Solved

Exchange Connections Timed Out and Emails in the Queue

Posted on 2011-02-14
32
310 Views
Last Modified: 2012-05-11
We are having problems with mail not being delivered to us because the connection times out and is deferred.  I am also having emails hang in Queue, some never going out until I delete them.

Our Exchange 2003 server is behind the firewall and has a MIP.

We also have an external AnteSpam service but I am not using a  smarthost.

What do I need to be checking, I need help finding the answers.
0
Comment
Question by:rand1964
  • 18
  • 14
32 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 34890799
Please check your server configuration, reverse dns, ip for blacklists and read through my article for guidance:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/A_2427-Problems-sending-mail-to-one-or-more-external-domains.html
0
 

Author Comment

by:rand1964
ID: 34891086
When I do a a Reverse DNS test, I get a Non-authoritative answer

When I do an Open relay check it says that "Our tests indicate your mail server allows open relay".  I do not understand how this could be...I only allow our domain to relay.

When I do a DNS lookup  I get an "A" record but no other records...no MX record

Help
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 500 total points
ID: 34891249
Please have a read of the following to check / resolve your open relay:

http://www.amset.info/exchange/smtp-openrelay.asp
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 500 total points
ID: 34891275
Reverse DNS should be something like mail.domain.com.  Is it?

From a command prompt type:

nslookup IP-Address
(replace with your fixed Internet IP address e.g. nslookup 123.123.123.123)

The response should be as mentioned above.
0
 

Author Comment

by:rand1964
ID: 34891480
The NSLOOKUP is correct from my computer inside the network.

On the default SMTP virtual server, on the authentication, it seem as if I have to have "anonymous" checked.

Also your article says:
To check or correct the configuration of the Default SMTP Virtual Server:

Start Exchange System manager (ESM)
Expand Servers, <your server>, Protocols, SMTP.
Right click on "Default SMTP Virtual Server" and choose Properties.
Click on the "Access" Tab.
There are four buttons, click on "Relay..." at the bottom.
Ensure that "Only the list below" is enabled and the list is empty.
If you don't have users sending email through your email server with Outlook Express or another POP3 client then you can disable "Allow all users that successfully authenticate to relay regardless of the list above".
Apply/OK until all windows are closed.

I have our domain in there...do I not need to put anything in there?
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 500 total points
ID: 34891524
>> On the default SMTP virtual server, on the authentication, it seem as if I have to have "anonymous" checked. <<

Yes - without anonymous enabled you won't receive any emails.

Do you have users that use SMTP / POP3 for email access or are you configured for RPC over HTTPS?
0
 

Author Comment

by:rand1964
ID: 34891576
Do you have users that use SMTP / POP3 for email access or are you configured for RPC over HTTPS?

unfortunately, I have both...still some who use pop3 and outlook express.
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 500 total points
ID: 34891596
Okay - so you need to allow authenticated users to relay, but this will open your server up to potential abuse and blacklisting if you don't implement strong password policies and account lockouts after a few invalid login attempts.
0
 

Author Comment

by:rand1964
ID: 34891679
We do...have strong passwords and lockout enforced.

Why do you think it still thinks it's an open relay?
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 500 total points
ID: 34891831
Not sure - please visit www.checkor.com and see what that makes of your server.
0
 

Author Comment

by:rand1964
ID: 34891934
It is good with that one...
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34891950
Okay - don't worry about the Open Relay then.

Now I am on my laptop (not my iPhone), do you want to post your domain name (which I will hide) and then I can check your domain and see what is amiss and advise you accordingly?

Alan
0
 

Author Comment

by:rand1964
ID: 34891982
The other relay gives me this:

>> MAIL FROM:<spammer@192.168.5.220>
<< 250 2.1.0 spammer@192.168.5.220....Sender OK
>> RCPT TO:<"spammee@xx.73.18.57">
<< 250 2.1.5 "spammee@xx.73.18.57"@mydomain.com
0
 

Author Comment

by:rand1964
ID: 34892004
how do you hide it?
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 500 total points
ID: 34892286
What other relay check are you running?

If the www.checkor.com site say you are not an open relay - then you are not an Open Relay.
0
 

Author Comment

by:rand1964
ID: 34892409
What would you suggest that I do from outside our network?
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34892425
If you can post your domain name - I can do some digging and give you specific advice.  If you don't want to, I can give you general advice and then we can keep posting back and forth!  I appreciate that you may not want post your domain name, but I can confirm that I can obscure it so that the information is not viewable to others.

Alan
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34892496
If you are not comfortable posting the info - click on my name and you will find my email address which you can use to email me if you prefer.

Alan
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34892550
Thanks - Email received.  Checking now.

Alan
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 500 total points
ID: 34892592
Okay - I can't see any issues with your domain at all.

You are not blacklisted, your IP is GOOD on www.senderbase.org, your domain checks out fine, Reverse DNS is correct and you are not an open relay!

So - the people who you are not able to send mail to are blocking you incorrectly and you will need to contact them to ask them why they are blocking you.

Your server is RFC compliant, so they have no good reason at all to reject you.

You might want to add an SPF record to assist your domain, but that is not a requirement and shouldn't prevent you from sending mail anywhere.

Alan
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 500 total points
ID: 34892602
Inbound problems could be caused by you using a Postfix server to receive your mail.  Some servers don't play nicely with Postfix servers!  That could be the cause of your inbound issues.
0
 

Author Comment

by:rand1964
ID: 34892610
The thing is that it is sporadic...10 emails may go, then one gets stuck in the queue

Kind of the same with incoming email...some will come in, others will time out and drop.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34892624
Are you on Exchange 2003 SP2?
0
 

Author Comment

by:rand1964
ID: 34892626
We don't use a Postfix Server...that is probably the ISP/AntiSpam
0
 

Author Comment

by:rand1964
ID: 34892629
Yes Exchange 2003 SP2
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34892630
Also - you say your firewall has a MIP.  Please advise what a MIP is.

Thanks

Alan
0
 

Author Comment

by:rand1964
ID: 34892635
Mapped IP Address....kind of like Network Address Translation
0
 

Author Comment

by:rand1964
ID: 34892658
When you send to our domain the public address hits the firewall and then is remapped through to the actual ip address inside and sent through a different port so that everything inside is hidden from the outside.
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 500 total points
ID: 34892660
The server that receives your mail is a Postfix server and that will be your 3rd party Anti-Spam company.

Postfix and Exchange can have issues talking to each other and this may be your issue?

Do you pay much for your 3rd party anti-Spam solution and does it stop your spam?  Are you paying more than $239 for it (as a one-off cost)?

I would recommend you install some trial Anti-Spam software and point your MX records at your own server then you can see if the 3rd party is causing your inbound problems.

Your outbound problems are either the receiving end, or possibly something to do with you MIP, but as your email arrived directly on my server happily, that tells me that your server is configured correctly and shouldn't be having problems.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34892671
The MIP sounds fine - that is semi-standard practise and shouldn't be a problem.
0
 

Author Comment

by:rand1964
ID: 34892681
Thank you!  Your assistance has been outstanding.  If I could give you more than 500 points I would.

Thanks!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34892744
Thanks for your comments - 500 points is fine - what's important is you know that your server is configured correctly and the problem seems to be external to you.

In case you are wondering - the Anti-Spam software I use which costs $239 per server is Vamsoft ORF (www.vamsoft.com) and is absolutely brilliant.

If you have any other questions - please let me know.

Best wishes

Alan
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Easy CSR creation in Exchange 2007,2010 and 2013
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now