Solved

Email sent from domain 2 to domain 1 are never received

Posted on 2016-08-07
42
17 Views
Last Modified: 2016-10-09
Hi Friends,

I am having a very weird scenario in my environment. I have an exchange server 2010 in my premises sitting behind symantec mail security for exchange which again sits behind a firewall named cyberoam (sophos). consider this as domain1.

The second domain (domain2) is hosted with microsoft online exchange (Office365), and has a perfect mail flow as domain1.

Issue: domain1 is unable to receieve emails from domain2 only, where as it is able to send/recieve to all other domains.

domain2 can also send/receive emails from anyone but when an email is sent to domain1, it is not received by domain1.

the weired part is, domain2 receives a successful delivery notification of the mail being delivered. but there is no sign of the email at domain 1

all users of domain1 cannot see or receive any emails from all the users of domain2.

the exchange queue of domain 1 is empty, cyberoam is also not blocking any mails from that domain2, quarantine area is empty and same goes with symantec mail security for exchange.

In short, the mail which is being sent by domain2 to domain1 is lost somewhere even before it reaches the server of domain1.

Troubleshooting everything, but no success, i dont know if anyone else has also gone through the same thing, but are there any suggestions guys?

Thanks
0
Comment
Question by:Member_2_7970673
  • 21
  • 18
  • 2
42 Comments
 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41746115
maybe I would tell that symantec mail security is silently dropping the emails... any entries in the symantec log that could give us any clue?
0
 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41746119
I don't use 365 but in my corporate gmail, I have a message search feature to locate activity of the send/received messages with IP filtering too.

Try to find this feature in 365 service.

Example:
ee-email-delivery-details.png
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 41746154
the known facts of the issue lead to a speculation of something wrong on the Internet facing side of Domain 1 and its Exchange server including its DNS records on the Internet and forefront mail-filtering services.

1. did you conduct a DNS health check online?

2. did you try skip or temporarily remove those forefront services to confirm the issue has nothing to the services?
0
 

Author Comment

by:Member_2_7970673
ID: 41746164
No folks.. I checked everything from top to bottom. I opened a ticket with ISP, hosting panel, Firewall support team & with Microsoft O365 support as well.

No one has any answers, all of them say only one thing, "everything is fine at our end"

both the domains can send and receive emails from anyone and any domain, only domain 1 is not able to receive mails from domain 2, where as domain 2 is getting a delivery receipt that it has delivered the message at the respective mailbox.

Things are weird. I am also attaching some screens.domain 2 added to whitelist and excluded from filtering at symantec mail security for exchange.mail sent from domain 2 to domain 1delivery notification for the sameFirewall (cyberoam)  logs .. no trace of domain 2
0
 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41746171
I would change the whitelist with just a complete email, no wildcards.  And the domain without @.  And restart the Symantec services every test.

Stop the symantec as well.

Maybe you tried these things.  I'm sure you tried a lot of things.

From your screenshot with sym logs, we can't see the hour of the activity of the test to s.shah@xxxx... it starts at 12.28 and the email is 11.20
0
 

Author Comment

by:Member_2_7970673
ID: 41746174
Actually I did that the way it is mentioned in the example of Symantec dialogue box. tried to stop the services & start the services as well.

Its not an issue between a mail address to another, infact, none of the users form domain1 are abe to receive the emails from the users of domain 2.

If you want a clear picture then, i can give you a remote session to take a sneak peak.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 41746176
obviously something is wrong hence you can't simply rely on the vendors' the (probably false) positive feedback and troubleshot the remaining (actually nothing remaining now hehe).

again, did you do an external DNS health check YOURSELF? and did you simply skip or bypass the forefront services (just for test not to permanently remove)?

FYI - DNS Health Check
http://dnscheck.pingdom.com/
0
 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41746177
I can see that DROP, is one of the possible actions of symantec, and it is exactly what is happening... it is not being REJECTED according to 365 report, it's being dropped.

The weird thing is that you can't see this activity in symantec.  However, I suspect it is related to symantec.
0
 

Author Comment

by:Member_2_7970673
ID: 41746183
DNS health check for domain 2DNS health check for domain 1
DNS health check results are perfectly fine, no errors, no issues.
0
 

Author Comment

by:Member_2_7970673
ID: 41746184
Secondly, If my message is being dropped by Symantec, then how am i getting a successful delivery notification at domain 2 ?
0
 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41746195
It is only a supposition, it is received so a 250 OK is given to Office365 but it is inspected by Symantec and dropped internally.  However I'm pretty sure that is should be reflected on Sym logs.

I have checked your DNS too and I don't see any problem... just a duplicate reverse-dns of the MX server that returns mail.b... and web.b.. however I don't think it is the problem.  If you can, remove the mail.bu.... and let the web.b.... which is the MX according to your DNS domain.
0
 

Author Comment

by:Member_2_7970673
ID: 41746199
will do that right away . i will remove the record of mail.bu.....
0
 

Author Comment

by:Member_2_7970673
ID: 41746725
The record of mail.b....... has been removed, still no luck. Now going for the demotion of Symantec mail security for exchange. lets see..
0
 

Author Comment

by:Member_2_7970673
ID: 41746737
Uninstalling Symantec
0
 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41746742
stopping the service should be enough...  let's see
0
 

Author Comment

by:Member_2_7970673
ID: 41746743
Successfully removed Symantec but guess what, no effect. My main firewall isn't showing any records of being spam, drop or rejected. Now there is no Symantec in the film.
0
 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41746801
o_O

Can I send and email from my outlook service to that email address?; s.shah@b....
0
 

Author Comment

by:Member_2_7970673
ID: 41746802
sure.. why not..
0
 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41746805
postmaster@mail.hotmail.com
Hoy 10:28 s.shah@b.............m.sa
Para volver a enviar este mensaje, haga clic aquí.
This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

       s.shah@b..........m.sa
0
 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41746810
forget it... incorrect email
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 

Author Comment

by:Member_2_7970673
ID: 41746816
I received it and replied back.. did u get it?
0
 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41746817
Got it bro.
 
Thank you,
 
Regards,
0
 

Author Comment

by:Member_2_7970673
ID: 41746827
What's next? Completely lost.
0
 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41746839
We should see if 365 connects or not to domain1 infraestructure.  You should filter connections in the firewall and make some tests from 365 and assert that 365 is trying to deliver the email.
0
 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41746844
for example, you should see in the firewall my connections from my office;

telnet web.b.........m.sa 25
Trying 78.xx.xx.xx...
Connected to web.b.........m.sa.
Escape character is '^]'.
220 B..........HSRV.b......n.corp Microsoft ESMTP MAIL Service ready at Mon, 8 Aug 2016 12:03:57 +0300
0
 

Author Comment

by:Member_2_7970673
ID: 41747011
Message traace report
0
 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41747108
Spam folder?.  At the domain1 side?, or 365 side?.
0
 

Author Comment

by:Member_2_7970673
ID: 41747133
none.
0
 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41747150
I'd try to detect the conections from 365 to domain1 infraestructure firewall.  I doubt that 365 is delivering the emails to domain1.  After that we should assert that the email is being delivered to the exchange server (and being eaten XD), but step by step, the next is to detect the 365 connections, port and protocol.
0
 

Author Comment

by:Member_2_7970673
ID: 41747251
any hint ?
0
 
LVL 5

Assisted Solution

by:Manuel Flores
Manuel Flores earned 498 total points
ID: 41747265
Very close to solve it!!... as I can see, you have a valid MX.  It seems that 365 can't resolve it?.  Better ask them.
0
 
LVL 5

Assisted Solution

by:Manuel Flores
Manuel Flores earned 498 total points
ID: 41747267
that server is your exchange server?... mmmm... of course 365 cannot resolve that name.
0
 
LVL 5

Assisted Solution

by:Manuel Flores
Manuel Flores earned 498 total points
ID: 41747275
However, I don't understand what DB5PR07.......  is.  You server is; BN.......SRV.bu.....a   isn't it?
0
 

Author Comment

by:Member_2_7970673
ID: 41747305
yes exactly.. i have no idea of what DB5PR07... is
0
 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41747322
It is a office365 server;

Server names
0
 

Author Comment

by:Member_2_7970673
ID: 41747333
It means time to catch the neck of Microsoft Office 365 support team, for which i have already opened a ticket right now.
0
 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41747341
yes... that is.  Let's see.
0
 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41750675
Any answer?
0
 

Accepted Solution

by:
Member_2_7970673 earned 2 total points
ID: 41751578
Yeah, yesterday I had a conversation with O365 support team for approximately. They took the remote session and looked forward in the issue. And finally it was proved that the issue was from their side. Their servers were dumping mails to their own servers. Now the issue has been resolved and the mail flow is back to normal.

Thanks for all the support guys. But this was a new experience for all of us i believe :)delivery report for the same
0
 
LVL 5

Expert Comment

by:Manuel Flores
ID: 41751983
Great!!... al last!.   See you.
0
 

Author Comment

by:Member_2_7970673
ID: 41752049
Thanks Manuel..
0

Featured Post

Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now