Solved

SMTP Transaction TIme not Good, Exchange 2007 Sp2 on Windows 2003 with Barracuda Spam filter

Posted on 2015-01-08
16
430 Views
Last Modified: 2015-01-16
Greetings,

we are experiencing email bounce backs from certain domains when they try to email us. Running mxtolbox diags shows a transaction time of 18.23 seconds.  The setup is Barracuda spam filter which forwards to hub transport server, which goes to exchange mailbox. Running exchange 2007 sp2. Saw a few error thrown up on the transport server :

1. The background scan of the transport queue database has completed. 259 message(s) were found.

Have checked the queue and they are empty. Don't know where this counter is coming from.

2. Also get msexchang common performance counter update error message.

Highly appreciate if any one could guide where to start looking for .
0
Comment
Question by:Rajkumar Kamath
  • 5
  • 4
  • 2
  • +3
16 Comments
 
LVL 12

Expert Comment

by:SreRaj
Comment Utility
Hi,

Please try analyzing header of one of the mails which is delayed. Header will have timestamps for each device which has processed the mail during transit. Compare the timestamps and try to find the device which could have caused the delay.
0
 
LVL 12

Expert Comment

by:SreRaj
Comment Utility
You could use MxToolbox tool http://mxtoolbox.com/EmailHeaders.aspx to analyze header.
0
 

Author Comment

by:Rajkumar Kamath
Comment Utility
the issue is with incoming emails. A few of the senders who have tried sending email have got bounce backs or nothing at all.

#< #5.4.7 smtp; 554 5.4.7 [internal] exceeded max time without delivery> #SMTP#

This is the bounce back message one of them got. Also when I ran Exbpa , got error site folder server has been deleted. We had migrated the server from 2003 to 2007 a while back. THis is the first time I ran it. so not sure if the issues arerelated.
0
 
LVL 2

Expert Comment

by:Hardik Desai
Comment Utility
Check if the mail reaches to Barracuda.
Ensure your domain PTR record is registered in Public DNS with ISP.
0
 

Author Comment

by:Rajkumar Kamath
Comment Utility
The mails in question never reached barracuda. However when the third party resend the emails, they came in and can see the logs. PTR Record exists and is registered .This issue started recently.
0
 
LVL 12

Expert Comment

by:SreRaj
Comment Utility
Please check in MXToolbox if your domain is listed in any of the blacklists.
0
 
LVL 12

Expert Comment

by:SreRaj
Comment Utility
Do you have RDNS configured for the MX Record hosts? Also, for some sender domains, it is a requirement that the RDNS should match SMTP banner for the host which is accepting mails. Please verify if this is configured in your environment. This could be the reason users are getting this error.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:Rajkumar Kamath
Comment Utility
The IP is not on any blocklist.  The PTR doesn't match the banner however.  That's always been the case though.

Many thanks,

Raj
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 250 total points
Comment Utility
"exchange 2007 sp2"

That is an unsupported version of Exchange 2007. Before you do anything else you should upgrade to Exchange 2007 Sp3, and then to the latest rollup. There is no point doing any other diagnosis of the system until you are fully up to date.

I would also ensure that any AV software on the server has the correct exclusions for the Exchange folder structure.

The BPA tool would suggest the transport database is corrupt, so that should be replaced. However I would only do that AFTER installing Exchange 2007 Sp3.

Simon.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Check the logs on your barracuda incoming mail processing.
It used to be that a sending mail server will wait for up to 120 seconds to deliver a message to the recipient's server.  These days the connection timeout is smaller likely 60 seconds if not shorter.  If the issue is not duplicates being received on your side, the time your barracuda takes to either accept the email, or your exchange and  acknowledge might be too long.
The test is of a 500-1024 byte message.  Are the messages that are not deliverable (bounce back to senders) have attachments?

If the sender is a business, ask if they might look at their mail server log to locate a transaction with yours to determine what the error on the email transmission is.

They can see, mail from going to connecting mail.yourserver.com
status 400 defer, timeout etc.
I am suggesting you ask the sending side for help, as it is rather harder to locate a log on your side looking for a connection for which you must know the originating IP.
See if you have many message on the incoming side where the message is that the connection was dropped by the remote.

to identify the message size at which this issue manifests, have the party send you messages with increasing attachment sizes.
0
 
LVL 20

Expert Comment

by:Daniel McAllister
Comment Utility
To start with, the MXToolBox program will not be able to test anything past the Barracuda. The MXToolBox utility simply opens an SMTP connection, issues an EHLO command and waits to see how long it takes to get responses.

No actual mail is sent, so it never gets past your Barracuda device (SPAM filter).

I think my first inclination would be to power cycle the Barracuda -- then to look at the log files... that kind of response delay is usually either a glitched box, or you're under a heavy load (attack?).

Dan
IT4SOHO
0
 

Author Comment

by:Rajkumar Kamath
Comment Utility
Dan,

Many thx. Did have attacks going on . Don't seem to have those now . Did power recycle the barracuda , enabled SMTP over tls etc but the time still shows as 18.4 and high . What else can we look for . Agreed it won't go past the barracuda , wouldn't have bothered but few senders had issues sending to our domain .

Don't c any latency issues or problems with the box . Had it checked by the barracuda techs .
0
 
LVL 20

Accepted Solution

by:
Daniel McAllister earned 250 total points
Comment Utility
Assuming you have a Barracuda service plan, I would ask them to investigate why their box is replying so slowly to such a simple test. There may be a setting internally, or it is also possible that the mxtoolbox website/mail server could have wound up on one of their blacklists or greylists (Barracuda uses their own "private" lists -- you cannot access them unless you're a subscriber so the tests at places like valli.org will not catch those).

If you can get the Barracuda techs to test connectivity (and you're no longer under a heavy load/attack situation), they should be able to tell you what's holding up the initial response. I would tell them the exact test you're running -- they may also be able to explain to you why the results you see are normal for them, or where to look to correct it... I know that my preferred mail server (Qmail Toaster) comes stock with a 10-second delay on the initial reply as an anti-spam measure.

Without looking at the configs and/or log files in the Barracuda, I'm not sure how much additional help I could be from here. I "stuck my nose" into this question because so much of the advise was invalid. (To my mind, equivalent to telling you to rotate your tires when the car won't start!).

Good Luck!

Dan
IT4SOHO

PS: Just because the connectivity issue cannot be tested into the Exchange Server doesn't mean it (the Exchange Server) shouldn't be updated to the latest service pack.... just like fixing the starter in your car doesn't mean you shouldn't change the oil too!
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
The intitial connection latency if any is from the initial IP checks forward/reverse if enabled. DNS RBL lists IP lookups if any

The timeout period is reset at each interval i.e. wait this long for a greeting.
Send greeting. wait so long for response.
Send sender info wait so long for affirmative response to proceed
send recipient info wait so long for - || -
send notice data is following wait so long to get the go ahead
send data wait so long for confirmation data was accepted
disconnect.

Large message processing issue will be on the step after data is sent. Though at times depending on the handling by barracuda, these transient failures will result in receipt of duplicate messages. i.e. barracuda has the data but by the time it accepts and acknowledges it the remote site disconnects.

Such that if the messages never arrive, that would suggest an issue on the first three initial greeting from barracuda, greeting from remote server, sender, recipient, data prior to transmission failure.

The logs of the sending server on this transaction will make it clearer where the issue might be.
0
 

Author Closing Comment

by:Rajkumar Kamath
Comment Utility
thanks for the suggestions. the issue seems to have been with the IPS on the perimeter. Upgraded firmware for that, along with barracuda settings / firmware and things seem to be working pretty ok now. The transaction time is well within under 5 seconds. Apart, we are planning upgrade of exchange.  
thanks again
0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Join & Write a Comment

Suggested Solutions

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now