Solved

Remoter Server Closed Connection

Posted on 2014-03-11
16
176 Views
Last Modified: 2014-03-26
We are using M.Exchange 2010.

Some of our recipient has been complaining that they receive a bounce back message with the NDR

The following recipient(s) could not be reached:
Remote server closed connection.

****** MAIL SERVER MESSAGE ******

We are still receive emails from them but it seems to be intermittent.

Could you provide any Que to this issue?
0
Comment
Question by:patcheah
  • 9
  • 5
  • 2
16 Comments
 
LVL 22

Expert Comment

by:David Atkin
ID: 39921174
Hello,

Can you give us the NDR? This will be key to finding out where the problem lies.
0
 

Author Comment

by:patcheah
ID: 39921186
The NDR is very general

Your message did not reach some or all of the intended recipients.

   Sent: Tue, 11 Mar 2014 17:14:04 +0800
   Subject: RE: Faraday Files Uploaded to FTP

The following recipient(s) could not be reached:

cscheah@q-value.com
Remote server closed connection.
fpsoo@q-value.com
Remote server closed connection.
owsc@q-value.com
Remote server closed connection.
stlim@q-value.com
Remote server closed connection.
winston@q-value.com
Remote server closed connection.
wkwong@q-value.com
Remote server closed connection.
ytyong@q-value.com
Remote server closed connection.
Tried 7 time(s)



****** MAIL SERVER MESSAGE ******
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39921266
Have you checked to see if your domain is on a blacklist?

Is it just with this one client?
0
 

Author Comment

by:patcheah
ID: 39922225
no, my domain is clean.

so far there is 2 domains affected, im not sure there are from same email hosting company.
0
 

Author Comment

by:patcheah
ID: 39922307
NDR from this sender:

mailer-daemon@ms-virgo.securen.net

any clue?
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39922783
It might be worth checking your tracking logs in Exchange to see if it gives any further information.

I would raise the issue with your clients IT departments.  It doesn't look like an Exchange generated NDR to me.
0
 

Author Comment

by:patcheah
ID: 39922787
Hi David Atkin

Thanks. This is what i thought. Without doing anything, now we are able to receive email from the client.

I would ask the client to request the log from their hosting provider to see what when wrong.
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39922790
Let us know how you get on.

Thanks
0
Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

 

Author Comment

by:patcheah
ID: 39922992
Hi,

still a very general log from sender hosting company, both supplier are confirm host at same hosting company. attached below.


"SMTPC" 3660 807858 "2014-03-10 21:10:40.231" "111.90.137.245" "RECEIVED: 220 *************************************************************************************************"
"SMTPC" 3660 807858 "2014-03-10 21:10:40.231" "111.90.137.245" "SENT: HELO ms-ursa.securen.net"
"SMTPC" 3660 807858 "2014-03-10 21:10:40.231" "111.90.137.245" "RECEIVED: 250 qvalueexsvr001.qvalue.local Hello [112.137.166.26]"
"SMTPC" 3660 807858 "2014-03-10 21:10:40.231" "111.90.137.245" "SENT: MAIL FROM:<zamir@ekogrp.com.my>"
"SMTPC" 3660 807858 "2014-03-10 21:10:40.231" "111.90.137.245" "RECEIVED: 250 2.1.0 Sender OK"
"SMTPC" 3660 807858 "2014-03-10 21:10:40.231" "111.90.137.245" "SENT: RCPT TO:<qveng@q-value.com>"
"SMTPC" 3644 807858 "2014-03-10 21:10:40.247" "111.90.137.245" "RECEIVED: 250 2.1.5 Recipient OK"
"SMTPC" 3644 807858 "2014-03-10 21:10:40.247" "111.90.137.245" "SENT: RCPT TO:<winston@q-value.com>"
"SMTPC" 3644 807858 "2014-03-10 21:10:40.247" "111.90.137.245" "RECEIVED: 250 2.1.5 Recipient OK"
"SMTPC" 3644 807858 "2014-03-10 21:10:40.247" "111.90.137.245" "SENT: DATA"
"SMTPC" 3644 807858 "2014-03-10 21:10:40.263" "111.90.137.245" "RECEIVED: 354 Start mail input; end with <CRLF>.<CRLF>"


"SMTPC" 22496 194753 "2014-03-11 23:28:15.934" "111.90.137.245" "RECEIVED: 220 *************************************************************************************************"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.934" "111.90.137.245" "SENT: HELO ms-virgo.securen.net"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.950" "111.90.137.245" "RECEIVED: 250 qvalueexsvr001.qvalue.local Hello [202.71.99.245]"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.950" "111.90.137.245" "SENT: MAIL FROM:<csliung@triplus.com.my>"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.950" "111.90.137.245" "RECEIVED: 250 2.1.0 Sender OK"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.950" "111.90.137.245" "SENT: RCPT TO:<cscheah@q-value.com>"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.950" "111.90.137.245" "RECEIVED: 250 2.1.5 Recipient OK"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.950" "111.90.137.245" "SENT: RCPT TO:<fpsoo@q-value.com>"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.950" "111.90.137.245" "RECEIVED: 250 2.1.5 Recipient OK"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.950" "111.90.137.245" "SENT: RCPT TO:<owsc@q-value.com>"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.965" "111.90.137.245" "RECEIVED: 250 2.1.5 Recipient OK"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.965" "111.90.137.245" "SENT: RCPT TO:<stlim@q-value.com>"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.965" "111.90.137.245" "RECEIVED: 250 2.1.5 Recipient OK"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.965" "111.90.137.245" "SENT: RCPT TO:<winston@q-value.com>"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.965" "111.90.137.245" "RECEIVED: 250 2.1.5 Recipient OK"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.965" "111.90.137.245" "SENT: RCPT TO:<wkwong@q-value.com>"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.965" "111.90.137.245" "RECEIVED: 250 2.1.5 Recipient OK"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.981" "111.90.137.245" "SENT: RCPT TO:<ytyong@q-value.com>"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.981" "111.90.137.245" "RECEIVED: 250 2.1.5 Recipient OK"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.981" "111.90.137.245" "SENT: DATA"
"SMTPC" 22496 194753 "2014-03-11 23:28:15.981" "111.90.137.245" "RECEIVED: 354 Start mail input; end with <CRLF>.<CRLF>"


i check my transaction logs, v14>transportrules>logs>connectivity

didnt show any error as well

Thanks
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 39923013
Doesn't give us a great deal to go with really.  

Did you send a large attachment with the email or anything?  

Either way the error looks as though it resides on their server to me.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39923095
Someone has a Cisco PIX or ASA device.
If that is the case, then you need to disable the FIXUPSMTP, MailGuard feature.

http://support.microsoft.com/kb/320027

Simon.
0
 

Author Comment

by:patcheah
ID: 39923541
Hi Simon,

Yes, we do have a asa ciso firewall, will have a look on it.

Thanks
0
 

Author Comment

by:patcheah
ID: 39923561
Hi David,

Just a normal email size, less than 1mb. It happens on and off, intermittently.
0
 

Author Comment

by:patcheah
ID: 39928227
HI Simon,

Datacenter guy claim that the model of cisco asa 5550 no longer have the feature of ,

"FIXUPSMTP, MailGuard feature"

still happens intermittently, what other area i can try to investigate?

Thank
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39928883
Data centre guy is wrong. That is the cause of the *************** in the log file.
It is called something else in later versions of the Cisco operating system, I cannot recall what it is called now (gave up on Cisco years ago).

Simon.
0
 

Author Comment

by:patcheah
ID: 39957995
Hi Simon,

You are right! data center guy problem!

"FIXUPSMTP, MailGuard feature"

This fixed the problem! issue resolved!

Thanks
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now