Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

SMTP Transaction TIme not Good, Exchange 2007 Sp2 on Windows 2003 with Barracuda Spam filter

Posted on 2015-01-08
16
Medium Priority
?
497 Views
Last Modified: 2015-01-16
Greetings,

we are experiencing email bounce backs from certain domains when they try to email us. Running mxtolbox diags shows a transaction time of 18.23 seconds.  The setup is Barracuda spam filter which forwards to hub transport server, which goes to exchange mailbox. Running exchange 2007 sp2. Saw a few error thrown up on the transport server :

1. The background scan of the transport queue database has completed. 259 message(s) were found.

Have checked the queue and they are empty. Don't know where this counter is coming from.

2. Also get msexchang common performance counter update error message.

Highly appreciate if any one could guide where to start looking for .
0
Comment
Question by:Rajkumar Kamath
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +3
16 Comments
 
LVL 12

Expert Comment

by:SreRaj
ID: 40537382
Hi,

Please try analyzing header of one of the mails which is delayed. Header will have timestamps for each device which has processed the mail during transit. Compare the timestamps and try to find the device which could have caused the delay.
0
 
LVL 12

Expert Comment

by:SreRaj
ID: 40537385
You could use MxToolbox tool http://mxtoolbox.com/EmailHeaders.aspx to analyze header.
0
 

Author Comment

by:Rajkumar Kamath
ID: 40537391
the issue is with incoming emails. A few of the senders who have tried sending email have got bounce backs or nothing at all.

#< #5.4.7 smtp; 554 5.4.7 [internal] exceeded max time without delivery> #SMTP#

This is the bounce back message one of them got. Also when I ran Exbpa , got error site folder server has been deleted. We had migrated the server from 2003 to 2007 a while back. THis is the first time I ran it. so not sure if the issues arerelated.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Expert Comment

by:Hardik Desai
ID: 40537392
Check if the mail reaches to Barracuda.
Ensure your domain PTR record is registered in Public DNS with ISP.
0
 

Author Comment

by:Rajkumar Kamath
ID: 40537395
The mails in question never reached barracuda. However when the third party resend the emails, they came in and can see the logs. PTR Record exists and is registered .This issue started recently.
0
 
LVL 12

Expert Comment

by:SreRaj
ID: 40537447
Please check in MXToolbox if your domain is listed in any of the blacklists.
0
 
LVL 12

Expert Comment

by:SreRaj
ID: 40537474
Do you have RDNS configured for the MX Record hosts? Also, for some sender domains, it is a requirement that the RDNS should match SMTP banner for the host which is accepting mails. Please verify if this is configured in your environment. This could be the reason users are getting this error.
0
 

Author Comment

by:Rajkumar Kamath
ID: 40537592
The IP is not on any blocklist.  The PTR doesn't match the banner however.  That's always been the case though.

Many thanks,

Raj
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 750 total points
ID: 40537925
"exchange 2007 sp2"

That is an unsupported version of Exchange 2007. Before you do anything else you should upgrade to Exchange 2007 Sp3, and then to the latest rollup. There is no point doing any other diagnosis of the system until you are fully up to date.

I would also ensure that any AV software on the server has the correct exclusions for the Exchange folder structure.

The BPA tool would suggest the transport database is corrupt, so that should be replaced. However I would only do that AFTER installing Exchange 2007 Sp3.

Simon.
0
 
LVL 80

Expert Comment

by:arnold
ID: 40537928
Check the logs on your barracuda incoming mail processing.
It used to be that a sending mail server will wait for up to 120 seconds to deliver a message to the recipient's server.  These days the connection timeout is smaller likely 60 seconds if not shorter.  If the issue is not duplicates being received on your side, the time your barracuda takes to either accept the email, or your exchange and  acknowledge might be too long.
The test is of a 500-1024 byte message.  Are the messages that are not deliverable (bounce back to senders) have attachments?

If the sender is a business, ask if they might look at their mail server log to locate a transaction with yours to determine what the error on the email transmission is.

They can see, mail from going to connecting mail.yourserver.com
status 400 defer, timeout etc.
I am suggesting you ask the sending side for help, as it is rather harder to locate a log on your side looking for a connection for which you must know the originating IP.
See if you have many message on the incoming side where the message is that the connection was dropped by the remote.

to identify the message size at which this issue manifests, have the party send you messages with increasing attachment sizes.
0
 
LVL 21

Expert Comment

by:Daniel McAllister
ID: 40538480
To start with, the MXToolBox program will not be able to test anything past the Barracuda. The MXToolBox utility simply opens an SMTP connection, issues an EHLO command and waits to see how long it takes to get responses.

No actual mail is sent, so it never gets past your Barracuda device (SPAM filter).

I think my first inclination would be to power cycle the Barracuda -- then to look at the log files... that kind of response delay is usually either a glitched box, or you're under a heavy load (attack?).

Dan
IT4SOHO
0
 

Author Comment

by:Rajkumar Kamath
ID: 40538829
Dan,

Many thx. Did have attacks going on . Don't seem to have those now . Did power recycle the barracuda , enabled SMTP over tls etc but the time still shows as 18.4 and high . What else can we look for . Agreed it won't go past the barracuda , wouldn't have bothered but few senders had issues sending to our domain .

Don't c any latency issues or problems with the box . Had it checked by the barracuda techs .
0
 
LVL 21

Accepted Solution

by:
Daniel McAllister earned 750 total points
ID: 40538890
Assuming you have a Barracuda service plan, I would ask them to investigate why their box is replying so slowly to such a simple test. There may be a setting internally, or it is also possible that the mxtoolbox website/mail server could have wound up on one of their blacklists or greylists (Barracuda uses their own "private" lists -- you cannot access them unless you're a subscriber so the tests at places like valli.org will not catch those).

If you can get the Barracuda techs to test connectivity (and you're no longer under a heavy load/attack situation), they should be able to tell you what's holding up the initial response. I would tell them the exact test you're running -- they may also be able to explain to you why the results you see are normal for them, or where to look to correct it... I know that my preferred mail server (Qmail Toaster) comes stock with a 10-second delay on the initial reply as an anti-spam measure.

Without looking at the configs and/or log files in the Barracuda, I'm not sure how much additional help I could be from here. I "stuck my nose" into this question because so much of the advise was invalid. (To my mind, equivalent to telling you to rotate your tires when the car won't start!).

Good Luck!

Dan
IT4SOHO

PS: Just because the connectivity issue cannot be tested into the Exchange Server doesn't mean it (the Exchange Server) shouldn't be updated to the latest service pack.... just like fixing the starter in your car doesn't mean you shouldn't change the oil too!
0
 
LVL 80

Expert Comment

by:arnold
ID: 40538910
The intitial connection latency if any is from the initial IP checks forward/reverse if enabled. DNS RBL lists IP lookups if any

The timeout period is reset at each interval i.e. wait this long for a greeting.
Send greeting. wait so long for response.
Send sender info wait so long for affirmative response to proceed
send recipient info wait so long for - || -
send notice data is following wait so long to get the go ahead
send data wait so long for confirmation data was accepted
disconnect.

Large message processing issue will be on the step after data is sent. Though at times depending on the handling by barracuda, these transient failures will result in receipt of duplicate messages. i.e. barracuda has the data but by the time it accepts and acknowledges it the remote site disconnects.

Such that if the messages never arrive, that would suggest an issue on the first three initial greeting from barracuda, greeting from remote server, sender, recipient, data prior to transmission failure.

The logs of the sending server on this transaction will make it clearer where the issue might be.
0
 

Author Closing Comment

by:Rajkumar Kamath
ID: 40553919
thanks for the suggestions. the issue seems to have been with the IPS on the perimeter. Upgraded firmware for that, along with barracuda settings / firmware and things seem to be working pretty ok now. The transaction time is well within under 5 seconds. Apart, we are planning upgrade of exchange.  
thanks again
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New style of hardware planning for Microsoft Exchange server.
If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question