Email sent from domain 2 to domain 1 are never received

Hi Friends,

I am having a very weird scenario in my environment. I have an exchange server 2010 in my premises sitting behind symantec mail security for exchange which again sits behind a firewall named cyberoam (sophos). consider this as domain1.

The second domain (domain2) is hosted with microsoft online exchange (Office365), and has a perfect mail flow as domain1.

Issue: domain1 is unable to receieve emails from domain2 only, where as it is able to send/recieve to all other domains.

domain2 can also send/receive emails from anyone but when an email is sent to domain1, it is not received by domain1.

the weired part is, domain2 receives a successful delivery notification of the mail being delivered. but there is no sign of the email at domain 1

all users of domain1 cannot see or receive any emails from all the users of domain2.

the exchange queue of domain 1 is empty, cyberoam is also not blocking any mails from that domain2, quarantine area is empty and same goes with symantec mail security for exchange.

In short, the mail which is being sent by domain2 to domain1 is lost somewhere even before it reaches the server of domain1.

Troubleshooting everything, but no success, i dont know if anyone else has also gone through the same thing, but are there any suggestions guys?

Thanks
Member_2_7970673Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Member_2_7970673Connect With a Mentor Author Commented:
Yeah, yesterday I had a conversation with O365 support team for approximately. They took the remote session and looked forward in the issue. And finally it was proved that the issue was from their side. Their servers were dumping mails to their own servers. Now the issue has been resolved and the mail flow is back to normal.

Thanks for all the support guys. But this was a new experience for all of us i believe :)delivery report for the same
0
 
Manuel FloresCommented:
maybe I would tell that symantec mail security is silently dropping the emails... any entries in the symantec log that could give us any clue?
0
 
Manuel FloresCommented:
I don't use 365 but in my corporate gmail, I have a message search feature to locate activity of the send/received messages with IP filtering too.

Try to find this feature in 365 service.

Example:
ee-email-delivery-details.png
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
bbaoIT ConsultantCommented:
the known facts of the issue lead to a speculation of something wrong on the Internet facing side of Domain 1 and its Exchange server including its DNS records on the Internet and forefront mail-filtering services.

1. did you conduct a DNS health check online?

2. did you try skip or temporarily remove those forefront services to confirm the issue has nothing to the services?
0
 
Member_2_7970673Author Commented:
No folks.. I checked everything from top to bottom. I opened a ticket with ISP, hosting panel, Firewall support team & with Microsoft O365 support as well.

No one has any answers, all of them say only one thing, "everything is fine at our end"

both the domains can send and receive emails from anyone and any domain, only domain 1 is not able to receive mails from domain 2, where as domain 2 is getting a delivery receipt that it has delivered the message at the respective mailbox.

Things are weird. I am also attaching some screens.domain 2 added to whitelist and excluded from filtering at symantec mail security for exchange.mail sent from domain 2 to domain 1delivery notification for the sameFirewall (cyberoam)  logs .. no trace of domain 2
0
 
Manuel FloresCommented:
I would change the whitelist with just a complete email, no wildcards.  And the domain without @.  And restart the Symantec services every test.

Stop the symantec as well.

Maybe you tried these things.  I'm sure you tried a lot of things.

From your screenshot with sym logs, we can't see the hour of the activity of the test to s.shah@xxxx... it starts at 12.28 and the email is 11.20
0
 
Member_2_7970673Author Commented:
Actually I did that the way it is mentioned in the example of Symantec dialogue box. tried to stop the services & start the services as well.

Its not an issue between a mail address to another, infact, none of the users form domain1 are abe to receive the emails from the users of domain 2.

If you want a clear picture then, i can give you a remote session to take a sneak peak.
0
 
bbaoIT ConsultantCommented:
obviously something is wrong hence you can't simply rely on the vendors' the (probably false) positive feedback and troubleshot the remaining (actually nothing remaining now hehe).

again, did you do an external DNS health check YOURSELF? and did you simply skip or bypass the forefront services (just for test not to permanently remove)?

FYI - DNS Health Check
http://dnscheck.pingdom.com/
0
 
Manuel FloresCommented:
I can see that DROP, is one of the possible actions of symantec, and it is exactly what is happening... it is not being REJECTED according to 365 report, it's being dropped.

The weird thing is that you can't see this activity in symantec.  However, I suspect it is related to symantec.
0
 
Member_2_7970673Author Commented:
DNS health check for domain 2DNS health check for domain 1
DNS health check results are perfectly fine, no errors, no issues.
0
 
Member_2_7970673Author Commented:
Secondly, If my message is being dropped by Symantec, then how am i getting a successful delivery notification at domain 2 ?
0
 
Manuel FloresCommented:
It is only a supposition, it is received so a 250 OK is given to Office365 but it is inspected by Symantec and dropped internally.  However I'm pretty sure that is should be reflected on Sym logs.

I have checked your DNS too and I don't see any problem... just a duplicate reverse-dns of the MX server that returns mail.b... and web.b.. however I don't think it is the problem.  If you can, remove the mail.bu.... and let the web.b.... which is the MX according to your DNS domain.
0
 
Member_2_7970673Author Commented:
will do that right away . i will remove the record of mail.bu.....
0
 
Member_2_7970673Author Commented:
The record of mail.b....... has been removed, still no luck. Now going for the demotion of Symantec mail security for exchange. lets see..
0
 
Member_2_7970673Author Commented:
Uninstalling Symantec
0
 
Manuel FloresCommented:
stopping the service should be enough...  let's see
0
 
Member_2_7970673Author Commented:
Successfully removed Symantec but guess what, no effect. My main firewall isn't showing any records of being spam, drop or rejected. Now there is no Symantec in the film.
0
 
Manuel FloresCommented:
o_O

Can I send and email from my outlook service to that email address?; s.shah@b....
0
 
Member_2_7970673Author Commented:
sure.. why not..
0
 
Manuel FloresCommented:
postmaster@mail.hotmail.com
Hoy 10:28 s.shah@b.............m.sa
Para volver a enviar este mensaje, haga clic aquĆ­.
This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

       s.shah@b..........m.sa
0
 
Manuel FloresCommented:
forget it... incorrect email
0
 
Member_2_7970673Author Commented:
I received it and replied back.. did u get it?
0
 
Manuel FloresCommented:
Got it bro.
 
Thank you,
 
Regards,
0
 
Member_2_7970673Author Commented:
What's next? Completely lost.
0
 
Manuel FloresCommented:
We should see if 365 connects or not to domain1 infraestructure.  You should filter connections in the firewall and make some tests from 365 and assert that 365 is trying to deliver the email.
0
 
Manuel FloresCommented:
for example, you should see in the firewall my connections from my office;

telnet web.b.........m.sa 25
Trying 78.xx.xx.xx...
Connected to web.b.........m.sa.
Escape character is '^]'.
220 B..........HSRV.b......n.corp Microsoft ESMTP MAIL Service ready at Mon, 8 Aug 2016 12:03:57 +0300
0
 
Member_2_7970673Author Commented:
Message traace report
0
 
Manuel FloresCommented:
Spam folder?.  At the domain1 side?, or 365 side?.
0
 
Member_2_7970673Author Commented:
none.
0
 
Manuel FloresCommented:
I'd try to detect the conections from 365 to domain1 infraestructure firewall.  I doubt that 365 is delivering the emails to domain1.  After that we should assert that the email is being delivered to the exchange server (and being eaten XD), but step by step, the next is to detect the 365 connections, port and protocol.
0
 
Member_2_7970673Author Commented:
any hint ?
0
 
Manuel FloresConnect With a Mentor Commented:
Very close to solve it!!... as I can see, you have a valid MX.  It seems that 365 can't resolve it?.  Better ask them.
0
 
Manuel FloresConnect With a Mentor Commented:
that server is your exchange server?... mmmm... of course 365 cannot resolve that name.
0
 
Manuel FloresConnect With a Mentor Commented:
However, I don't understand what DB5PR07.......  is.  You server is; BN.......SRV.bu.....a   isn't it?
0
 
Member_2_7970673Author Commented:
yes exactly.. i have no idea of what DB5PR07... is
0
 
Manuel FloresCommented:
It is a office365 server;

Server names
0
 
Member_2_7970673Author Commented:
It means time to catch the neck of Microsoft Office 365 support team, for which i have already opened a ticket right now.
0
 
Manuel FloresCommented:
yes... that is.  Let's see.
0
 
Manuel FloresCommented:
Any answer?
0
 
Manuel FloresCommented:
Great!!... al last!.   See you.
0
 
Member_2_7970673Author Commented:
Thanks Manuel..
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.