Jeff Rodgers
asked on
Exchange 2013 dropping emails from outside domain hosted by GoogleMail.
Currently running Exchange 2013 SP1 on Windows 2012 r2
Kaspersky security 9.0 for Microsoft Exchange
Fortinet 600C Firewall
I have a single domain which seems to be unable to deliver mail to us. The mail is rejected with the error 503 5.5.1 Bad Sequence of Commands
All other mail appears to be flowing normally... it is just this one domain which is hosted on Googlemail.
This just started Wednesday and mail was flowing normally before then. I have since whitelisted the domain since then on each the firewall, server and antivirus software. The server has also been rebooted.
Our marketing people are blaming me for this and I have had zero luck resolving the issue.
Verbose logging is enabled on the ReceiveConnector. The text of a conversation is as below (names and IP's changed to protect the innocent).
What am I missing?
EBC75AAF7CDF,47,MYLOCALIP: 25,SENDERI P:37391,>, 250-MAIL Hello [SENDERIP],
2015-11-13T16:45:14.666Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,48,M YLOCALIP:2 5,SENDERIP :37391,>,2 50-SIZE 37748736,
2015-11-13T16:45:14.666Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,49,M YLOCALIP:2 5,SENDERIP :37391,>,2 50-PIPELIN ING,
2015-11-13T16:45:14.666Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,50,M YLOCALIP:2 5,SENDERIP :37391,>,2 50-DSN,
2015-11-13T16:45:14.666Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,51,M YLOCALIP:2 5,SENDERIP :37391,>,2 50-ENHANCE DSTATUSCOD ES,
2015-11-13T16:45:14.666Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,52,M YLOCALIP:2 5,SENDERIP :37391,>,2 50-AUTH NTLM LOGIN,
2015-11-13T16:45:14.666Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,53,M YLOCALIP:2 5,SENDERIP :37391,>,2 50-X-EXPS GSSAPI NTLM,
2015-11-13T16:45:14.666Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,54,M YLOCALIP:2 5,SENDERIP :37391,>,2 50-8BITMIM E,
2015-11-13T16:45:14.666Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,55,M YLOCALIP:2 5,SENDERIP :37391,>,2 50 XRDST,
2015-11-13T16:45:14.838Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,56,M YLOCALIP:2 5,SENDERIP :37391,*,S MTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDom ainSender AcceptRoutingHeaders,Set Session Permissions
2015-11-13T16:45:14.838Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,57,M YLOCALIP:2 5,SENDERIP :37391,<,M AIL FROM:<SENDER EMAIL ADDRESS> SIZE=2654,
2015-11-13T16:45:14.838Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,58,M YLOCALIP:2 5,SENDERIP :37391,*,S MTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDom ainSender AcceptRoutingHeaders,Set Session Permissions
2015-11-13T16:45:14.838Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,59,M YLOCALIP:2 5,SENDERIP :37391,*,0 8D2EBC75AA F7CDF;2015 -11-13T16: 45:13.556Z ;1,receivi ng message
2015-11-13T16:45:14.838Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,60,M YLOCALIP:2 5,SENDERIP :37391,*,S MTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDom ainSender AcceptRoutingHeaders,Set Session Permissions
2015-11-13T16:45:14.838Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,61,M YLOCALIP:2 5,SENDERIP :37391,<,R CPT TO:<RECIPIENT EMAIL ADDRESS>,
2015-11-13T16:45:14.838Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,62,M YLOCALIP:2 5,SENDERIP :37391,<,D ATA,
2015-11-13T16:45:14.838Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,63,M YLOCALIP:2 5,SENDERIP :37391,*,S MTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDom ainSender AcceptRoutingHeaders,Set Session Permissions
2015-11-13T16:45:14.838Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,64,M YLOCALIP:2 5,SENDERIP :37391,>,2 50 2.1.0 Sender OK,
2015-11-13T16:45:14.838Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,65,M YLOCALIP:2 5,SENDERIP :37391,>,2 50 2.1.5 Recipient OK,
2015-11-13T16:45:14.838Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,66,M YLOCALIP:2 5,SENDERIP :37391,>,3 54 Start mail input; end with <CRLF>.<CRLF>,
2015-11-13T16:45:15.463Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,67,M YLOCALIP:2 5,SENDERIP :37391,*,, Proxy destination(s) obtained from OnProxyInboundMessage event
2015-11-13T16:45:15.463Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,68,M YLOCALIP:2 5,SENDERIP :37391,*,, NextHopFqd n property is null or whitespace when creating InboundProxyLayer
2015-11-13T16:45:15.759Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,69,M YLOCALIP:2 5,SENDERIP :37391,>,2 50 2.6.0 <CAL-gAAgDUkDRcvjdR0dJ=kRs nu4VCNGbKy y46cwkwJBg xsPYEA@mai l.gmail.co m> Queued mail for delivery,
2015-11-13T16:45:15.931Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,70,M YLOCALIP:2 5,SENDERIP :37391,<,Q UIT,
2015-11-13T16:45:15.931Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,71,M YLOCALIP:2 5,SENDERIP :37391,*,S MTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDom ainSender AcceptRoutingHeaders,Set Session Permissions
2015-11-13T16:45:15.931Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,72,M YLOCALIP:2 5,SENDERIP :37391,>,2 21 2.0.0 Service closing transmission channel,
2015-11-13T16:45:15.931Z,M AIL\Defaul t Frontend MAIL,08D2EBC75AAF7CDF,73,M YLOCALIP:2 5,SENDERIP :37391,-,, Local
Please help. While I know that this likely isn't directly my fault the ignorant person on marketing is verbally saying I am not doing my job and is threatening to go to the CEO if this isn't resolved soon.
Kaspersky security 9.0 for Microsoft Exchange
Fortinet 600C Firewall
I have a single domain which seems to be unable to deliver mail to us. The mail is rejected with the error 503 5.5.1 Bad Sequence of Commands
All other mail appears to be flowing normally... it is just this one domain which is hosted on Googlemail.
This just started Wednesday and mail was flowing normally before then. I have since whitelisted the domain since then on each the firewall, server and antivirus software. The server has also been rebooted.
Our marketing people are blaming me for this and I have had zero luck resolving the issue.
Verbose logging is enabled on the ReceiveConnector. The text of a conversation is as below (names and IP's changed to protect the innocent).
What am I missing?
EBC75AAF7CDF,47,MYLOCALIP:
2015-11-13T16:45:14.666Z,M
2015-11-13T16:45:14.666Z,M
2015-11-13T16:45:14.666Z,M
2015-11-13T16:45:14.666Z,M
2015-11-13T16:45:14.666Z,M
2015-11-13T16:45:14.666Z,M
2015-11-13T16:45:14.666Z,M
2015-11-13T16:45:14.666Z,M
2015-11-13T16:45:14.838Z,M
2015-11-13T16:45:14.838Z,M
2015-11-13T16:45:14.838Z,M
2015-11-13T16:45:14.838Z,M
2015-11-13T16:45:14.838Z,M
2015-11-13T16:45:14.838Z,M
2015-11-13T16:45:14.838Z,M
2015-11-13T16:45:14.838Z,M
2015-11-13T16:45:14.838Z,M
2015-11-13T16:45:14.838Z,M
2015-11-13T16:45:14.838Z,M
2015-11-13T16:45:15.463Z,M
2015-11-13T16:45:15.463Z,M
2015-11-13T16:45:15.759Z,M
2015-11-13T16:45:15.931Z,M
2015-11-13T16:45:15.931Z,M
2015-11-13T16:45:15.931Z,M
2015-11-13T16:45:15.931Z,M
Please help. While I know that this likely isn't directly my fault the ignorant person on marketing is verbally saying I am not doing my job and is threatening to go to the CEO if this isn't resolved soon.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The sender was listed on numerous DNSBL's which when it hit Kaspersky caused the email to bounce with a poorly defined response. Checking their DNS settings revealed listings on SORBS, Spamhaus listings.
The email did arrive at the connector and was passed onwards only to be rejected for one of several reasons.
Of course, if the person who sent the email would now just believe me that our setup isn't the problem, everyone would be happy. Sigh...
Thanks for your help guys!