Solved

Email Delivery Being Delayed to Specific Domain

Posted on 2010-09-10
23
1,640 Views
Last Modified: 2013-11-15
We are running Exchange 2007 on a Windows 2008 server. We are experiencing delivery delays to one specific organization and also to the organization that hosts the other organizations email system.
I pulled a log after sending an email to the primary organization and the send information looks normal. But there is generally at least an hour delay before the organization receives the mail, sometimes longer. At this time these are the only two organizations that are experiencing delays. I contacted the admin at the hosting company and he has not changed his spam filtering and he also has our organization whitelisted.
What can I do to determine the cause of the delivery delays?
0
Comment
Question by:RSUMatt
  • 11
  • 6
  • 5
  • +1
23 Comments
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33649842
What is the DSN error code you are getting.

Can you enter the other org here
www.mxtoolbox.com
run SMTP diag
and blacklist check

also go here
www.senderbase.org
check their sender reputation

post back please.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33649847
i would attempt a telnet session to their system from your exchange server and attempt a message during one of the delays

telnet mx.domain.com 25
ehlo yourdomain.com
mail from: you@yourdomain.com
rcpt to: someone@theirdomain.com

see if you can get to that point
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33649852
also

run a tracert from your exchange to their public IP
see if it terminates there - or it drops somewhere in between.

then try this from the web.
http://www.dnsstuff.com/
0
 
LVL 49

Expert Comment

by:Akhater
ID: 33649873
since emails are reaching them so I doubt it is a black listing issue, during the delay time where are the emails ? in your exchange queue ? if so what is the error of the queue ?

how do you send emails ? directly or do you use a smart host relay ? if you use a smart host relay then the issue is probably from their side
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33649899
can we check DNS ?
dcdiag /v /e /TEST:DNS > c:\dcdiag.txt

0
 

Author Comment

by:RSUMatt
ID: 33650389
The messages are in the queue. For the primary receiver, the error is "451 4.4.0 DNS query failed."
There are messages for the hosting company as well. The error for those mails is 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect Attempted to failover to alternate host but did not succeed."

The receiver shows good for reputation. We are on their whitelist, so blacklisting shouldn't be an issue.

Tracert gets to them but times out before getting to the mail server IP.
 tried to run the dcdiag /v /e /TEST:DNS > c:\dcdiag.txt but only got:
Directory Server Diagnosis
Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine RSUFSEXCH, is a Directory Server.
   ***Error: RSUFSEXCH is not a Directory Server.  Must specify /s:<Directory

   Server> or  /n:<Naming Context> or nothing to use the local machine.
   ERROR: Could not find home server.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 33650405
"451 4.4.0 DNS query failed."

clearly means your exchange cannot query their MX record

try
nslookup
set typ=mx
theirdomain.com

do you have any reply ?
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33650459
dcdiag /v /e /TEST:DNS > c:\dcdiag.txt but only got:
Directory Server Diagnosis

>> sorry - you have to run this from the domain controller - not the exchange server.

451.4.4.0 DNS query failed -> your mail server cant lookup their domain.

Tracert gets to them but times out before getting to the mail server IP.
>> can you repeat this from dnsstuff.com - or some other web based tracert.

There might be a faulty router in your path. (the hop after it times out)
0
 

Author Comment

by:RSUMatt
ID: 33650476
I get this from the nslookup.
> set type=mx
> newnet66.org

Non-authoritative answer:
newnet66.org    MX preference = 10, mail exchanger = mail.newnet66.org

mail.newnet66.org       internet address = 64.218.183.21
0
 
LVL 49

Expert Comment

by:Akhater
ID: 33650505
it is very weird that you are receiving a DNS failure when you can resolve their MX

this is for the domain giving "451 4.4.0 DNS query failed." right not "421 4.2.1 Unable to connect Attempted to failover to alternate host but did not succeed."
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33650519
ok - I can telnet to mail.newnet66.org

220 msvr1.newnet66.org ESMTP IceWarp 10.1.3 (2010-07-30) RHEL5; Fri, 10 Sep 2010
 15:50:39 -0500

I think they have ping disabled in firewall
They are running IceWarp mail server
http://www.icewarp.com/downloads/tools/

Can you use their DNS query tool
http://www.icewarp.com/downloads/tools/

---
this is my guess. I think you are using root-hints for your DNS lookups.
You have to use your ISP and add them as forwarders

from your DC
go here
start > run > dnsmgmt.msc
right click on server
Go to properties
Go to forwarders tab
add your ISP's dns in there

--
also give me the output for this
run this from dc
dcdiag /v /e /TEST:DNS > c:\dcdiag1.txt

thanks
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:RSUMatt
ID: 33650524
Using dnsstuff.com I ran a tracert and it fails at hop 13 with "Firewall did not repsond". It does three more attempts and then says "4 hops with no response: assuming we hit a firewall that blocks pings". Ends tracert at hop 16.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33650553
I think firewall is blocking.

start > run > cmd

telnet mail.newnet66.org 25
you will get the SMTP banner as above.
So the mail server is responding.

I guess it's probably DNS issue at your end. Follow the steps in the above comment please.

thanks
0
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 500 total points
ID: 33650557
@akhater
probably name resolution through root-hints, rather than their ISP's DNS

I am just guessing.
0
 

Author Comment

by:RSUMatt
ID: 33650716
When I run telnet mail.newnet66.org 25 on the mail server I get:

C:\Users\mattadmin>telnet mail.newnet66.org 25
Connecting To mail.newnet66.org...Could not open connection to the host, on port
 25: Connect failed

I will try adding our ISP as a forwarder. May not be able to do it today, but I will post my results Monday. Thanks to everyone for your quick response.

0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33650722
you too matt.
Have a good weekend.

0
 
LVL 49

Expert Comment

by:Akhater
ID: 33650761
telnet mail.newnet66.org 25

is opening just fine from here, you either have a routing issue between both of you or their firewall is blocking your ip
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33650781
ISP is blocking port 25
ISP's allowing smtp relay only through their SMTP server.

In that case you must be using a smarthost to relay emails.
Check if your smarthost has any issues with newnet66.org

0
 

Author Comment

by:RSUMatt
ID: 33650784
The last time anything remotely like this happened our ISP goofed up the routing tables and it excluded an entire range of domains that stopped receiving email. I have a call into them as well to see if we have a similar situation. That's still the primary suspect because there haven't been any mail server changes in the same time period that we started having these issues.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33650793
Time to call your ISP and raise hell.
0
 
LVL 49

Expert Comment

by:Akhater
ID: 33650810
well since the same address port 25 is working fine from here I have to suspect your ISP or their firewall
0
 

Author Comment

by:RSUMatt
ID: 33666774
We did have a forwarder missing from one of our DNS servers. I'm still not sure that was the issue since email had previously been moving to the domains in question without issues. I also contacted our ISP and the end receiver's tech support folks and between those three things mail is now moving to those domains with no delays. Thanks for everyone's help. It helped make the process go much quicker.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33666792
Thanks for the points RSUMatt
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This video shows how use content aware, what it’s used for, and when to use it over other tools.
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now