Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1430
  • Last Modified:

Delayed/Undeliverable Email; Exchange 2007

Been having troubles lately with our Exchange 2007 server, we're getting a higher than normal volume of bounces, delays, or undeliverable email, both incoming and outgoing. The odd thing is it's never consistent, some domains get our mail and can send mail to us, sometimes there is a delay notification and will eventually go through, sometimes they'll get a delay notification and it will go undeliverable.

I've run every test in exchange mail route and it hints to a DNS problem obviously but the messed up thing is i can't find a single thing wrong with anything.

I've checked and refreshed our domain root hints, I've run with domain pointers through verizon dns and googles public dns, integra's dns who is our T1 provider, nothing is stuck in the queue.

I've called Integra to make sure there was no problems between us and them, our adtran is working fine, our router is functioning properly, websites are resolving correctly.

The only semi consistant domain i can test off of is sbcglobal.net which at this time we only can email to and receive about 10% of the time.

I've run numerous mxlookups and we're not on any blacklists, nslookups to other domains all resovle and i can connect to all of the affected domains through telnet.

I'm Stumped...

our domain is hysecurity.com
mail.hysecurity.com


The following is the delay notification we're receiving.

Delivery is delayed to these recipients or distribution lists:

'somedude@sbcglobal.net'

Subject: Test

This message has not yet been delivered. Microsoft Exchange will continue to try delivering the message on your behalf.

Delivery of this message will be attempted until 11/11/2010 12:23:47 PM (GMT-08:00) Pacific Time (US & Canada). Microsoft Exchange will notify you if the message can't be delivered by that time.


The header info for that email is as follows:

Received: from HSK.HySecurity.local ([10.0.0.12]) by HSK.HySecurity.local
 ([10.0.0.12]) with mapi; Wed, 10 Nov 2010 07:08:18 -0800
Content-Type: application/ms-tnef; name="winmail.dat"
Content-Transfer-Encoding: binary
From: Nick  <email@hysecurity.com>
To: Bruce  <email@hysecurity.com>
Date: Wed, 10 Nov 2010 07:08:16 -0800
Subject: FW: Test
Thread-Topic: Test
Thread-Index: AcuATAK3NzGq6MfLQ6i7cw2BYrpAOwAIa4RCAB7XgPA=
Message-ID: <EECE99C4D3A7AB468F26415F5882793520F999D756@HSK.HySecurity.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-Exchange-Organization-SCL: -1
X-MS-TNEF-Correlator: <EECE99C4D3A7AB468F26415F5882793520F999D756@HSK.HySecurity.local>
MIME-Version: 1.0

Any, ANY ideas would be greatly appreciated!

0
binaryjunky
Asked:
binaryjunky
  • 4
2 Solutions
 
blue-screenCommented:
I see you have RFC1918 addresses - how is your router/NAT/firewall to the internet set up?

Is your outgoing IP address a static address, or part of a pool of addresses?

Some service providers block port 25 to prevent SPAM attacks.  If you have a "pool" of IP addresses, maybe some of them block port 25 and some do not.

Make sure that mail server address is mapped to a static address that does not block port 25.
0
 
Barry GillChief of StaffCommented:
From: Nick  <email@hysecurity.com>
To: Bruce  <email@hysecurity.com>

Just wondering about this.
The headers "for that mail" as you say it do not seem to be going to anyone externally.
Is the sbcglobal.net address inside a distribution list?

Wasn't clear from your mail, but what is your outbound path?
Do you deliver direct from Exchange or do you deliver to a gateway device or anything like that?
0
 
binaryjunkyAuthor Commented:
Yes, our address is a static address, we do have a gateway device, we have a gateway server running forefront TMG, and our exchange server is behind that. Sorry for the confusion about the internal addresses, from nick to me that's a mistake, that particular header was a forwarded mail from nick to me here is a real bounce header.

apologies.


Received: from HSL.HySecurity.local (10.0.0.1) by HSK.HySecurity.local
 (10.0.0.12) with Microsoft SMTP Server (TLS) id 8.2.254.0; Fri, 12 Nov 2010
 04:06:36 -0800
MIME-Version: 1.0
From: <MicrosoftExchange329e71ec88ae4615bbc36ab6ce41109e@hysecurity.com>
To: <email@hysecurity.com>
Date: Fri, 12 Nov 2010 04:06:36 -0800
Content-Type: multipart/report; report-type=delivery-status;
      boundary="bd7e78ca-2fdd-4c45-a0b2-1cbc9c05061e"
Content-Language: en-US
Message-ID: <3ddb2965-ad37-4273-bb67-63618b5c334e>
In-Reply-To: <EECE99C4D3A7AB468F26415F5882793520FF772BF7@HSK.HySecurity.local>
References: <EECE99C4D3A7AB468F26415F5882793520FF772BF7@HSK.HySecurity.local>
Thread-Index: AcuCQGnnP3XCY4uXTcG4hP9sy1UqvQAIaP3R
Subject: Delivery Delayed:
Return-Path: <>
X-MS-Exchange-Organization-SCL: -1


So in this particular header, this is a delay notification I sent to an SBCGLOBAL.net address, in this case "HSL" is our gateway server and "HSK" is our exchange server.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
binaryjunkyAuthor Commented:
I was hoping it wounldn't be a problem with our firewall....
0
 
binaryjunkyAuthor Commented:
I checked over our firewall settings and made sure that all SMTP traffic allowed from our gateway server to the messaging server.
0
 
binaryjunkyAuthor Commented:
I think I solved the problem, our mailserver was mapped to "all IP addresses" instead of our forward facing .186 ip.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now