Unable to receive E-mails with attachments from some domains


This has been a very perplexing problem and I hope someone can shed some light on this problem.  I have an Exchange 2010 box.  E-mails with attachments from mulitple domains but not all are not coming through.  At least two domains can send me E-mails with attachments seemingly with no problems.   For the domains that I'm having prolems with if there is not attachment the E-mail comes through with no problems.  In addition to the 421 4.4.1 error I also get 451 4.7.0.  

When an E-mail from one of these problem domains is being sent with an attachment, I can see the connection being made to our server but the connection will eventually time out.  I have reviewed the SMTPProtocol log and I can see all the normal SMTP communications.  It gets down to transmitting data and it times out after what I assume is the connection timeout expiration.  

I increased the connection timeout on my receive connector from the default of 10mins up to 40mins and that did nothing.  I have disabled Chunking and BinaryMime all to no avail.  I have lowered the MTU rate on my router, the firewall and the server and still nothing.  

I did a packet capture on my firewall and in one example when the E-mail comes in with an attachment i see the 3-way handshake, I then see the data being pushed.  After about 12 minutes the far side connection issues a reset and the connection is terminated.  In my test the attachment is a reasonably sized attachment.  The attachment size limitation in Exchange is not the issue.  We can send attachment to these problem domain without any problems, the reverse however is a problem.  I can seemingly telnet to port 25 on my Exchange server and send test E-mails with attachments all day.  I also pushed out to my perimeter router and telneted to 25 my Exchange server (Path = Router>Fireware>Exchange) and I can send E-mails seemingly all day with attachments and they come through fine.  

I also diabled ESMTP on the firewall and that had no effect.  When I look in the Protocol log everything looks normal, there are no ******** that would indicate a problem.   My Exchange server is receiving E-mail directly, which I know is not ideal, but never the less is the present setup.  I'm in a control environment so I'm not so worried about the present setup.  I'll be putting a Edge server in place as soon as possible.  

Can anyone shed any light on this?  I have come up empty.  I have Googled the issue extensively and found plenty of hits on this issue but none of the remedies have resolved the problem.  I thought we might be on to something with the MTU setting but that seems to not be the issue.  I lowered my MTU to 900.  I did a ping with load from a completely separate circuit and the do not fragment switch and it failed until I got to 960 bytes.  Below 960 I got responses but with 40% packet loss.  

After doing the ping test remotely I moved to local environment where I'm having the problem and I did a ping with payload from the perimeter router to my Exchange 2010 server, again pings above 960 failed and below I would see packet loss of 40%.  The suggested to me that maybe something is wrong with the router or cabling.  But to counter that why can i receive E-mails with attachment from some people.  If this is the problem I would expect everyone to have the problem and my telnet test from the router should fail.  

What say anyone about this problem?  Nothing seemingly makes sense.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
Error codes on their own are close to useless. The text is the value bit.
What is the firewall? Reading between the lines it sounds like it could be a Cisco.
Have you tried bypassing it? Are you sure that all of the SMTP scanning functionality is disabled?

This is almost always a third party issue, rarely is it Exchange.
However do run the EXBPA, which is in the toolbox within EMC and make sure it flags nothing about the network configuration of the Exchange server.

As for the reason it works for some and not others. SMTP as a protocol is down to interpretation. Therefore some servers will talk to each other, some will not. It can often be a combination of their mail server, their gateway product, your gateway product and your email server that is the cause of the problems, with everything having its own interpretation of the SMTP protocol.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Enable and check SMTP logs for timeouts.

As 421 4.4.1 indicates a timeout, as per https://technet.microsoft.com/en-us/library/bb125140.aspx increasing the connector timeout value might help.

Set-Receiveconnector <NameofConnector> -ConnectionTimeOut 00:20:00 sets the timeout at 20 minutes, but from my experience go with 1h.

under your circumstances Set-ReceiveConnector -identity "<my receive connector>" -BinaryMimeEnabled $false -ChunkingEnabled $false might also help.
SPAITDEPTAuthor Commented:
It's a Cisco ASA 5510.  I disabled ESMTP and it has the AIM SSM-10 IPS module, which I shutdown this morning.  I disable ESMTP last week and that did nothing for me.  Our circuit has been down since Friday so I haven't been able to test whether shutting down the IPS module would do anything for me.   I checked the logs for the IPS last week and didn't see any traffic that was being dropped that was problematic, but I thought just to be sure this was not my nemesis I would shut it down.  As soon as this circuit gets back online I will test again.  

If it is the problem why wouldn't it be impacting all of my traffic.  The randomization of this issue has been really perplexing.  When we get back online I'll let you know the results of my test.  

thanks for your suggestion.
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

SPAITDEPTAuthor Commented:

Per my write up I've already up'd the ante on the receive connector to 40 mins and I've already disabled chunking and binarymime...no joy.
SPAITDEPTAuthor Commented:

Sorry, you answered my question about why it works for some and not others and I proceeded to reply back and ask the same question again.  My circuit is not back up yet but I sure hope the IPS is the problem.  

I agree with you response....with everything I'm seeing it has to be something unique to the senders environment and our environment.
Simon Butler (Sembee)ConsultantCommented:
It is very random in my experience and the problem isn't new.


The last time I had the issue I went off to Cisco support and got them to look at it. There was something I had missed - alas I don't remember what it was. I dropped Cisco shortly afterwards.

SPAITDEPTAuthor Commented:
The problem turned out to be related to my router.  I had an extra router on hand, so I swapped it out with a bare bones config and the magic started to happen.  E-mails with attachments from the problem domains started coming in.  I have not had time to dig further into to determine if it is a hardware issue and something in the config.  As I noted in my write up,  I suspect it has something to do with the fact when I tried pinging with payload from my perimeter router inward or to my next hop router, depending on how much payload I had, the ping would fail or show significant packet loss.  

Thanks Simon for affirming my suspicion that the Exchange server was not the problem and I was likely looking for an issue with my firewall or other device (i.e. router).  This was a very interesting problem to have dealt with.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.