails with attachments larger than a certain size. If you have success with some destinations and not others, it probably wouldn't be MTU.

But I recently worked on a situation in which an Exchange server could send attachments out to any domain except for a Yahoo domain (sbcglobal, att, etc). When an attachment was sent to a Yahoo mail server, the attachment would get stuck in a sending loop and would generate a collossal amount of traffic, so much that the ISP would block outbound port 25. This wouldn't happen to attachments sent to any other destination. Our workaround for that was to set up a smarthost or mail relay and just use it for Yahoo-bound mail.
0
 

Author Comment

by:IWinsor
ID: 33562397
Thanks, Shack-daddy.

My issue is receiving email from some, but not all, MS Sympatico mail servers.
0
 

Author Comment

by:IWinsor
ID: 33577778
OK, so I shut off the IPS features for my firewall email rule and had the sender resend.  The result was the same, so It appears that the issue is not the IPS.

0
 
LVL 6

Expert Comment

by:Shack-Daddy
ID: 33578847
Since beating down-and-out horses is fun--back to the MTU thing, what happens when you do an MTU ping test from your server to the IP of one of the servers that's failing to reach you?

Here's something that might be relevant:
http://social.technet.microsoft.com/Forums/en-US/exchangesvrtransport/thread/defc53b7-424f-4354-ba3e-5eae2a9c2282
0
 

Author Comment

by:IWinsor
ID: 33579052
Talked to Fortigate. They sent me an updated IPS engine that I don't have and can't download anywhere.  

The mail servers in question cannot be pinged.  I have however used the "How to Troubleshoot Black Hole Router Issues" instructions to successfully ping all the hops that can be pinged between myself and the servers with the issue.

I am starting to think there is a bad MTU config'd somwhere on the other end.  Where does one start if one wants to tell a big ISP/ASP like Microsoft or Bell Canada that you thin they have a technical issue?!??!  this should be fun.
0
 

Author Comment

by:IWinsor
ID: 33587098
I doucmented everything I know about this issue and sent it to the person with the Sympatico account and asked her to open a technical support case with them.  We will see what happens.
0
 

Author Comment

by:IWinsor
ID: 33639412
The outside vendor moved her accounts to Gmail; problem solved.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

736 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question