Link to home
Start Free TrialLog in
Avatar of Tomwo
Tomwo

asked on

Mail Sitting in Queue Exchange 2010

I am currently having a problem with my Exchange 2010 server. After an email is sent from the user it sits in the queue for around 30 minutes and then finally sends. Now for most this may not be a major problem but for my company it is a HUGE problem. This problem did not start until we changed our ISP a few months ago. Once we did that we started getting alot of emails sitting in queue that looked like this

Identity: exchange\25735\20490
Subject: Undeliverable: FW: !!! HOT !!!  Due date change for l Plant 1
Internet Message ID: <f8237f68-3f5d-431f-8156-d5e91e7e85e5@domain.com>
From Address: <>
Status: Active
Size (KB): 49
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 3/17/2011 1:03:08 PM
Expiration Time: 3/19/2011 1:03:08 PM
Last Error:
Queue ID: exchange\25735
Recipients:  SRS0=OuLN4Q=WK=bis.na.blackberry.com=blackberry_internet_services@srs.bis.na.blackberry.com

Now what i have noticed is if i keep these cleaned out all the time the emails get sent out within a couple minutes of hitting the queue. Please help with this.


Information:

Server 2008 Standard
Exchange Server 2010 SP1
We use a smarthost to filter our mail through.
Avatar of waleeda
waleeda
Flag of Qatar image

check your internet connectivity on your exchange server
Avatar of Alan Hardisty
Okay - the messages are NDR messages from Postmaster to external users, probably spoofed senders, so most will sit there and this is known as Backscatter and is as bad a problem as being a spammer yourself, which unintentionally, you are!

Do you receive mail direct to your server or via a 3rd party for spam filtering?

If direct - you need to install the Anti-Spam tools and then enable Recipient Filtering.

If you receive the mail via a 3rd party - they need to enable Recipient Filtering.

Some light reading:

https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_4257-Exchange-2007-2010-Backscatter-and-how-to-resolve-it.html
Avatar of Tomwo
Tomwo

ASKER

We send and received mail through a smart host. They do all of our spam filtering and so forth. We were using them before we switched ISP's and at that time did not have a problem at all. the problem started when we switched from a local cable company to ATT/Bellsouth.
It seems that there is a Reverse NDR attack on your Exchange Server. Check if your connecting IP is blacklisted on Internet. You can check the connecting IP by using the link: http://whatismyIP.com/

How are the mails routed from Exchange Server to Internet? Please check the following links for enabling Anti-Spam functionality on your E2010 box.

http://technet.microsoft.com/en-us/library/bb201691.aspx

http://technet.microsoft.com/en-us/library/aa996604.aspx


Also, you can remove the NDR pilling up in the queue by using following steps:

1. Stop Transport service

2. Rename the queued database

3. Start the service.

You should be able to see the queue is clear now.
i'm sure that your internet line is the problem
Did you configure Reverse DNS on your new IP Address with your new ISP?
Avatar of Tomwo

ASKER

I did not change anything dns related other then changing the dns servers that we were using.
is you mx record ip still the same or it has been changed?
Avatar of Tomwo

ASKER

When we changed ISP's the MX record changed as well.
Avatar of Tomwo

ASKER

Identity: exchange\25891\21891
Subject: Undeliverable: RE: RFQ - K1272-56113   QL # 9940
Internet Message ID: <050e5295-1510-4e03-b38f-4a393352aef8@domain.com>
From Address: <>
Status: Ready
Size (KB): 73
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 3/18/2011 9:33:32 AM
Expiration Time: 3/20/2011 9:33:32 AM
Last Error: 421 4.4.2 Connection dropped due to SocketError
Queue ID: exchange\25891
Recipients:  SRS0=P0sgHl=WL=bis.na.blackberry.com=blackberry_internet_services@srs.bis.na.blackberry.com
 
Emails that bounce similar to this are whats clogging my queue up. As soon as i clear them out manually my email flows like normal
What is the FQDN (Fully Qualified Domain Name) on your SEND Connector?  Something like mail.domain.com or different (if so - what)?

So you have definitely changed the Reverse DNS Record?
Avatar of Tomwo

ASKER

ATM there is no FQDN in response to HELO. The smart host address is na0109.smtpout.com
If you don't have an FQDN - you won't be sending too much mail as most server will reject you.

Drop me a test message if you like to alan @ it-eye.co.uk so I can see how you present yourself to the world.

Alan
Okay - I received your test email - thank you.

My findings are as follows:

Your sending server on IP 12.234.xxx.xxx does not have Reverse DNS configured.  If you have a fixed IP Address - you should call your ISP and ask them to configure Reverse DNS as exchange.domain.com.  If you are not on a fixed IP address - then don't worry!

Your Smarthosting company is listed on Backscatterer.org, which says to me that they are not filtering mail for invalid recipients and as a result, sending NDR messages back to the senders of the invalid email messages, only a lot of them will be spoofed addresses.

Telnetting to your server directly results in a 421 4.3.2 Error messages - which I think suggests you are suffering from Backpressure and my article covers this:

https://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_4259-Exchange-2007-2010-Backpressure-Quick-Fix.html

You may be very low on disk space on your server.
ASKER CERTIFIED SOLUTION
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial