Exchange Delays Emails Received
We have an Exchange 2010 server. We use mailroute to filter our mail. Occasionally a user or a few users will receive a batch of emails that was sent the previous day. I pasted one of the headers below. It basically shows it was received 01-22, but send 01-21. Mailroute says they couldn't reach our server and delayed the email. I know our internet connection is not going down. Is there anything else on the Exchange server or somewhere I could look for what might be causing this occasional problem?
Received: from mail.mailroute.net (199.89.0.102) by ExchangeNew.credit.com
(192.168.1.15) with Microsoft SMTP Server id 14.1.218.12; Wed, 22 Jan 2014
11:16:46 -0600
Received: from localhost (localhost.localdomain [127.0.0.1]) by
gw02.lax01.mailroute.net (Postfix) with ESMTP id 3f82cb44dYzdcKJ for
<thermanson@credit-mgmt.co
X-Virus-Scanned: by MailRoute
X-Spam-Flag: NO
X-Spam-Score: 1.222
X-Spam-Level: *
X-Spam-Status: No, score=1.222 tagged_above=-9999 tests=[CK_HELO_GENERIC=0.2
SPF_SOFTFAIL=0.972] autolearn=disabled
Received: from gw02.lax01.mailroute.net ([127.0.0.1]) by localhost
(gw02.lax01.mailroute.net [127.0.0.1]) (mroute_mailscanner, port 10024) with
LMTP id JSeWY9vx1Hcc for <thermanson@credit-mgmt.co
21:16:46 +0000 (UTC)
Received: from mail028.177.12.a.static.mt
(mail027.177.12.A.static.M
gw02.lax01.mailroute.net (Postfix) with ESMTP id 3f82cY4kbJzdcJd for
<thermanson@credit-mgmt.co
Received: from mail.ryderinsurance.com. (69.20.196.10) by
mta20.mtka.securence.com (Securence); Tue, 21 Jan 2014 15:16:44 -0600 (CST)
Received: from RRMHSBS01.RRMH.local ([fe80::1052:5e0d:c476:a0f
RRMHSBS01.RRMH.local ([fe80::1052:5e0d:c476:a0f
14.02.0347.000; Tue, 21 Jan 2014 15:16:36 -0600
From: Ryan Hansen <RHansen@ryderinsurance.co
To: Tessa Hermanson <thermanson@credit-mgmt.co
Subject: FW: E&O Quote
Thread-Topic: E&O Quote
Thread-Index: AQHPFuy3occu458UDkqOUPcncO
Date: Tue, 21 Jan 2014 21:16:35 +0000
Message-ID: <1ACE78EFA97F074BA0C43FE3B
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.200.27]
Content-Type: multipart/mixed;
boundary="_002_1ACE78EFA97
MIME-Version: 1.0
X-Securence-ID: 1390338996886-020-01013146
X-Securence-Country-Code: US - UNITED STATES
X-Securence-odset: ryderinsurance.com
X-Securence-REMOTE-HOST: mail.ryderinsurance.com.
X-Securence-REMOTE-ADDR: 69.20.196.10
X-Securence-RFC2821-MAIL-F
X-Securence-Latseq: <20-1390339004557>
Return-Path: rhansen@ryderinsurance.com
X-MS-Exchange-Organization
X-MS-Exchange-Organization
X-MS-Exchange-Organization
Received: from mail.mailroute.net (199.89.0.102) by ExchangeNew.credit.com
(192.168.1.15) with Microsoft SMTP Server id 14.1.218.12; Wed, 22 Jan 2014
11:16:46 -0600
Received: from localhost (localhost.localdomain [127.0.0.1]) by
gw02.lax01.mailroute.net (Postfix) with ESMTP id 3f82cb44dYzdcKJ for
<thermanson@credit-mgmt.co
X-Virus-Scanned: by MailRoute
X-Spam-Flag: NO
X-Spam-Score: 1.222
X-Spam-Level: *
X-Spam-Status: No, score=1.222 tagged_above=-9999 tests=[CK_HELO_GENERIC=0.2
SPF_SOFTFAIL=0.972] autolearn=disabled
Received: from gw02.lax01.mailroute.net ([127.0.0.1]) by localhost
(gw02.lax01.mailroute.net [127.0.0.1]) (mroute_mailscanner, port 10024) with
LMTP id JSeWY9vx1Hcc for <thermanson@credit-mgmt.co
21:16:46 +0000 (UTC)
Received: from mail028.177.12.a.static.mt
(mail027.177.12.A.static.M
gw02.lax01.mailroute.net (Postfix) with ESMTP id 3f82cY4kbJzdcJd for
<thermanson@credit-mgmt.co
Received: from mail.ryderinsurance.com. (69.20.196.10) by
mta20.mtka.securence.com (Securence); Tue, 21 Jan 2014 15:16:44 -0600 (CST)
Received: from RRMHSBS01.RRMH.local ([fe80::1052:5e0d:c476:a0f
RRMHSBS01.RRMH.local ([fe80::1052:5e0d:c476:a0f
14.02.0347.000; Tue, 21 Jan 2014 15:16:36 -0600
From: Ryan Hansen <RHansen@ryderinsurance.co
To: Tessa Hermanson <thermanson@credit-mgmt.co
Subject: FW: E&O Quote
Thread-Topic: E&O Quote
Thread-Index: AQHPFuy3occu458UDkqOUPcncO
Date: Tue, 21 Jan 2014 21:16:35 +0000
Message-ID: <1ACE78EFA97F074BA0C43FE3B
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.200.27]
Content-Type: multipart/mixed;
boundary="_002_1ACE78EFA97
MIME-Version: 1.0
X-Securence-ID: 1390338996886-020-01013146
X-Securence-Country-Code: US - UNITED STATES
X-Securence-odset: ryderinsurance.com
X-Securence-REMOTE-HOST: mail.ryderinsurance.com.
X-Securence-REMOTE-ADDR: 69.20.196.10
X-Securence-RFC2821-MAIL-F
X-Securence-Latseq: <20-1390339004557>
Return-Path: rhansen@ryderinsurance.com
X-MS-Exchange-Organization
X-MS-Exchange-Organization
X-MS-Exchange-Organization
ASKER
I enabled the logging, but the directory they are supposed to go to isn't there.
You may have installed Exchange in a different directory.
-JJ
-JJ
ASKER
No, its the same default install path.
ASKER
OK. I found the logs. What will I be looking for?
Run get-transportserver -identity <server> | fl
Look for the ReceiveProtocolLogPath
-JJ
Look for the ReceiveProtocolLogPath
-JJ
You will need to look for any errors in the logs during the time any messages are delayed.
-JJ
-JJ
ASKER
OK - mailroute has just said only 1 of their servers is holding up our email and its a server that got listed on SORBS blacklist. We are not doing any blacklist filtering however that I know of. Is there blacklist filtering built into Exchange 2010 that we may have turned on? Otherwise, its starting to sound like their problem to me.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It was MailRoute's issue. One of their servers was listed on a blacklist or botnet.
You can enabled SMTP logging (http://dougg.co.nz/2011/05/26/enable-smtp-logging-on-exchange-2010-sendreceive-connectors/), which will allow you to see if there are any errors in the connection attempts. You won't be able to see what happened previously but you will be able to look at the logs if it happens again.
-JJ