• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1638
  • Last Modified:

Message header interpretation

I have some folks in my department who use Outlook 2010 connected to Exchange. and they have recently said that they are encountering delays in receiving email from their customers.

IT has said the problem is before it reaches our servers.

This morning, a customer sent us an email at 8:58 am and it did not hit out inbox until 10:33.

Below is a 'modified' version of the top few lines email header.  I have removed or changed some of the actual identifying names and numbers just to keep it anonymous.  Can someone interpret this for me... does this support the statement from IT that the problem is before our servers?


Received: from psmtp.com (00.0.0.00) by mailserver.mycompany.com (00.0.0.00) with Microsoft SMTP Server id 14.1.339.1; Thu, 30 Aug 2012 10:37:45 -0400
Received: from smtp2.customersdomain.org ([00.0.0.00]) (using TLSv1) by exprod6mx278.postini.com ([00.0.0.00]) with SMTP;   Thu, 30 Aug 2012 08:37:45MDT X-IronPort-AV: =Sophos;i="4.80,341,1344225600"; d="scan'208,217";a="1354523"

Received: from ccha-00sv0h0e03.customersdomain.org ([00.0.0.00])  by ccha-00sv0y0103.customersdomain.org with ESMTP/TLS/AES128-SHA; 30 Aug 2012 10:37:43-0400
Received: from CCHA-00SV0H0E02.customersdomain.org ([fe80::189b:2213:6467:f0ca]) by CCHA-00SV0H0E03.customersdomain.org ([fe80::8d8c:c184:9f1c:c5a8%11]) with mapi id 14.02.0247.003; Thu, 30 Aug 2012 10:37:43-0400
0
snyperj
Asked:
snyperj
  • 4
  • 4
  • 3
  • +3
1 Solution
 
XaelianCommented:
Yes it does.

It says that your mailserver received the message at 10:37:45.
Postini is just slow to give it to your e-mailserver.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Received: from ccha-00sv0h0e03.customersdomain.org ([00.0.0.00])  by ccha-00sv0y0103.customersdomain.org with ESMTP/TLS/AES128-SHA; 30 Aug 2012 10:37:43-0400

Received: from psmtp.com (00.0.0.00) by mailserver.mycompany.com (00.0.0.00) with Microsoft SMTP Server id 14.1.339.1; Thu, 30 Aug 2012 10:37:45 -0400

I dont see a delay :(

- Rancy
0
 
snyperjAuthor Commented:
'Postini is just slow to give it to your e-mailserver.'

What is Postini?

and so does the line:
Received: from smtp2.customersdomain.org ([00.0.0.00]) (using TLSv1) by exprod6mx278.postini.com ([00.0.0.00]) with SMTP;   Thu, 30 Aug 2012 08:37:45MDT X-IronPort-AV: =Sophos;i="4.80,341,1344225600"; d="scan'208,217";a="1354523"

mean that Postini received it at 0837, but did not pass it on to the mail server for almost exactly 2 hours?  Is that some kind of setting somewhere gone haywire?

It does not happen with all external mail..., just some.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell┬« is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
TheGeezer2010Commented:
Xaelian is spot on, Postini is where the delay is occurring. Do you manage your own Postini, if so then check the logs for this particular message and it will show you why it was delayed. It is possible that Postini is handling too much traffic for its specifications and therefore incurring a delay in forwarding ALL mail.
0
 
snyperjAuthor Commented:
" It is possible that Postini is handling too much traffic for its specifications and therefore incurring a delay in forwarding ALL mail"

I believe we do manage it ourselves, but what should be done to eliminate the delays, what are the options?
0
 
Paul MacDonaldDirector, Information SystemsCommented:
These things read from the bottom up.  It's clear from the headers that the mail was processed at or about 10:37am and processed by three servers before it made it to your domain.  One of the servers (hop 3) is either in a different time zone or has the wrong time zone set.  No where is there any indication the mail was sent prior to 10:37am.  Your IT department is telling the truth and your customer is lying.  Never doubt your IT department again.  Go buy them cake.

(4) Received: from psmtp.com (00.0.0.00) by mailserver.mycompany.com (00.0.0.00) with Microsoft SMTP Server id 14.1.339.1; Thu, 30 Aug 2012 10:37:45 -0400

(3) Received: from smtp2.customersdomain.org ([00.0.0.00]) (using TLSv1) by exprod6mx278.postini.com ([00.0.0.00]) with SMTP;   Thu, 30 Aug 2012 08:37:45MDT X-IronPort-AV: =Sophos;i="4.80,341,1344225600"; d="scan'208,217";a="1354523"

(2) Received: from ccha-00sv0h0e03.customersdomain.org ([00.0.0.00])  by ccha-00sv0y0103.customersdomain.org with ESMTP/TLS/AES128-SHA; 30 Aug 2012 10:37:43-0400

(1) Received: from CCHA-00SV0H0E02.customersdomain.org ([fe80::189b:2213:6467:f0ca]) by CCHA-00SV0H0E03.customersdomain.org ([fe80::8d8c:c184:9f1c:c5a8%11]) with mapi id 14.02.0247.003; Thu, 30 Aug 2012 10:37:43-0400
0
 
Paul MacDonaldDirector, Information SystemsCommented:
Also:  Ignore what the others are saying about Postini delaying the message.
0
 
snyperjAuthor Commented:
None of this is making any sense to me.  Customer definitely wasn't lying. We were on the phone with them when they sent the email...it just took forever to get to us.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
You need to check settings on the Postini and make sure it isnt getting spam or performance issues on that server ... or its making too many checks on it.

- Rancy
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
I said that in my first post ... you can share the same and request them for explanation as there isnt any delay shown as per Header and if thats in the email they cant defend themselves.

- Rancy
0
 
Paul MacDonaldDirector, Information SystemsCommented:
Just because the customer clicked "Send" doesn't mean the e-mail went out right away.  Or that they were telling you the truth.  Or that they don't have some sort of message pre-processessing or filtering going on before the e-mail gets to their mail server.  Or that some header information isn't being stripped off by a subsequent mail server.  I'm just interpreting what the headers say and they say from first hop to you took 2 seconds.  What happened before that is a mystery.

How accurate is the "8:58" send time figure?  What time zone is that?  It looks like most of these servers (except hop 3) are Eastern US time.  The third hop looks like it's in Mountain US time.
0
 
snyperjAuthor Commented:
This customer is on the east coast, we are on the east coast.

What prompted my initial question is that this has been occurring at our company for the last couple of days.  Many users complaining in delays in receiving external emails.

So the problem is not just this one email or this one customer... it is more than that.

However, in this example I know we were on the phone with them 'around' 9am when they sent the email.  It took so long to come in, we figured it was dropped somehow... then all of a sudden, much later,  it hit the reps inbox.

I understand what you are saying about the headers don't show a delay and why IT is saying the same thing.... but something is not right somewhere...  and again, it isn't only this one customer or even this one reps inbox...  happening sporadically throughout the company...
0
 
Paul MacDonaldDirector, Information SystemsCommented:
Have you (or your IT deptartment) tested this yourself?  That is, has anyone used their Yahoo (or Gmail or whatever) e-mail account to send an inbound mail to see how long it takes?  Because this involves more than one customer, IT should definitely be involved, even though the problem doesn't appear to be on your company's end.

Do the customers who are complaining have anything in common?  Are they near each other geographcially?  Do they use the same ISP?  Do they have the same e-mail provider?  Do they use the same anti-spam software?
0
 
tliottaCommented:
paulmacd was right on. There is no delay. It was highlighted in his comment.

10:37:45 -0400 and 08:37:45MDT are the same times. One is (probably) Eastern Daylight Time which is GMT-0400, while the other is Mountain Daylight Time which is GMT-0600. When it's 10:47 EDT, it's the same as 08:47 MDT.

Tom
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 4
  • 4
  • 3
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now