We help IT Professionals succeed at work.

Exchange E-mail delays from sporatic domains

DavidWilkins used Ask the Experts™
our company E-mail is handled internally by Exchange 2003 on a Server 2003 SP2 box, up to date with Microsoft.   Our firewall is a SonicWall NSA-3500 which routes incoming port 25 traffic to a hardware-based SonicWall ES-300 mailfilter.  Firware on both of the Sonicwall units have been updated.

For a month or so, E-mail has been sporatically delayed from certain senders.   The domains from which they are sending are quite different.  It started with 1 user noticing 1 delayed E-mail and seems to have gotten progressively worse.

I've attached a packet capture (screenshot) taken from our firewall.  The screenshot shows (starting on line 2) the source IP X.X.45.253 SYN is received by our internal mail filter X.X.1.60 and our mailfilter sending the ACK.  Line 4 shows a TCP previous segment lost which translates to "the sequence number received is greater than expected" according to Wiresharks website.   This sender's E-mail is always delayed at least 2 days if not bounced back to him entirely.   I'm working with a technician on the E-mail sender's side as well as with SonicWall.  The technician can Telnet to our mailserver from his IP X.X.45.250 but cannot Telnet to our mailserver from his IP X.X.45.253 which is the IP address of his mailserver.

We really need to get this resolved ASAP.  If you have suggestions please let me know.


Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®


Screenshot from Wireshark wireshark.doc
Neil RussellTechnical Development Lead

Can you post the COMPLETE emailheaders from one of the delayed emails, showing the FULL routing of SMTP servers please?
We stopped receiving E-mail altogether from one of our suppliers. (shown in the wireshark.doc in my previous post)  We learned the supplier’s network was behind a Riverbed WAN accelerator.  We had recently installed a Riverbed WAN accelerator between two of our locations as well.

We added an In-path rule on each Riverbed unit to bypass (not optimize) SMTP traffic.  As soon as the rules were in place the E-mail issue with this supplier was corrected.   I believe this has helped with E-mails that were simply delayed as well.  


Issue appears to have been caused by another piece of network hardware not mentioned in the initial question.


No further comment