• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1812
  • Last Modified:

Email Delivery Being Delayed to Specific Domain

We are running Exchange 2007 on a Windows 2008 server. We are experiencing delivery delays to one specific organization and also to the organization that hosts the other organizations email system.
I pulled a log after sending an email to the primary organization and the send information looks normal. But there is generally at least an hour delay before the organization receives the mail, sometimes longer. At this time these are the only two organizations that are experiencing delays. I contacted the admin at the hosting company and he has not changed his spam filtering and he also has our organization whitelisted.
What can I do to determine the cause of the delivery delays?
0
RSUMatt
Asked:
RSUMatt
  • 11
  • 6
  • 5
  • +1
1 Solution
 
sunnyc7Commented:
What is the DSN error code you are getting.

Can you enter the other org here
www.mxtoolbox.com
run SMTP diag
and blacklist check

also go here
www.senderbase.org
check their sender reputation

post back please.
0
 
endital1097Commented:
i would attempt a telnet session to their system from your exchange server and attempt a message during one of the delays

telnet mx.domain.com 25
ehlo yourdomain.com
mail from: you@yourdomain.com
rcpt to: someone@theirdomain.com

see if you can get to that point
0
 
sunnyc7Commented:
also

run a tracert from your exchange to their public IP
see if it terminates there - or it drops somewhere in between.

then try this from the web.
http://www.dnsstuff.com/
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
AkhaterCommented:
since emails are reaching them so I doubt it is a black listing issue, during the delay time where are the emails ? in your exchange queue ? if so what is the error of the queue ?

how do you send emails ? directly or do you use a smart host relay ? if you use a smart host relay then the issue is probably from their side
0
 
sunnyc7Commented:
can we check DNS ?
dcdiag /v /e /TEST:DNS > c:\dcdiag.txt

0
 
RSUMattAuthor Commented:
The messages are in the queue. For the primary receiver, the error is "451 4.4.0 DNS query failed."
There are messages for the hosting company as well. The error for those mails is 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect Attempted to failover to alternate host but did not succeed."

The receiver shows good for reputation. We are on their whitelist, so blacklisting shouldn't be an issue.

Tracert gets to them but times out before getting to the mail server IP.
 tried to run the dcdiag /v /e /TEST:DNS > c:\dcdiag.txt but only got:
Directory Server Diagnosis
Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine RSUFSEXCH, is a Directory Server.
   ***Error: RSUFSEXCH is not a Directory Server.  Must specify /s:<Directory

   Server> or  /n:<Naming Context> or nothing to use the local machine.
   ERROR: Could not find home server.
0
 
AkhaterCommented:
"451 4.4.0 DNS query failed."

clearly means your exchange cannot query their MX record

try
nslookup
set typ=mx
theirdomain.com

do you have any reply ?
0
 
sunnyc7Commented:
dcdiag /v /e /TEST:DNS > c:\dcdiag.txt but only got:
Directory Server Diagnosis

>> sorry - you have to run this from the domain controller - not the exchange server.

451.4.4.0 DNS query failed -> your mail server cant lookup their domain.

Tracert gets to them but times out before getting to the mail server IP.
>> can you repeat this from dnsstuff.com - or some other web based tracert.

There might be a faulty router in your path. (the hop after it times out)
0
 
RSUMattAuthor Commented:
I get this from the nslookup.
> set type=mx
> newnet66.org

Non-authoritative answer:
newnet66.org    MX preference = 10, mail exchanger = mail.newnet66.org

mail.newnet66.org       internet address = 64.218.183.21
0
 
AkhaterCommented:
it is very weird that you are receiving a DNS failure when you can resolve their MX

this is for the domain giving "451 4.4.0 DNS query failed." right not "421 4.2.1 Unable to connect Attempted to failover to alternate host but did not succeed."
0
 
sunnyc7Commented:
ok - I can telnet to mail.newnet66.org

220 msvr1.newnet66.org ESMTP IceWarp 10.1.3 (2010-07-30) RHEL5; Fri, 10 Sep 2010
 15:50:39 -0500

I think they have ping disabled in firewall
They are running IceWarp mail server
http://www.icewarp.com/downloads/tools/

Can you use their DNS query tool
http://www.icewarp.com/downloads/tools/

---
this is my guess. I think you are using root-hints for your DNS lookups.
You have to use your ISP and add them as forwarders

from your DC
go here
start > run > dnsmgmt.msc
right click on server
Go to properties
Go to forwarders tab
add your ISP's dns in there

--
also give me the output for this
run this from dc
dcdiag /v /e /TEST:DNS > c:\dcdiag1.txt

thanks
0
 
RSUMattAuthor Commented:
Using dnsstuff.com I ran a tracert and it fails at hop 13 with "Firewall did not repsond". It does three more attempts and then says "4 hops with no response: assuming we hit a firewall that blocks pings". Ends tracert at hop 16.
0
 
sunnyc7Commented:
I think firewall is blocking.

start > run > cmd

telnet mail.newnet66.org 25
you will get the SMTP banner as above.
So the mail server is responding.

I guess it's probably DNS issue at your end. Follow the steps in the above comment please.

thanks
0
 
sunnyc7Commented:
@akhater
probably name resolution through root-hints, rather than their ISP's DNS

I am just guessing.
0
 
RSUMattAuthor Commented:
When I run telnet mail.newnet66.org 25 on the mail server I get:

C:\Users\mattadmin>telnet mail.newnet66.org 25
Connecting To mail.newnet66.org...Could not open connection to the host, on port
 25: Connect failed

I will try adding our ISP as a forwarder. May not be able to do it today, but I will post my results Monday. Thanks to everyone for your quick response.

0
 
sunnyc7Commented:
you too matt.
Have a good weekend.

0
 
AkhaterCommented:
telnet mail.newnet66.org 25

is opening just fine from here, you either have a routing issue between both of you or their firewall is blocking your ip
0
 
sunnyc7Commented:
ISP is blocking port 25
ISP's allowing smtp relay only through their SMTP server.

In that case you must be using a smarthost to relay emails.
Check if your smarthost has any issues with newnet66.org

0
 
RSUMattAuthor Commented:
The last time anything remotely like this happened our ISP goofed up the routing tables and it excluded an entire range of domains that stopped receiving email. I have a call into them as well to see if we have a similar situation. That's still the primary suspect because there haven't been any mail server changes in the same time period that we started having these issues.
0
 
sunnyc7Commented:
Time to call your ISP and raise hell.
0
 
AkhaterCommented:
well since the same address port 25 is working fine from here I have to suspect your ISP or their firewall
0
 
RSUMattAuthor Commented:
We did have a forwarder missing from one of our DNS servers. I'm still not sure that was the issue since email had previously been moving to the domains in question without issues. I also contacted our ISP and the end receiver's tech support folks and between those three things mail is now moving to those domains with no delays. Thanks for everyone's help. It helped make the process go much quicker.
0
 
sunnyc7Commented:
Thanks for the points RSUMatt
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 11
  • 6
  • 5
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now