Link to home
Create AccountLog in
Avatar of Randy
RandyFlag for United States of America

asked on

Exchange Connections Timed Out and Emails in the Queue

We are having problems with mail not being delivered to us because the connection times out and is deferred.  I am also having emails hang in Queue, some never going out until I delete them.

Our Exchange 2003 server is behind the firewall and has a MIP.

We also have an external AnteSpam service but I am not using a  smarthost.

What do I need to be checking, I need help finding the answers.
ASKER CERTIFIED SOLUTION
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Randy

ASKER

When I do a a Reverse DNS test, I get a Non-authoritative answer

When I do an Open relay check it says that "Our tests indicate your mail server allows open relay".  I do not understand how this could be...I only allow our domain to relay.

When I do a DNS lookup  I get an "A" record but no other records...no MX record

Help
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Randy

ASKER

The NSLOOKUP is correct from my computer inside the network.

On the default SMTP virtual server, on the authentication, it seem as if I have to have "anonymous" checked.

Also your article says:
To check or correct the configuration of the Default SMTP Virtual Server:

Start Exchange System manager (ESM)
Expand Servers, <your server>, Protocols, SMTP.
Right click on "Default SMTP Virtual Server" and choose Properties.
Click on the "Access" Tab.
There are four buttons, click on "Relay..." at the bottom.
Ensure that "Only the list below" is enabled and the list is empty.
If you don't have users sending email through your email server with Outlook Express or another POP3 client then you can disable "Allow all users that successfully authenticate to relay regardless of the list above".
Apply/OK until all windows are closed.

I have our domain in there...do I not need to put anything in there?
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Randy

ASKER

Do you have users that use SMTP / POP3 for email access or are you configured for RPC over HTTPS?

unfortunately, I have both...still some who use pop3 and outlook express.
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Randy

ASKER

We do...have strong passwords and lockout enforced.

Why do you think it still thinks it's an open relay?
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Randy

ASKER

It is good with that one...
Okay - don't worry about the Open Relay then.

Now I am on my laptop (not my iPhone), do you want to post your domain name (which I will hide) and then I can check your domain and see what is amiss and advise you accordingly?

Alan
Avatar of Randy

ASKER

The other relay gives me this:

>> MAIL FROM:<spammer@192.168.5.220>
<< 250 2.1.0 spammer@192.168.5.220....Sender OK
>> RCPT TO:<"spammee@xx.73.18.57">
<< 250 2.1.5 "spammee@xx.73.18.57"@mydomain.com
Avatar of Randy

ASKER

how do you hide it?
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Randy

ASKER

What would you suggest that I do from outside our network?
If you can post your domain name - I can do some digging and give you specific advice.  If you don't want to, I can give you general advice and then we can keep posting back and forth!  I appreciate that you may not want post your domain name, but I can confirm that I can obscure it so that the information is not viewable to others.

Alan
If you are not comfortable posting the info - click on my name and you will find my email address which you can use to email me if you prefer.

Alan
Thanks - Email received.  Checking now.

Alan
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Randy

ASKER

The thing is that it is sporadic...10 emails may go, then one gets stuck in the queue

Kind of the same with incoming email...some will come in, others will time out and drop.
Are you on Exchange 2003 SP2?
Avatar of Randy

ASKER

We don't use a Postfix Server...that is probably the ISP/AntiSpam
Avatar of Randy

ASKER

Yes Exchange 2003 SP2
Also - you say your firewall has a MIP.  Please advise what a MIP is.

Thanks

Alan
Avatar of Randy

ASKER

Mapped IP Address....kind of like Network Address Translation
Avatar of Randy

ASKER

When you send to our domain the public address hits the firewall and then is remapped through to the actual ip address inside and sent through a different port so that everything inside is hidden from the outside.
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
The MIP sounds fine - that is semi-standard practise and shouldn't be a problem.
Avatar of Randy

ASKER

Thank you!  Your assistance has been outstanding.  If I could give you more than 500 points I would.

Thanks!
Thanks for your comments - 500 points is fine - what's important is you know that your server is configured correctly and the problem seems to be external to you.

In case you are wondering - the Anti-Spam software I use which costs $239 per server is Vamsoft ORF (www.vamsoft.com) and is absolutely brilliant.

If you have any other questions - please let me know.

Best wishes

Alan