Exchange Connections Timed Out and Emails in the Queue

We are having problems with mail not being delivered to us because the connection times out and is deferred.  I am also having emails hang in Queue, some never going out until I delete them.

Our Exchange 2003 server is behind the firewall and has a MIP.

We also have an external AnteSpam service but I am not using a  smarthost.

What do I need to be checking, I need help finding the answers.
rand1964Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
Please check your server configuration, reverse dns, ip for blacklists and read through my article for guidance:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/A_2427-Problems-sending-mail-to-one-or-more-external-domains.html
0
 
rand1964Author Commented:
When I do a a Reverse DNS test, I get a Non-authoritative answer

When I do an Open relay check it says that "Our tests indicate your mail server allows open relay".  I do not understand how this could be...I only allow our domain to relay.

When I do a DNS lookup  I get an "A" record but no other records...no MX record

Help
0
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
Please have a read of the following to check / resolve your open relay:

http://www.amset.info/exchange/smtp-openrelay.asp
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
Reverse DNS should be something like mail.domain.com.  Is it?

From a command prompt type:

nslookup IP-Address
(replace with your fixed Internet IP address e.g. nslookup 123.123.123.123)

The response should be as mentioned above.
0
 
rand1964Author Commented:
The NSLOOKUP is correct from my computer inside the network.

On the default SMTP virtual server, on the authentication, it seem as if I have to have "anonymous" checked.

Also your article says:
To check or correct the configuration of the Default SMTP Virtual Server:

Start Exchange System manager (ESM)
Expand Servers, <your server>, Protocols, SMTP.
Right click on "Default SMTP Virtual Server" and choose Properties.
Click on the "Access" Tab.
There are four buttons, click on "Relay..." at the bottom.
Ensure that "Only the list below" is enabled and the list is empty.
If you don't have users sending email through your email server with Outlook Express or another POP3 client then you can disable "Allow all users that successfully authenticate to relay regardless of the list above".
Apply/OK until all windows are closed.

I have our domain in there...do I not need to put anything in there?
0
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
>> On the default SMTP virtual server, on the authentication, it seem as if I have to have "anonymous" checked. <<

Yes - without anonymous enabled you won't receive any emails.

Do you have users that use SMTP / POP3 for email access or are you configured for RPC over HTTPS?
0
 
rand1964Author Commented:
Do you have users that use SMTP / POP3 for email access or are you configured for RPC over HTTPS?

unfortunately, I have both...still some who use pop3 and outlook express.
0
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
Okay - so you need to allow authenticated users to relay, but this will open your server up to potential abuse and blacklisting if you don't implement strong password policies and account lockouts after a few invalid login attempts.
0
 
rand1964Author Commented:
We do...have strong passwords and lockout enforced.

Why do you think it still thinks it's an open relay?
0
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
Not sure - please visit www.checkor.com and see what that makes of your server.
0
 
rand1964Author Commented:
It is good with that one...
0
 
Alan HardistyCo-OwnerCommented:
Okay - don't worry about the Open Relay then.

Now I am on my laptop (not my iPhone), do you want to post your domain name (which I will hide) and then I can check your domain and see what is amiss and advise you accordingly?

Alan
0
 
rand1964Author Commented:
The other relay gives me this:

>> MAIL FROM:<spammer@192.168.5.220>
<< 250 2.1.0 spammer@192.168.5.220....Sender OK
>> RCPT TO:<"spammee@xx.73.18.57">
<< 250 2.1.5 "spammee@xx.73.18.57"@mydomain.com
0
 
rand1964Author Commented:
how do you hide it?
0
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
What other relay check are you running?

If the www.checkor.com site say you are not an open relay - then you are not an Open Relay.
0
 
rand1964Author Commented:
What would you suggest that I do from outside our network?
0
 
Alan HardistyCo-OwnerCommented:
If you can post your domain name - I can do some digging and give you specific advice.  If you don't want to, I can give you general advice and then we can keep posting back and forth!  I appreciate that you may not want post your domain name, but I can confirm that I can obscure it so that the information is not viewable to others.

Alan
0
 
Alan HardistyCo-OwnerCommented:
If you are not comfortable posting the info - click on my name and you will find my email address which you can use to email me if you prefer.

Alan
0
 
Alan HardistyCo-OwnerCommented:
Thanks - Email received.  Checking now.

Alan
0
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
Okay - I can't see any issues with your domain at all.

You are not blacklisted, your IP is GOOD on www.senderbase.org, your domain checks out fine, Reverse DNS is correct and you are not an open relay!

So - the people who you are not able to send mail to are blocking you incorrectly and you will need to contact them to ask them why they are blocking you.

Your server is RFC compliant, so they have no good reason at all to reject you.

You might want to add an SPF record to assist your domain, but that is not a requirement and shouldn't prevent you from sending mail anywhere.

Alan
0
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
Inbound problems could be caused by you using a Postfix server to receive your mail.  Some servers don't play nicely with Postfix servers!  That could be the cause of your inbound issues.
0
 
rand1964Author Commented:
The thing is that it is sporadic...10 emails may go, then one gets stuck in the queue

Kind of the same with incoming email...some will come in, others will time out and drop.
0
 
Alan HardistyCo-OwnerCommented:
Are you on Exchange 2003 SP2?
0
 
rand1964Author Commented:
We don't use a Postfix Server...that is probably the ISP/AntiSpam
0
 
rand1964Author Commented:
Yes Exchange 2003 SP2
0
 
Alan HardistyCo-OwnerCommented:
Also - you say your firewall has a MIP.  Please advise what a MIP is.

Thanks

Alan
0
 
rand1964Author Commented:
Mapped IP Address....kind of like Network Address Translation
0
 
rand1964Author Commented:
When you send to our domain the public address hits the firewall and then is remapped through to the actual ip address inside and sent through a different port so that everything inside is hidden from the outside.
0
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
The server that receives your mail is a Postfix server and that will be your 3rd party Anti-Spam company.

Postfix and Exchange can have issues talking to each other and this may be your issue?

Do you pay much for your 3rd party anti-Spam solution and does it stop your spam?  Are you paying more than $239 for it (as a one-off cost)?

I would recommend you install some trial Anti-Spam software and point your MX records at your own server then you can see if the 3rd party is causing your inbound problems.

Your outbound problems are either the receiving end, or possibly something to do with you MIP, but as your email arrived directly on my server happily, that tells me that your server is configured correctly and shouldn't be having problems.
0
 
Alan HardistyCo-OwnerCommented:
The MIP sounds fine - that is semi-standard practise and shouldn't be a problem.
0
 
rand1964Author Commented:
Thank you!  Your assistance has been outstanding.  If I could give you more than 500 points I would.

Thanks!
0
 
Alan HardistyCo-OwnerCommented:
Thanks for your comments - 500 points is fine - what's important is you know that your server is configured correctly and the problem seems to be external to you.

In case you are wondering - the Anti-Spam software I use which costs $239 per server is Vamsoft ORF (www.vamsoft.com) and is absolutely brilliant.

If you have any other questions - please let me know.

Best wishes

Alan
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.