Solved

Exchange 2003 - Messages stuck in queue

Posted on 2011-02-18
40
486 Views
Last Modified: 2012-06-27
Hello,

I have 450 messages stuck in the queue.

I have went to my server. Went to the default SMTP server > Properties > Delivery tab. And verified that my internal DNS entry is in there. I also stopped and restarted the default SMTP server. The messages still will not flow. A while back I blew some entries out of the forwarders tab in DNS. The only entries I have in there now are for OpenDNS. Should I have anything in the forwarders for my mail server?

Thanks
0
Comment
Question by:sethendres
  • 17
  • 16
  • 2
  • +3
40 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34928002
Who are the senders of the messages?  Genuine senders on your domain, postmaster or random users not on your domain?
0
 
LVL 9

Expert Comment

by:snurker
ID: 34928058
Sometimes undeliverables will stay there for up to 4 days until they are released. You may also check the RBLs to see if you are blacklisted. I had a client recently plauged by this and the email sat in the queue.

Verify that they are legitimate addresses. You could have an infected system on the network that is spamming.
0
 

Author Comment

by:sethendres
ID: 34928061
A lot are genuine senders. Some are incoming messages from stuff users signed up for.
0
 

Author Comment

by:sethendres
ID: 34928078
What should I have in my DNS forwarders. I blew some entries out of there recently and did not pay attention.
0
 
LVL 9

Expert Comment

by:snurker
ID: 34928084
May be genuine senders, but are they genuine people the email is sent to? YOu should be able to open some to see if they are spam.
0
 
LVL 9

Expert Comment

by:snurker
ID: 34928096
Depends... Are your systems using a local server for DNS or are you passing that outside to something like opendns?
0
 

Author Comment

by:sethendres
ID: 34928126
I have local DNS servers here. I just point to Opendns for content filtering. I have the IP's for Opendns in my DNS forwarders, nothing else.
0
 

Author Comment

by:sethendres
ID: 34928185
also this exchange server is just acting as a forwarder to my other domain. All email coming into akroninstitute.com should be forwarded to akr.herzing.edu
0
 
LVL 9

Expert Comment

by:snurker
ID: 34928250
Can you send an email through telnet? Find an SMTP server that you would like to connect to and try to telnet.

Also verify that you can resolve akr.herzing.edu froma  local system.
0
 

Author Comment

by:sethendres
ID: 34928276
I have never sent a email through telnet. Can you please tell me how?

Thanks
0
 
LVL 9

Expert Comment

by:snurker
ID: 34928380
Telnet (SMTP SERVER) 23
EHLO
MAIL FROM:(your email address)
RCPT TO: (a test email address outside your organization)
DATA
SUBJECT: something
Something
.. (enter)

In telnet, backspace cannot be used, so if you screw up, try again. You should not need to restart the whole thing because you will more than likely error and be able to try again. make sure you are sending to the MX record and then try the IP.
0
 
LVL 11

Expert Comment

by:sysreq2000
ID: 34928405
Sorry to butt in but here also is an excellent how-to on testing smtp with telnet:

http://exchangeguy.blogspot.com/2007/06/using-telnet-to-simulate-server.html
0
 
LVL 11

Expert Comment

by:sysreq2000
ID: 34928426
Also the 23 should be 25   8)
0
 

Author Comment

by:sethendres
ID: 34928494
220 mail.akroninstitute.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at  Fri, 18 Feb 2011 12:36:39 -05
00
ehlo
250-mail.akroninstitute.com Hello [10.70.63.222]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK
mail from:sendres@akroninstitute.com
250 2.1.0 sendres@akroninstitute.com....Sender OK
rcpt to:sendres542@gmail.com
550 5.7.1 Unable to relay for sendres542@gmail.com
data
0
 

Author Comment

by:sethendres
ID: 34928498
Does that tell you anything?
0
 
LVL 9

Expert Comment

by:snurker
ID: 34928561
Yep...

5.7.1 Unable to relay

That looks like either you have a DNS issue or are blacklisted. Since you recently made changes to your DNS server, I would start with the former.

Blacklists though are easy to check, a pain to get off... http://www.mxtoolbox.com/blacklists.aspx That will search them. You will need your domain's MX ip address to check.

Concerning DNS, do an NSlookup of you MX records and verify that it is connecting to the correct IP address.
0
 
LVL 9

Expert Comment

by:snurker
ID: 34928578
I checked your MX and both resolve fine to the .edu address, but that is through Comcast. If you NS lookup fails, then it could be your forwarders.
0
 

Author Comment

by:sethendres
ID: 34928623
The was following the steps that sys and you provided above. The relay fails when inputing the receiptent address. The 2 IP address's I currently have in DNS forwarders are those of OpenDNS for content filtering for my network 208.67.220.220 and 208.67.222.222

What should I have in my DNS forwarders?
0
 
LVL 9

Expert Comment

by:snurker
ID: 34928625
Thanks sysreg... I mistyped that... 23 is standard telnet. 25 is smtp.

I checked and you do not appear to be blacklisted.
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 

Author Comment

by:sethendres
ID: 34928666
Sys, our ISP onecommunications handles our MX records.
0
 
LVL 9

Expert Comment

by:snurker
ID: 34928672
Test your MX from the office.

Open a command line. type nslookup (enter) type set query=mx (enter) type akroninstitute.com(enter)

What do you get?
0
 
LVL 9

Expert Comment

by:snurker
ID: 34928687
Then you may want to put in forwarders to your ISP's DNS servers.
0
 

Author Comment

by:sethendres
ID: 34928728
> set query=mx
> akroninstitute.com
Server:  303-instructor.ai.com
Address:  10.70.63.237

akroninstitute.com
        primary name server = 303-instructor.ai.com
        responsible mail addr = hostmaster.ai.com
        serial  = 29
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)
>
0
 
LVL 9

Expert Comment

by:snurker
ID: 34928835
You didn't make any other changes to your DNS other than removing some forwards correct?

It does not even appear that you are forwarding the request. Your server is responding. Do you have a zone on your DNS for akroninstitute.com?
0
 

Author Comment

by:sethendres
ID: 34928872
I cleared the cache. I believe I clicked scavenge stale resource records.

I have akroninstitute.com under forward lookup zones.
0
 
LVL 9

Expert Comment

by:snurker
ID: 34928928
Try adding an mx record under that zone that will point to fm400.herzing.edu
0
 

Author Comment

by:sethendres
ID: 34928951
My ISP has those records that point to fm400 amd fm401. That is the barracuda spam system at our corporate office.
0
 
LVL 9

Expert Comment

by:snurker
ID: 34929011
I understand. What is happening is your DNS server is responding to these rather than forwarding the request. I am sure there is probably an A record for www in there that is to your company's website, else it would try to resolve locally.
0
 
LVL 9

Expert Comment

by:snurker
ID: 34929038
With these changes, I need to ask... why did you make changes to the DNS? Typically should not need to make any changes to your DNS unless it is erroring or taking awhile to change. You may overall be better off restoring your DNS from a backup from before the changes.
0
 

Author Comment

by:sethendres
ID: 34929067
I have 2 A records tor the mail server

exchserv.akroninstitute.com that points to 10.70.63.222 the mail server internal IP and mail.akroninstitute.com which does the same.
0
 

Author Comment

by:sethendres
ID: 34929087
These are old systems that are still in place. They man here still wants that mail server to forward messages. I have since moved us to google apps. I would love to just shut that thing off, but I can't.
0
 

Author Comment

by:sethendres
ID: 34929149
One of my messages finally came through but it has been delayed big time.
0
 
LVL 9

Expert Comment

by:snurker
ID: 34929167
It finally resolved. You cam set an external dns server on the exchange management that will look there for resolving dns.
0
 

Author Comment

by:sethendres
ID: 34929171
Under my default SMTP server, in current sessions I see 7 sessions

bc.herzing.edu
174.47.123.6
0
 
LVL 9

Expert Comment

by:snurker
ID: 34929207
This use to be 400?
0
 
LVL 2

Expert Comment

by:DezzyMelb
ID: 34956585
Use the MXtoolbox.com and use the diag tools there
0
 

Accepted Solution

by:
sethendres earned 0 total points
ID: 35086362
There was a setting on our Cisco ASA firewall that was not allowing mail to flow properly. Once that was removed messages started to flow properly. This question can now be closed.

Thank you
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35086407
It's your question - it's up to you to close it how you see fit.  If experts helped you to solve the problem, you should accept the comments that helped you, or if you fixed your own problem and posted how you fixed it, you should accept your own answer as the solution.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35321906
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now