Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 240
  • Last Modified:

Remoter Server Closed Connection

We are using M.Exchange 2010.

Some of our recipient has been complaining that they receive a bounce back message with the NDR

The following recipient(s) could not be reached:
Remote server closed connection.

****** MAIL SERVER MESSAGE ******

We are still receive emails from them but it seems to be intermittent.

Could you provide any Que to this issue?
0
patcheah
Asked:
patcheah
  • 9
  • 5
  • 2
1 Solution
 
David AtkinIT ProfessionalCommented:
Hello,

Can you give us the NDR? This will be key to finding out where the problem lies.
0
 
patcheahAuthor Commented:
The NDR is very general

Your message did not reach some or all of the intended recipients.

   Sent: Tue, 11 Mar 2014 17:14:04 +0800
   Subject: RE: Faraday Files Uploaded to FTP

The following recipient(s) could not be reached:

cscheah@q-value.com
Remote server closed connection.
fpsoo@q-value.com
Remote server closed connection.
owsc@q-value.com
Remote server closed connection.
stlim@q-value.com
Remote server closed connection.
winston@q-value.com
Remote server closed connection.
wkwong@q-value.com
Remote server closed connection.
ytyong@q-value.com
Remote server closed connection.
Tried 7 time(s)



****** MAIL SERVER MESSAGE ******
0
 
David AtkinIT ProfessionalCommented:
Have you checked to see if your domain is on a blacklist?

Is it just with this one client?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
patcheahAuthor Commented:
no, my domain is clean.

so far there is 2 domains affected, im not sure there are from same email hosting company.
0
 
patcheahAuthor Commented:
NDR from this sender:

mailer-daemon@ms-virgo.securen.net

any clue?
0
 
David AtkinIT ProfessionalCommented:
It might be worth checking your tracking logs in Exchange to see if it gives any further information.

I would raise the issue with your clients IT departments.  It doesn't look like an Exchange generated NDR to me.
0
 
patcheahAuthor Commented:
Hi David Atkin

Thanks. This is what i thought. Without doing anything, now we are able to receive email from the client.

I would ask the client to request the log from their hosting provider to see what when wrong.
0
 
David AtkinIT ProfessionalCommented:
Let us know how you get on.

Thanks
0
 
patcheahAuthor Commented:
Hi,

still a very general log from sender hosting company, both supplier are confirm host at same hosting company. attached below.


"SMTPC" 3660 807858 "2014-03-10 21:10:40.231" "111.90.137.245" "RECEIVED: 220 *************************************************************************************************"
"SMTPC" 3660 807858 "2014-03-10 21:10:40.231" "111.90.137.245" "SENT: HELO ms-ursa.securen.net"
"SMTPC" 3660 807858 "2014-03-10 21:10:40.231" "111.90.137.245" "RECEIVED: 250 qvalueexsvr001.qvalue.local Hello [112.137.166.26]"
"SMTPC" 3660 807858 "2014-03-10 21:10:40.231" "111.90.137.245" "SENT: MAIL FROM:<zamir@ekogrp.com.my>"
"SMTPC" 3660 807858 "2014-03-10 21:10:40.231" "111.90.137.245" "RECEIVED: 250 2.1.0 Sender OK"
"SMTPC" 3660 807858 "2014-03-10 21:10:40.231" "111.90.137.245" "SENT: RCPT TO:<qveng@q-value.com>"
"SMTPC" 3644 807858 "2014-03-10 21:10:40.247" "111.90.137.245" "RECEIVED: 250 2.1.5 Recipient OK"
"SMTPC" 3644 807858 "2014-03-10 21:10:40.247" "111.90.137.245" "SENT: RCPT TO:<winston@q-value.com>"
"SMTPC" 3644 807858 "2014-03-10 21:10:40.247" "111.90.137.245" "RECEIVED: 250 2.1.5 Recipient OK"
"SMTPC" 3644 807858 "2014-03-10 21:10:40.247" "111.90.137.245" "SENT: DATA"
"SMTPC" 3644 807858 "2014-03-10 21:10:40.263" "111.90.137.245" "RECEIVED: 354 Start mail input; end with <CRLF>.<CRLF>"


"SMTPC" 22496 194753 "2014-03-11 23:28:15.934" "111.90.137.245" "RECEIVED: 220 *************************************************************************************************"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.934" "111.90.137.245" "SENT: HELO ms-virgo.securen.net"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.950" "111.90.137.245" "RECEIVED: 250 qvalueexsvr001.qvalue.local Hello [202.71.99.245]"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.950" "111.90.137.245" "SENT: MAIL FROM:<csliung@triplus.com.my>"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.950" "111.90.137.245" "RECEIVED: 250 2.1.0 Sender OK"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.950" "111.90.137.245" "SENT: RCPT TO:<cscheah@q-value.com>"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.950" "111.90.137.245" "RECEIVED: 250 2.1.5 Recipient OK"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.950" "111.90.137.245" "SENT: RCPT TO:<fpsoo@q-value.com>"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.950" "111.90.137.245" "RECEIVED: 250 2.1.5 Recipient OK"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.950" "111.90.137.245" "SENT: RCPT TO:<owsc@q-value.com>"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.965" "111.90.137.245" "RECEIVED: 250 2.1.5 Recipient OK"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.965" "111.90.137.245" "SENT: RCPT TO:<stlim@q-value.com>"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.965" "111.90.137.245" "RECEIVED: 250 2.1.5 Recipient OK"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.965" "111.90.137.245" "SENT: RCPT TO:<winston@q-value.com>"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.965" "111.90.137.245" "RECEIVED: 250 2.1.5 Recipient OK"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.965" "111.90.137.245" "SENT: RCPT TO:<wkwong@q-value.com>"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.965" "111.90.137.245" "RECEIVED: 250 2.1.5 Recipient OK"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.981" "111.90.137.245" "SENT: RCPT TO:<ytyong@q-value.com>"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.981" "111.90.137.245" "RECEIVED: 250 2.1.5 Recipient OK"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.981" "111.90.137.245" "SENT: DATA"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.981" "111.90.137.245" "RECEIVED: 354 Start mail input; end with <CRLF>.<CRLF>"


i check my transaction logs, v14>transportrules>logs>connectivity

didnt show any error as well

Thanks
0
 
David AtkinIT ProfessionalCommented:
Doesn't give us a great deal to go with really.  

Did you send a large attachment with the email or anything?  

Either way the error looks as though it resides on their server to me.
0
 
Simon Butler (Sembee)ConsultantCommented:
Someone has a Cisco PIX or ASA device.
If that is the case, then you need to disable the FIXUPSMTP, MailGuard feature.

http://support.microsoft.com/kb/320027

Simon.
0
 
patcheahAuthor Commented:
Hi Simon,

Yes, we do have a asa ciso firewall, will have a look on it.

Thanks
0
 
patcheahAuthor Commented:
Hi David,

Just a normal email size, less than 1mb. It happens on and off, intermittently.
0
 
patcheahAuthor Commented:
HI Simon,

Datacenter guy claim that the model of cisco asa 5550 no longer have the feature of ,

"FIXUPSMTP, MailGuard feature"

still happens intermittently, what other area i can try to investigate?

Thank
0
 
Simon Butler (Sembee)ConsultantCommented:
Data centre guy is wrong. That is the cause of the *************** in the log file.
It is called something else in later versions of the Cisco operating system, I cannot recall what it is called now (gave up on Cisco years ago).

Simon.
0
 
patcheahAuthor Commented:
Hi Simon,

You are right! data center guy problem!

"FIXUPSMTP, MailGuard feature"

This fixed the problem! issue resolved!

Thanks
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 9
  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now