Link to home
Start Free TrialLog in
Avatar of lwebber
lwebber

asked on

Message routed and queued for remote delivery - internal Exchange server

Exchange Server 2003 Standard (SP2) running on Windows 2003 R2. Sonicwall firewall and a SonicWall email security box. We had a single Exchange Server (OLDSRVR.corp.mydomain.com) which is a DC. There is another DC (FOOSRVR) as well. DNS is configured correctly AFAICT. The network config:  Sonicwall Firewall appliance: 192.168.1.1; SonicWall EmailSecurity box (emailsecurity.corp.mydomain.com) 192.168.1.224. On OLDSRVR (192.168.1.191), the Default SMTP Virtual Server, Properties, Delivery, Advanced, Smarthost points to emailsecurity.corp.mydomain.com. Internal email worked fine. External email worked fine, both directions.

I then added a second Exchange Server (NEWSRVR.corp.mydomain.com - 192.168.1.67) running Exchange Server 2003 SP2. As you can see from its IP address, It is on the same LAN segment as OLDSRVR. It is in the same First Administrative Group, and in the same First Routing Group, where OLDSRVR appears as the Master, and NEWSRVR appears as Member.

I created a TestUser with a mailbox on NEWSRVR. TestUser can send to any mailbox on OLDSRVR, and can send to external Internet recipients. But TestUser can't receive anything. If I send an internal email from a mailbox on OLDSRVR to TestUser, it goes to the NEWSRVR.corp.mydomain.com queue. I have enabled message tracking, and sent a message from OldUser (mailbox on OLDSRVR) to TestUser (mailbox on NEWSRVR). The message history shows:

12:27/2010 9:53 AM SMTP Store Driver: Message Submitted from Store
12:27/2010 9:53 AM SMTP: Message Submitted to Advanced Queuing
12:27/2010 9:53 AM SMTP: Started Message Submission to Advanced Queue
12:27/2010 9:53 AM SMTP: Message Submitted to Categorizer
12:27/2010 9:53 AM SMTP: Message Categorized and Queued for Routing
12:27/2010 9:53 AM SMTP: Message Routed and Queued for Remote Delivery

I also tried a Telnet connection to NEWSRVR, and sent a message from OldUser to NewUser. In the Message History, I got:

12:27/2010 10:00 AM SMTP: Message Submitted to Advanced Queuing
12:27/2010 10:00 AM SMTP: Started Message Submission to Advanced Queue
12:27/2010 10:00 AM SMTP: Message Submitted to Categorizer
12:27/2010 10:00 AM SMTP: Message Categorized and Queued for Routing
12:27/2010 10:00 AM SMTP: Message Routed and Queued for Remote Delivery
12:27/2010 10:07 AM SMTP: Started Outbound Transfer of Message
12:27/2010 10:07 AM Message transferred to emailsecurity.corp.mydomain.com through SMTP
12:27/2010 10:07 AM SMTP: Message Submitted to Advanced Queuing
12:27/2010 10:07 AM SMTP: Started Message Submission to Advanced Queue
12:27/2010 10:07 AM SMTP: Message Submitted to Categorizer
12:27/2010 10:07 AM SMTP: Message Categorized and Queued for Routing
12:27/2010 10:07 AM SMTP: Message Routed and Queued for Remote Delivery
12:27/2010 10:29 AM SMTP: Started Outbound Transfer of Message
12:27/2010 10:29 AM Message transferred to emailsecurity.corp.mydomain.com through SMTP
12:27/2010 10:29 AM SMTP: Message Submitted to Advanced Queuing
12:27/2010 10:39 AM SMTP: Started Message Submission to Advanced Queue
12:27/2010 10:39 AM SMTP: Message Submitted to Categorizer
12:27/2010 10:39 AM SMTP: Message Categorized and Queued for Routing
12:27/2010 10:39 AM SMTP: Message Routed and Queued for Remote Delivery
12:27/2010 10:51 AM SMTP: Started Outbound Transfer of Message
... etc. This pattern repeats about every 10 - 12 minutes.


On the Sonicwall emailsecurity appliance, I can see messages from olduser to newuser. They are shown as "outbound - arrived into gateway from 192.168.1.191" (OLDSRVR), and "delivered - accepted by 192.168.1.191:25).

So -- it looks like the culprit is the Categorizer on OldSrvr. It seems to think that NewSrvr is an external system, and routes messages out the SMTP default virtual server to the smarthost (emailsecurity appliance). The emailsecurity appliance gets the email, sees that it is addressed to newuser@mydomain.com, and promptly sends it back to OldSrver, where it gets routed back out again.

Is my analysis correct? If so, how do I fix the Categorizer?

Also -- when I send an email from MyAccount@live.com to newuser@mydomain.com, the Sonicwall rejects it as a Directory Harvest Attack (DHA). WTF?
ASKER CERTIFIED SOLUTION
Avatar of lwebber
lwebber

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
click the Request Attention link in your question above and request to PAQ from a moderator.
Avatar of lwebber
lwebber

ASKER

Tx, digitap. Guess that's why you're a Genius and I a mere Guru.  :-)
LOL...that's too funny.  there's nothing but humility coming from this end.... >GRIN<!
Avatar of lwebber

ASKER

Found the answer myself