Solved

Unable to receive E-mails with attachments from some domains

Posted on 2015-02-09
7
56 Views
Last Modified: 2015-02-11
All

This has been a very perplexing problem and I hope someone can shed some light on this problem.  I have an Exchange 2010 box.  E-mails with attachments from mulitple domains but not all are not coming through.  At least two domains can send me E-mails with attachments seemingly with no problems.   For the domains that I'm having prolems with if there is not attachment the E-mail comes through with no problems.  In addition to the 421 4.4.1 error I also get 451 4.7.0.  

When an E-mail from one of these problem domains is being sent with an attachment, I can see the connection being made to our server but the connection will eventually time out.  I have reviewed the SMTPProtocol log and I can see all the normal SMTP communications.  It gets down to transmitting data and it times out after what I assume is the connection timeout expiration.  

I increased the connection timeout on my receive connector from the default of 10mins up to 40mins and that did nothing.  I have disabled Chunking and BinaryMime all to no avail.  I have lowered the MTU rate on my router, the firewall and the server and still nothing.  

I did a packet capture on my firewall and in one example when the E-mail comes in with an attachment i see the 3-way handshake, I then see the data being pushed.  After about 12 minutes the far side connection issues a reset and the connection is terminated.  In my test the attachment is a reasonably sized attachment.  The attachment size limitation in Exchange is not the issue.  We can send attachment to these problem domain without any problems, the reverse however is a problem.  I can seemingly telnet to port 25 on my Exchange server and send test E-mails with attachments all day.  I also pushed out to my perimeter router and telneted to 25 my Exchange server (Path = Router>Fireware>Exchange) and I can send E-mails seemingly all day with attachments and they come through fine.  

I also diabled ESMTP on the firewall and that had no effect.  When I look in the Protocol log everything looks normal, there are no ******** that would indicate a problem.   My Exchange server is receiving E-mail directly, which I know is not ideal, but never the less is the present setup.  I'm in a control environment so I'm not so worried about the present setup.  I'll be putting a Edge server in place as soon as possible.  

Can anyone shed any light on this?  I have come up empty.  I have Googled the issue extensively and found plenty of hits on this issue but none of the remedies have resolved the problem.  I thought we might be on to something with the MTU setting but that seems to not be the issue.  I lowered my MTU to 900.  I did a ping with load from a completely separate circuit and the do not fragment switch and it failed until I got to 960 bytes.  Below 960 I got responses but with 40% packet loss.  

After doing the ping test remotely I moved to local environment where I'm having the problem and I did a ping with payload from the perimeter router to my Exchange 2010 server, again pings above 960 failed and below I would see packet loss of 40%.  The suggested to me that maybe something is wrong with the router or cabling.  But to counter that why can i receive E-mails with attachment from some people.  If this is the problem I would expect everyone to have the problem and my telnet test from the router should fail.  

What say anyone about this problem?  Nothing seemingly makes sense.
0
Comment
Question by:SPAITDEPT
  • 4
  • 2
7 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40598841
Error codes on their own are close to useless. The text is the value bit.
What is the firewall? Reading between the lines it sounds like it could be a Cisco.
Have you tried bypassing it? Are you sure that all of the SMTP scanning functionality is disabled?

This is almost always a third party issue, rarely is it Exchange.
However do run the EXBPA, which is in the toolbox within EMC and make sure it flags nothing about the network configuration of the Exchange server.

As for the reason it works for some and not others. SMTP as a protocol is down to interpretation. Therefore some servers will talk to each other, some will not. It can often be a combination of their mail server, their gateway product, your gateway product and your email server that is the cause of the problems, with everything having its own interpretation of the SMTP protocol.

Simon.
0
 
LVL 5

Expert Comment

by:basil2912
ID: 40598874
Enable and check SMTP logs for timeouts.

As 421 4.4.1 indicates a timeout, as per https://technet.microsoft.com/en-us/library/bb125140.aspx increasing the connector timeout value might help.

Set-Receiveconnector <NameofConnector> -ConnectionTimeOut 00:20:00 sets the timeout at 20 minutes, but from my experience go with 1h.

under your circumstances Set-ReceiveConnector -identity "<my receive connector>" -BinaryMimeEnabled $false -ChunkingEnabled $false might also help.
0
 

Author Comment

by:SPAITDEPT
ID: 40598880
It's a Cisco ASA 5510.  I disabled ESMTP and it has the AIM SSM-10 IPS module, which I shutdown this morning.  I disable ESMTP last week and that did nothing for me.  Our circuit has been down since Friday so I haven't been able to test whether shutting down the IPS module would do anything for me.   I checked the logs for the IPS last week and didn't see any traffic that was being dropped that was problematic, but I thought just to be sure this was not my nemesis I would shut it down.  As soon as this circuit gets back online I will test again.  

If it is the problem why wouldn't it be impacting all of my traffic.  The randomization of this issue has been really perplexing.  When we get back online I'll let you know the results of my test.  

thanks for your suggestion.
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 

Author Comment

by:SPAITDEPT
ID: 40598890
basil2912

Per my write up I've already up'd the ante on the receive connector to 40 mins and I've already disabled chunking and binarymime...no joy.
0
 

Author Comment

by:SPAITDEPT
ID: 40599055
Simon

Sorry, you answered my question about why it works for some and not others and I proceeded to reply back and ask the same question again.  My circuit is not back up yet but I sure hope the IPS is the problem.  

I agree with you response....with everything I'm seeing it has to be something unique to the senders environment and our environment.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40599512
It is very random in my experience and the problem isn't new.

https://support.microsoft.com/kb/320027

The last time I had the issue I went off to Cisco support and got them to look at it. There was something I had missed - alas I don't remember what it was. I dropped Cisco shortly afterwards.

Simon.
0
 

Author Closing Comment

by:SPAITDEPT
ID: 40603119
The problem turned out to be related to my router.  I had an extra router on hand, so I swapped it out with a bare bones config and the magic started to happen.  E-mails with attachments from the problem domains started coming in.  I have not had time to dig further into to determine if it is a hardware issue and something in the config.  As I noted in my write up,  I suspect it has something to do with the fact when I tried pinging with payload from my perimeter router inward or to my next hop router, depending on how much payload I had, the ping would fail or show significant packet loss.  

Thanks Simon for affirming my suspicion that the Exchange server was not the problem and I was likely looking for an issue with my firewall or other device (i.e. router).  This was a very interesting problem to have dealt with.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now