Improve company productivity with a Business Account.Sign Up

x
?
Solved

SMTP Transaction TIme not Good, Exchange 2007 Sp2 on Windows 2003 with Barracuda Spam filter

Posted on 2015-01-08
16
Medium Priority
?
529 Views
Last Modified: 2015-01-16
Greetings,

we are experiencing email bounce backs from certain domains when they try to email us. Running mxtolbox diags shows a transaction time of 18.23 seconds.  The setup is Barracuda spam filter which forwards to hub transport server, which goes to exchange mailbox. Running exchange 2007 sp2. Saw a few error thrown up on the transport server :

1. The background scan of the transport queue database has completed. 259 message(s) were found.

Have checked the queue and they are empty. Don't know where this counter is coming from.

2. Also get msexchang common performance counter update error message.

Highly appreciate if any one could guide where to start looking for .
0
Comment
Question by:Rajkumar Kamath
  • 5
  • 4
  • 2
  • +3
15 Comments
 
LVL 12

Expert Comment

by:SreRaj
ID: 40537382
Hi,

Please try analyzing header of one of the mails which is delayed. Header will have timestamps for each device which has processed the mail during transit. Compare the timestamps and try to find the device which could have caused the delay.
0
 
LVL 12

Expert Comment

by:SreRaj
ID: 40537385
You could use MxToolbox tool http://mxtoolbox.com/EmailHeaders.aspx to analyze header.
0
 

Author Comment

by:Rajkumar Kamath
ID: 40537391
the issue is with incoming emails. A few of the senders who have tried sending email have got bounce backs or nothing at all.

#< #5.4.7 smtp; 554 5.4.7 [internal] exceeded max time without delivery> #SMTP#

This is the bounce back message one of them got. Also when I ran Exbpa , got error site folder server has been deleted. We had migrated the server from 2003 to 2007 a while back. THis is the first time I ran it. so not sure if the issues arerelated.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 2

Expert Comment

by:Hardik Desai
ID: 40537392
Check if the mail reaches to Barracuda.
Ensure your domain PTR record is registered in Public DNS with ISP.
0
 

Author Comment

by:Rajkumar Kamath
ID: 40537395
The mails in question never reached barracuda. However when the third party resend the emails, they came in and can see the logs. PTR Record exists and is registered .This issue started recently.
0
 
LVL 12

Expert Comment

by:SreRaj
ID: 40537447
Please check in MXToolbox if your domain is listed in any of the blacklists.
0
 
LVL 12

Expert Comment

by:SreRaj
ID: 40537474
Do you have RDNS configured for the MX Record hosts? Also, for some sender domains, it is a requirement that the RDNS should match SMTP banner for the host which is accepting mails. Please verify if this is configured in your environment. This could be the reason users are getting this error.
0
 

Author Comment

by:Rajkumar Kamath
ID: 40537592
The IP is not on any blocklist.  The PTR doesn't match the banner however.  That's always been the case though.

Many thanks,

Raj
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 750 total points
ID: 40537925
"exchange 2007 sp2"

That is an unsupported version of Exchange 2007. Before you do anything else you should upgrade to Exchange 2007 Sp3, and then to the latest rollup. There is no point doing any other diagnosis of the system until you are fully up to date.

I would also ensure that any AV software on the server has the correct exclusions for the Exchange folder structure.

The BPA tool would suggest the transport database is corrupt, so that should be replaced. However I would only do that AFTER installing Exchange 2007 Sp3.

Simon.
0
 
LVL 82

Expert Comment

by:arnold
ID: 40537928
Check the logs on your barracuda incoming mail processing.
It used to be that a sending mail server will wait for up to 120 seconds to deliver a message to the recipient's server.  These days the connection timeout is smaller likely 60 seconds if not shorter.  If the issue is not duplicates being received on your side, the time your barracuda takes to either accept the email, or your exchange and  acknowledge might be too long.
The test is of a 500-1024 byte message.  Are the messages that are not deliverable (bounce back to senders) have attachments?

If the sender is a business, ask if they might look at their mail server log to locate a transaction with yours to determine what the error on the email transmission is.

They can see, mail from going to connecting mail.yourserver.com
status 400 defer, timeout etc.
I am suggesting you ask the sending side for help, as it is rather harder to locate a log on your side looking for a connection for which you must know the originating IP.
See if you have many message on the incoming side where the message is that the connection was dropped by the remote.

to identify the message size at which this issue manifests, have the party send you messages with increasing attachment sizes.
0
 
LVL 21

Expert Comment

by:Daniel McAllister
ID: 40538480
To start with, the MXToolBox program will not be able to test anything past the Barracuda. The MXToolBox utility simply opens an SMTP connection, issues an EHLO command and waits to see how long it takes to get responses.

No actual mail is sent, so it never gets past your Barracuda device (SPAM filter).

I think my first inclination would be to power cycle the Barracuda -- then to look at the log files... that kind of response delay is usually either a glitched box, or you're under a heavy load (attack?).

Dan
IT4SOHO
0
 

Author Comment

by:Rajkumar Kamath
ID: 40538829
Dan,

Many thx. Did have attacks going on . Don't seem to have those now . Did power recycle the barracuda , enabled SMTP over tls etc but the time still shows as 18.4 and high . What else can we look for . Agreed it won't go past the barracuda , wouldn't have bothered but few senders had issues sending to our domain .

Don't c any latency issues or problems with the box . Had it checked by the barracuda techs .
0
 
LVL 21

Accepted Solution

by:
Daniel McAllister earned 750 total points
ID: 40538890
Assuming you have a Barracuda service plan, I would ask them to investigate why their box is replying so slowly to such a simple test. There may be a setting internally, or it is also possible that the mxtoolbox website/mail server could have wound up on one of their blacklists or greylists (Barracuda uses their own "private" lists -- you cannot access them unless you're a subscriber so the tests at places like valli.org will not catch those).

If you can get the Barracuda techs to test connectivity (and you're no longer under a heavy load/attack situation), they should be able to tell you what's holding up the initial response. I would tell them the exact test you're running -- they may also be able to explain to you why the results you see are normal for them, or where to look to correct it... I know that my preferred mail server (Qmail Toaster) comes stock with a 10-second delay on the initial reply as an anti-spam measure.

Without looking at the configs and/or log files in the Barracuda, I'm not sure how much additional help I could be from here. I "stuck my nose" into this question because so much of the advise was invalid. (To my mind, equivalent to telling you to rotate your tires when the car won't start!).

Good Luck!

Dan
IT4SOHO

PS: Just because the connectivity issue cannot be tested into the Exchange Server doesn't mean it (the Exchange Server) shouldn't be updated to the latest service pack.... just like fixing the starter in your car doesn't mean you shouldn't change the oil too!
0
 
LVL 82

Expert Comment

by:arnold
ID: 40538910
The intitial connection latency if any is from the initial IP checks forward/reverse if enabled. DNS RBL lists IP lookups if any

The timeout period is reset at each interval i.e. wait this long for a greeting.
Send greeting. wait so long for response.
Send sender info wait so long for affirmative response to proceed
send recipient info wait so long for - || -
send notice data is following wait so long to get the go ahead
send data wait so long for confirmation data was accepted
disconnect.

Large message processing issue will be on the step after data is sent. Though at times depending on the handling by barracuda, these transient failures will result in receipt of duplicate messages. i.e. barracuda has the data but by the time it accepts and acknowledges it the remote site disconnects.

Such that if the messages never arrive, that would suggest an issue on the first three initial greeting from barracuda, greeting from remote server, sender, recipient, data prior to transmission failure.

The logs of the sending server on this transaction will make it clearer where the issue might be.
0
 

Author Closing Comment

by:Rajkumar Kamath
ID: 40553919
thanks for the suggestions. the issue seems to have been with the IPS on the perimeter. Upgraded firmware for that, along with barracuda settings / firmware and things seem to be working pretty ok now. The transaction time is well within under 5 seconds. Apart, we are planning upgrade of exchange.  
thanks again
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Are you in the migration process of your Exchange to Exchange Online? Be aware of customized solutions developed on the transport role on your old Exchange server. They might not be convertible to Exchange Online!
Configure external lookups on for external mail flow on Exchange 2013 and Exchange 2016.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question