asked on

Exchange 2013 dropping emails from outside domain hosted by GoogleMail.

Currently running Exchange 2013 SP1 on Windows 2012 r2
Kaspersky security 9.0 for Microsoft Exchange
Fortinet 600C Firewall

I have a single domain which seems to be unable to deliver mail to us. The mail is rejected with the error 503 5.5.1 Bad Sequence of Commands

All other mail appears to be flowing normally... it is just this one domain which is hosted on Googlemail.

This just started Wednesday and mail was flowing normally before then. I have since whitelisted the domain since then on each the firewall, server and antivirus software. The server has also been rebooted.

Our marketing people are blaming me for this and I have had zero luck resolving the issue.
Verbose logging is enabled on the ReceiveConnector. The text of a conversation is as below (names and IP's changed to protect the innocent).

What am I missing?

EBC75AAF7CDF,47,MYLOCALIP:25,SENDERIP:37391,>,250-MAIL Hello [SENDERIP],
2015-11-13T16:45:14.666Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,48,MYLOCALIP:25,SENDERIP:37391,>,250-SIZE 37748736,
2015-11-13T16:45:14.666Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,49,MYLOCALIP:25,SENDERIP:37391,>,250-PIPELINING,
2015-11-13T16:45:14.666Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,50,MYLOCALIP:25,SENDERIP:37391,>,250-DSN,
2015-11-13T16:45:14.666Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,51,MYLOCALIP:25,SENDERIP:37391,>,250-ENHANCEDSTATUSCODES,
2015-11-13T16:45:14.666Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,52,MYLOCALIP:25,SENDERIP:37391,>,250-AUTH NTLM LOGIN,
2015-11-13T16:45:14.666Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,53,MYLOCALIP:25,SENDERIP:37391,>,250-X-EXPS GSSAPI NTLM,
2015-11-13T16:45:14.666Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,54,MYLOCALIP:25,SENDERIP:37391,>,250-8BITMIME,
2015-11-13T16:45:14.666Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,55,MYLOCALIP:25,SENDERIP:37391,>,250 XRDST,
2015-11-13T16:45:14.838Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,56,MYLOCALIP:25,SENDERIP:37391,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2015-11-13T16:45:14.838Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,57,MYLOCALIP:25,SENDERIP:37391,<,MAIL FROM:<SENDER EMAIL ADDRESS> SIZE=2654,
2015-11-13T16:45:14.838Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,58,MYLOCALIP:25,SENDERIP:37391,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2015-11-13T16:45:14.838Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,59,MYLOCALIP:25,SENDERIP:37391,*,08D2EBC75AAF7CDF;2015-11-13T16:45:13.556Z;1,receiving message
2015-11-13T16:45:14.838Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,60,MYLOCALIP:25,SENDERIP:37391,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2015-11-13T16:45:14.838Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,61,MYLOCALIP:25,SENDERIP:37391,<,RCPT TO:<RECIPIENT EMAIL ADDRESS>,
2015-11-13T16:45:14.838Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,62,MYLOCALIP:25,SENDERIP:37391,<,DATA,
2015-11-13T16:45:14.838Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,63,MYLOCALIP:25,SENDERIP:37391,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2015-11-13T16:45:14.838Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,64,MYLOCALIP:25,SENDERIP:37391,>,250 2.1.0 Sender OK,
2015-11-13T16:45:14.838Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,65,MYLOCALIP:25,SENDERIP:37391,>,250 2.1.5 Recipient OK,
2015-11-13T16:45:14.838Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,66,MYLOCALIP:25,SENDERIP:37391,>,354 Start mail input; end with <CRLF>.<CRLF>,
2015-11-13T16:45:15.463Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,67,MYLOCALIP:25,SENDERIP:37391,*,,Proxy destination(s) obtained from OnProxyInboundMessage event
2015-11-13T16:45:15.463Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,68,MYLOCALIP:25,SENDERIP:37391,*,,NextHopFqdn property is null or whitespace when creating InboundProxyLayer
2015-11-13T16:45:15.759Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,69,MYLOCALIP:25,SENDERIP:37391,>,250 2.6.0 <CAL-gAAgDUkDRcvjdR0dJ=kRsnu4VCNGbKyy46cwkwJBgxsPYEA@mail.gmail.com> Queued mail for delivery,
2015-11-13T16:45:15.931Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,70,MYLOCALIP:25,SENDERIP:37391,<,QUIT,
2015-11-13T16:45:15.931Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,71,MYLOCALIP:25,SENDERIP:37391,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2015-11-13T16:45:15.931Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,72,MYLOCALIP:25,SENDERIP:37391,>,221 2.0.0 Service closing transmission channel,
2015-11-13T16:45:15.931Z,MAIL\Default Frontend MAIL,08D2EBC75AAF7CDF,73,MYLOCALIP:25,SENDERIP:37391,-,,Local

Please help. While I know that this likely isn't directly my fault the ignorant person on marketing is verbally saying I am not doing my job and is threatening to go to the CEO if this isn't resolved soon.

ASKER CERTIFIED SOLUTION

Bembi

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

Hariom

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Jeff Rodgers

ASKER

Sorry for the late response. I'm going to award and even split on this one as I worked the problem myself and found the solution.

The sender was listed on numerous DNSBL's which when it hit Kaspersky caused the email to bounce with a poorly defined response. Checking their DNS settings revealed listings on SORBS, Spamhaus listings.

The email did arrive at the connector and was passed onwards only to be rejected for one of several reasons.

Of course, if the person who sent the email would now just believe me that our setup isn't the problem, everyone would be happy. Sigh...

Thanks for your help guys!