Link to home
Start Free TrialLog in
Avatar of snyperj
snyperjFlag for United States of America

asked on

Message header interpretation

I have some folks in my department who use Outlook 2010 connected to Exchange. and they have recently said that they are encountering delays in receiving email from their customers.

IT has said the problem is before it reaches our servers.

This morning, a customer sent us an email at 8:58 am and it did not hit out inbox until 10:33.

Below is a 'modified' version of the top few lines email header.  I have removed or changed some of the actual identifying names and numbers just to keep it anonymous.  Can someone interpret this for me... does this support the statement from IT that the problem is before our servers?


Received: from psmtp.com (00.0.0.00) by mailserver.mycompany.com (00.0.0.00) with Microsoft SMTP Server id 14.1.339.1; Thu, 30 Aug 2012 10:37:45 -0400
Received: from smtp2.customersdomain.org ([00.0.0.00]) (using TLSv1) by exprod6mx278.postini.com ([00.0.0.00]) with SMTP;   Thu, 30 Aug 2012 08:37:45MDT X-IronPort-AV: =Sophos;i="4.80,341,1344225600"; d="scan'208,217";a="1354523"

Received: from ccha-00sv0h0e03.customersdomain.org ([00.0.0.00])  by ccha-00sv0y0103.customersdomain.org with ESMTP/TLS/AES128-SHA; 30 Aug 2012 10:37:43-0400
Received: from CCHA-00SV0H0E02.customersdomain.org ([fe80::189b:2213:6467:f0ca]) by CCHA-00SV0H0E03.customersdomain.org ([fe80::8d8c:c184:9f1c:c5a8%11]) with mapi id 14.02.0247.003; Thu, 30 Aug 2012 10:37:43-0400
Avatar of Xaelian
Xaelian
Flag of Belgium image

Yes it does.

It says that your mailserver received the message at 10:37:45.
Postini is just slow to give it to your e-mailserver.
Avatar of Manpreet SIngh Khatra
Received: from ccha-00sv0h0e03.customersdomain.org ([00.0.0.00])  by ccha-00sv0y0103.customersdomain.org with ESMTP/TLS/AES128-SHA; 30 Aug 2012 10:37:43-0400

Received: from psmtp.com (00.0.0.00) by mailserver.mycompany.com (00.0.0.00) with Microsoft SMTP Server id 14.1.339.1; Thu, 30 Aug 2012 10:37:45 -0400

I dont see a delay :(

- Rancy
Avatar of snyperj

ASKER

'Postini is just slow to give it to your e-mailserver.'

What is Postini?

and so does the line:
Received: from smtp2.customersdomain.org ([00.0.0.00]) (using TLSv1) by exprod6mx278.postini.com ([00.0.0.00]) with SMTP;   Thu, 30 Aug 2012 08:37:45MDT X-IronPort-AV: =Sophos;i="4.80,341,1344225600"; d="scan'208,217";a="1354523"

mean that Postini received it at 0837, but did not pass it on to the mail server for almost exactly 2 hours?  Is that some kind of setting somewhere gone haywire?

It does not happen with all external mail..., just some.
Avatar of TheGeezer2010
TheGeezer2010

Xaelian is spot on, Postini is where the delay is occurring. Do you manage your own Postini, if so then check the logs for this particular message and it will show you why it was delayed. It is possible that Postini is handling too much traffic for its specifications and therefore incurring a delay in forwarding ALL mail.
Avatar of snyperj

ASKER

" It is possible that Postini is handling too much traffic for its specifications and therefore incurring a delay in forwarding ALL mail"

I believe we do manage it ourselves, but what should be done to eliminate the delays, what are the options?
These things read from the bottom up.  It's clear from the headers that the mail was processed at or about 10:37am and processed by three servers before it made it to your domain.  One of the servers (hop 3) is either in a different time zone or has the wrong time zone set.  No where is there any indication the mail was sent prior to 10:37am.  Your IT department is telling the truth and your customer is lying.  Never doubt your IT department again.  Go buy them cake.

(4) Received: from psmtp.com (00.0.0.00) by mailserver.mycompany.com (00.0.0.00) with Microsoft SMTP Server id 14.1.339.1; Thu, 30 Aug 2012 10:37:45 -0400

(3) Received: from smtp2.customersdomain.org ([00.0.0.00]) (using TLSv1) by exprod6mx278.postini.com ([00.0.0.00]) with SMTP;   Thu, 30 Aug 2012 08:37:45MDT X-IronPort-AV: =Sophos;i="4.80,341,1344225600"; d="scan'208,217";a="1354523"

(2) Received: from ccha-00sv0h0e03.customersdomain.org ([00.0.0.00])  by ccha-00sv0y0103.customersdomain.org with ESMTP/TLS/AES128-SHA; 30 Aug 2012 10:37:43-0400

(1) Received: from CCHA-00SV0H0E02.customersdomain.org ([fe80::189b:2213:6467:f0ca]) by CCHA-00SV0H0E03.customersdomain.org ([fe80::8d8c:c184:9f1c:c5a8%11]) with mapi id 14.02.0247.003; Thu, 30 Aug 2012 10:37:43-0400
Also:  Ignore what the others are saying about Postini delaying the message.
Avatar of snyperj

ASKER

None of this is making any sense to me.  Customer definitely wasn't lying. We were on the phone with them when they sent the email...it just took forever to get to us.
You need to check settings on the Postini and make sure it isnt getting spam or performance issues on that server ... or its making too many checks on it.

- Rancy
I said that in my first post ... you can share the same and request them for explanation as there isnt any delay shown as per Header and if thats in the email they cant defend themselves.

- Rancy
Just because the customer clicked "Send" doesn't mean the e-mail went out right away.  Or that they were telling you the truth.  Or that they don't have some sort of message pre-processessing or filtering going on before the e-mail gets to their mail server.  Or that some header information isn't being stripped off by a subsequent mail server.  I'm just interpreting what the headers say and they say from first hop to you took 2 seconds.  What happened before that is a mystery.

How accurate is the "8:58" send time figure?  What time zone is that?  It looks like most of these servers (except hop 3) are Eastern US time.  The third hop looks like it's in Mountain US time.
Avatar of snyperj

ASKER

This customer is on the east coast, we are on the east coast.

What prompted my initial question is that this has been occurring at our company for the last couple of days.  Many users complaining in delays in receiving external emails.

So the problem is not just this one email or this one customer... it is more than that.

However, in this example I know we were on the phone with them 'around' 9am when they sent the email.  It took so long to come in, we figured it was dropped somehow... then all of a sudden, much later,  it hit the reps inbox.

I understand what you are saying about the headers don't show a delay and why IT is saying the same thing.... but something is not right somewhere...  and again, it isn't only this one customer or even this one reps inbox...  happening sporadically throughout the company...
ASKER CERTIFIED SOLUTION
Avatar of Paul MacDonald
Paul MacDonald
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
paulmacd was right on. There is no delay. It was highlighted in his comment.

10:37:45 -0400 and 08:37:45MDT are the same times. One is (probably) Eastern Daylight Time which is GMT-0400, while the other is Mountain Daylight Time which is GMT-0600. When it's 10:47 EDT, it's the same as 08:47 MDT.

Tom