Solved

Exchange 2007 mail delivery problem - Delayed mail to some recipients

Posted on 2010-09-01
21
934 Views
Last Modified: 2013-11-30
I have a very peculiar problem, some of our outgoing mails are delayed and the users

get delay notifications. So far, nothing unusal...but...

- Only mails to domains that use Softcom.dk as mx are delayed, no matter what the

domain is (softcom is a antispam service). All other mails are delivered propperly.

10      deframx10.softcom.dk      80.237.159.9      5 min      SMTP Test      Blacklist Check
10      dkcphmx32.softcom.dk      194.192.15.181      5 min      SMTP Test      Blacklist Check
10      dkcphmx46.softcom.dk      213.150.52.213      5 min      SMTP Test      Blacklist Check


- Only some of the mails to theese domains are delayed, i.e. 80% of the emails are sent

without any problems, 20% are delayed ca 15-25 hours and the users get delay reports several hours later.

- All other mails to all other domains are sent properly.

More info about our servers:

- The problem affects several of our servers, on different domains, all SBS2008.
- The servers have different internal IPs and different External IPs, none are dynamic or residential IPs.
- All the servers use the same firewall (Draytek)
- Our servers are not blacklisted, reverse DNS is ok.
- mails to the affected domains are delivered ok if we use Telnet - no problems to connect to softcom.
- SMTP Logging is on - when a mail that is delayed is sent - there is nothing in the SMTP log about it - like the server not even tries to send it.
- When the same delayed mail is sent/delivered 20 hours later the SMTP log shows a normal delivery.

Any suggestions what might be the problem?
0
Comment
Question by:gherman
  • 11
  • 7
  • 2
  • +1
21 Comments
 
LVL 8

Expert Comment

by:Mkris9
Comment Utility
Are you using DNS to route emails ? or is it through a smart host ?
0
 

Author Comment

by:gherman
Comment Utility
No smart host. Server can resolve host names with nslookup.

0
 
LVL 8

Expert Comment

by:Mkris9
Comment Utility
It certainly looks like an issue with softcom.dk. What you can also try is using a smarthost just for softcom.dk domain and see how it goes.
0
 
LVL 11

Expert Comment

by:JuusoConnecta
Comment Utility
Can you use the Tracking log explorer an track 1-2 of those mails which were delayed and post your results here ?
0
 

Author Comment

by:gherman
Comment Utility
what is tracking log explorer?
0
 
LVL 2

Expert Comment

by:boxerenterprises
Comment Utility
I would say either Softscan have a problem with some of their mail servers or the businesses you are sending to have not used all the correct mx records they were provided by Softscan

Nigel
www.boxer-enterprises.co.uk
0
 
LVL 11

Expert Comment

by:JuusoConnecta
Comment Utility
In Exchange Management Shell under Toolbox you have a few tools that you can use to track the email Flow, Trackling Log Explorer, Mail Flow Troubleshooter. Try using these two tools and post your results here
0
 

Author Comment

by:gherman
Comment Utility
That was my first theory...but...

When a user tries to send email and the email is delayed - there is nothing in the SMTP protocol log about our server trying to connect to Softcom.

Example:

User sends email at 12.00 to 2 recipients, one on gmail and one on a domain that uses Softcom as MX. The Softcom mail is delayed and user gets an email with delay message at 21.00. If I look at the log - at 12.00 there is info on the smtp connection to gmail but not a single line regarding the email to softcom.

The email to softcom is delivered next day and the log contains info on connection, etc.

0
 
LVL 11

Expert Comment

by:JuusoConnecta
Comment Utility
You should be able to see in these tools when the EMAIL leaves your exchange organization. With that information we can calrify if the issue is within your organization or the external one, and / or ask more proper questions how your current environment is build etc..
0
 

Author Comment

by:gherman
Comment Utility
I tried Exchange Mailflow Trubleshooter - and it showed everything ok - no issues.

I also tried Tracking log explorer and you can see the results below:


Capture.JPG
Capture11.JPG
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 11

Accepted Solution

by:
JuusoConnecta earned 500 total points
Comment Utility
I see that the routing took about 20 hours before it was sent out from your Exchange Organization towards Softcom.dk I assume ?

Could you give us a little more info regarding your exchange organization ? If you have several servers, front-end back-end or do you just have  a stand alone Exchange 2007 server ?
0
 

Author Comment

by:gherman
Comment Utility
Yes, that is correct - routing took 20 hours.

Topo is simple - we have ca 10 external ips in one chain/subnet and all the external ips go into a firewall. On the LAN side, every server has a lan ip on the same subnet and the firewall keeps track of each servers external ip - mapping between public and private ips.

All the affected servers are Micfosoft SBS 2008.

We have non SBS 2008 servers and these dont seem to be affected.

All the servers are hosted and no DHCP. Clients connect with openvpn to servers.
0
 

Author Comment

by:gherman
Comment Utility
Anybody knows why routing might take that long?

0
 
LVL 11

Expert Comment

by:JuusoConnecta
Comment Utility
Im not really a network guy, so I do not want to involve myself in this configuration due to my sucky knowledge of subnets and firewalls etc =P
0
 

Author Comment

by:gherman
Comment Utility
On, i understand - but what mechanisms are involved in the internal routing in Exchange. As I mentioned before - the SMTP log does not have a single line regarding the email before the routing - only after the 20 hours it comes to the SMTP protocol.

0
 
LVL 11

Expert Comment

by:JuusoConnecta
Comment Utility
Do you have root domain and subdomains ? if you do, where is the exchange server installed, root / subdomain ? and where are the users located ?

What im trying to say is that, lets say for example that your exchange server is installed on a root domain and the user accounts resides within that root domain as wel, then the mail routing should be pretty forward. But if the exchange server resides within a different subdomain than the users then the routing might take a different path.

Can you go to EMC -> server configuration -> right click and choose properties on your exchange server -> click on the tab system settings -> Here you should see which domain controller are being used by exchange server and which global catalogs are being used by it as well..

Otherwise you could try downloading wireshark and track the network traffic to see if the mail gets routed somehow...

But then again your SMTP logs seems find.. let me know how this goes
0
 

Author Comment

by:gherman
Comment Utility
@ Juuso

I dont have any subdomains - everything is on one server. The domain controller and the global catalod is the same server, i.e. the same SBS machine....

0
 

Author Comment

by:gherman
Comment Utility
Updated info  - by sheer chance I noticed the following:

A couple of emails are stuck in the routing cue again and I took a screenshot - DNS error...what to do next?

Also - nslookup does not resolve mx correctly....wich is wierd because this mail will be sent in a couple of hours and then ther ewill be no problem resolving mx for the domain with nslookup...!
Capture.JPG
0
 

Author Comment

by:gherman
Comment Utility
I have added external DNS servers to the network connection and it seems to work for now.

0
 
LVL 11

Expert Comment

by:JuusoConnecta
Comment Utility
Gherman, can you close this question =),

cheers
0
 

Author Comment

by:gherman
Comment Utility
Hi,

I found the problem....it was the DNS after all...I dont know how or why but when I added more DNS servers the problem was solved.....

Thanx for your help guys!
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

Easy CSR creation in Exchange 2007,2010 and 2013
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now