Can't receive emails from one client

I'm on Exchange 2003, and have never had email problems. Suddenly, one of our clients can no longer contact us. They send us messages and their Exchange server just says the message is delayed, delayed, delayed, then failed. DNS is correct, the messages aren't reaching our network at all. They're on Exchange 2010 and can send just fine to everybody else.

When I telnet from a remote computer into our Exchange server, I get:

220 [domain] Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at  Th
u, 23 Sep 2010 13:10:16 -0700

But when the people at this network that can't send us mail run the same telnet command, they get:

220 *****************************************************************************************

Any idea what the problem is?
NRTCFAsked:
Who is Participating?
 
Brian BConnect With a Mentor EE Topic Advisor, Independant Technology ProfessionalCommented:
I have seen that happen when the Exchange server is going through a Cisco Firewall which has the "smtp fixup" turned on.
0
 
myhcCommented:
can anyone else at the same domain send you emails. (so john@domain.com can't.. can jess@domain.com send them to you?)
0
 
endital1097Commented:
they have something blocking smtp verbs on their router
are they having issues with anyone else
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
myhcCommented:
I think it could be a SMTP issue.

Please goto http://www.mxtoolbox.com/

do a MX test on your domain.com name.
then click the SMTP test button on your resolved smtp server.

Please let me know if anything fails.
0
 
endital1097Commented:
That's it smtp fixup. Thx tbone
0
 
NRTCFAuthor Commented:
Thanks gang.

MYHC: No, nobody at theirdomain.com can send me emails at mydomain.com. MX & SMTP tests at mxtoolbox are good for mydomain.com

TBone2K: I'll try that, thanks.

ENDITALL1097: They're not having issues with anyone else as far as I know.
0
 
Alan HardistyCo-OwnerCommented:
TBone2K is correct in his earlier post
220 *****************************************************************************************
This is classis CISCO SMTP Fixup / ESMTP Inspect which is supposed to help secure mail transport, but in fact reduces the command set and messes with mail-flow.
Please re-configure your CISCO appliance (PIX / ASA) and disable / turn off ESMTP Inspect or SMTP Fixup and then you might be able to receive from the problem domain.
 
0
 
NRTCFAuthor Commented:
TBone2K's suggestion was correct. They can now telnet successfully to my Exchange server. However, they still get a 'delayed' message when trying to send email to mydomain.com

Any idea what else it could be? Their Exchange server simply reports:

#550 4.4.7 QUEUE.Expired; message expired # #
0
 
Alan HardistyCo-OwnerCommented:
Do you know their IP Address?
Can you look it up on www.mxtoolbox.com/blacklists.aspx?
Can you post their domain name please - which I can obscure - so that I can see if there is anything odd about their domain.  They may be missing Reverse DNS, be badly configured or be blacklisted.
0
 
Alan HardistyCo-OwnerCommented:
Thanks - comment deleted to protect their identity.
Alan Hardisty
Experts Exchange Zone Advisor
0
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
Okay - they are badly configured.
There are 3 MX records on their domain - their primary MX has a priority of 0 - which can cause inbound issues, but not outbound issues - you might want to let them know, but this is not causing the problem.  They should change the Priority from 0 to anything else.  They already have a 5, so 1 would be better.
Their primary MX record IP address has a generic Reverse DNS record listed for it - they are required to have a crrectly configured Reverse DNS record if they send out mail from their IP Address.  Currently they are IP_Address_dia.static.qwest.net. and should be smtp.theirdomain.com.  Your server may be rejecting them because of this.
They are sitting behind a Sonicwall device which is restricting the SMTP Verbs that can be used and this may be causing the problem.
They need to call their ISP and ask for Revers DNS of smtp.theirdomain.com to be setup on their fixed IP Address
This is the response from their server:
220 kinhmf01.north-hollywood.theirdomain.local ESMTP SonicWALL (7.2.1.2841)
ehlo mydomain.co.uk
250-kinhmf01.north-hollywood.theirdomain.local
250-8BITMIME
250-ENHANCEDSTATUSCODES
250 SIZE
This is the response from my server:
220 server.mydomain.co.uk Microsoft ESMTP MAIL Service ready at Thu, 23 Sep 201
0 23:30:18 +0100
ehlo mydomain.co.uk
250-server.mydomain.co.uk Hello [10.xx.xx.xx]
250-SIZE
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM LOGIN
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250-XEXCH50
250-XRDST
250 XSHADOW
They need to reconfigure their Sonicwall to disable SMTP Verbs - SMTP Inspection - SMTP interference for want of a better description and then they might have fewer issues sending to you.
0
 
NRTCFAuthor Commented:
alanhardisty,

Thanks, I'll have them try that and let you know!
0
 
NRTCFAuthor Commented:
alanhardisty,

They are hesitant to make these changes. Can you think of anywhere on the web that looks authoritative and recommends the setup you've recommended, so I can persuade them it's really their end that needs to change? :)
0
 
Brian BEE Topic Advisor, Independant Technology ProfessionalCommented:
I think we are getting off topic for the original question. The issue was caused by SMTP fixup.
0
 
NRTCFAuthor Commented:
thanks, guys!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.