Solved

Exchange Delays Emails Received

Posted on 2014-01-22
10
345 Views
Last Modified: 2014-01-26
We have an Exchange 2010 server.  We use mailroute to filter our mail.  Occasionally  a user or a few users will receive a batch of emails that was sent the previous day.  I pasted one of the headers below.  It basically shows it was received 01-22, but send 01-21.  Mailroute says they couldn't reach our server and delayed the email.  I know our internet connection is not going down.  Is there anything else on the Exchange server or  somewhere I could look for what might be causing this occasional problem?



Received: from mail.mailroute.net (199.89.0.102) by ExchangeNew.credit.com
(192.168.1.15) with Microsoft SMTP Server id 14.1.218.12; Wed, 22 Jan 2014
11:16:46 -0600
Received: from localhost (localhost.localdomain [127.0.0.1])        by
gw02.lax01.mailroute.net (Postfix) with ESMTP id 3f82cb44dYzdcKJ        for
<thermanson@credit-mgmt.com>; Tue, 21 Jan 2014 21:16:47 +0000 (UTC)
X-Virus-Scanned: by MailRoute
X-Spam-Flag: NO
X-Spam-Score: 1.222
X-Spam-Level: *
X-Spam-Status: No, score=1.222 tagged_above=-9999 tests=[CK_HELO_GENERIC=0.25,
                SPF_SOFTFAIL=0.972] autolearn=disabled
Received: from gw02.lax01.mailroute.net ([127.0.0.1])   by localhost
(gw02.lax01.mailroute.net [127.0.0.1]) (mroute_mailscanner, port 10024)           with
LMTP id JSeWY9vx1Hcc for <thermanson@credit-mgmt.com>; Tue, 21 Jan 2014
21:16:46 +0000 (UTC)
Received: from mail028.177.12.a.static.mtka.securence.com
(mail027.177.12.A.static.MTKA.securence.com [216.17.12.177])                by
gw02.lax01.mailroute.net (Postfix) with ESMTP id 3f82cY4kbJzdcJd         for
<thermanson@credit-mgmt.com>; Tue, 21 Jan 2014 21:16:44 +0000 (UTC)
Received: from mail.ryderinsurance.com. (69.20.196.10)               by
mta20.mtka.securence.com (Securence);           Tue, 21 Jan 2014 15:16:44 -0600 (CST)
Received: from RRMHSBS01.RRMH.local ([fe80::1052:5e0d:c476:a0fd]) by
RRMHSBS01.RRMH.local ([fe80::1052:5e0d:c476:a0fd%10]) with mapi id
14.02.0347.000; Tue, 21 Jan 2014 15:16:36 -0600
From: Ryan Hansen <RHansen@ryderinsurance.com>
To: Tessa Hermanson <thermanson@credit-mgmt.com>
Subject: FW: E&O Quote
Thread-Topic: E&O Quote
Thread-Index: AQHPFuy3occu458UDkqOUPcncODo4pqPq90wgAACWhA=
Date: Tue, 21 Jan 2014 21:16:35 +0000
Message-ID: <1ACE78EFA97F074BA0C43FE3B5AD797121B777@RRMHSBS01.RRMH.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.200.27]
Content-Type: multipart/mixed;
                boundary="_002_1ACE78EFA97F074BA0C43FE3B5AD797121B777RRMHSBS01RRMHloca_"
MIME-Version: 1.0
X-Securence-ID: 1390338996886-020-01013146
X-Securence-Country-Code: US - UNITED STATES
X-Securence-odset: ryderinsurance.com
X-Securence-REMOTE-HOST: mail.ryderinsurance.com.
X-Securence-REMOTE-ADDR: 69.20.196.10
X-Securence-RFC2821-MAIL-FROM: rhansen@ryderinsurance.com
X-Securence-Latseq: <20-1390339004557>
Return-Path: rhansen@ryderinsurance.com
X-MS-Exchange-Organization-AuthSource: ExchangeNew.credit.com
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 10
0
Comment
Question by:pcservne
  • 5
  • 5
10 Comments
 
LVL 37

Expert Comment

by:Jamie McKillop
Comment Utility
Hello,

You can enabled SMTP logging (http://dougg.co.nz/2011/05/26/enable-smtp-logging-on-exchange-2010-sendreceive-connectors/), which will allow you to see if there are any errors in the connection attempts. You won't be able to see what happened previously but you will be able to look at the logs if it happens again.

-JJ
0
 

Author Comment

by:pcservne
Comment Utility
I enabled the logging, but the directory they are supposed to go to isn't there.
0
 
LVL 37

Expert Comment

by:Jamie McKillop
Comment Utility
You may have installed Exchange in a different directory.

-JJ
0
 

Author Comment

by:pcservne
Comment Utility
No, its the same default install path.
0
 

Author Comment

by:pcservne
Comment Utility
OK.  I found the logs.  What will I be looking for?
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 37

Expert Comment

by:Jamie McKillop
Comment Utility
Run get-transportserver -identity <server> | fl

Look for the ReceiveProtocolLogPath

-JJ
0
 
LVL 37

Expert Comment

by:Jamie McKillop
Comment Utility
You will need to look for any errors in the logs during the time any messages are delayed.

-JJ
0
 

Author Comment

by:pcservne
Comment Utility
OK - mailroute has just said only 1 of their servers is holding up our email and its a server that got listed on SORBS blacklist.  We are not doing any blacklist filtering however that I know of.  Is there blacklist filtering built into Exchange 2010 that we may have turned on?  Otherwise, its starting to sound like their problem to me.
0
 
LVL 37

Accepted Solution

by:
Jamie McKillop earned 500 total points
Comment Utility
Here are the instructions to configure block list providers. You can check out these setting to see if you have something configured. http://technet.microsoft.com/en-us/library/dd351199%28v=exchg.141%29.aspx

I would agree that it sounds like their issue.

-JJ
0
 

Author Closing Comment

by:pcservne
Comment Utility
It was MailRoute's issue.  One of their servers was listed on a blacklist or botnet.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
email bouncing back 10 47
Import Cert issue 15 40
SMTP to host name when only have IP field 3 32
Exchange 2010/2013 Admin audits 1 15
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now