Strange SMTP Behavior

TheMSsForum.com: The Microsoft Software Forum

Hello,

Our Exchange Server suddenly stopped receiving emails from a particular
email address. This address is not filtered in any way on our server.
Additionally, I can actually see that server connecting to ours in the SMTP
Current Sessions but no mail acutally gets delivered. I turned on logging
to see if I could see what was happening and the results, for that domain,
are below:
17:14:10 64.94.119.18 HELO - 250
17:14:10 64.94.119.18 HELO - 250
17:16:44 64.94.119.18 QUIT - 0
17:16:44 64.94.119.18 QUIT - 0


Additionally, any email we send to earthlink takes a long time to get there
and when it does arrive it tends to be delivered anywhere from 3 - 12 times.

I have ensured that Relaying is not enabled. I have also made sure that the
SMTP is configured so that only the "list below" can relay and there is
nothing in the list below and the checkbox to allow authenticated people to
relay regarless of this is unchecked, i.e. if you are not on the list you
cannot relay regardless of if you can authenticate.

I am at a loss to resolve either of these problems.

Hoping someone can help.

Thanks
Paddy.

p.s here is an output of netstat -an : find ":25"

TCP 0.0.0.0:25 0.0.0.0:0 LISTENING
TCP 10.0.0.100:25 64.94.119.17:3101 ESTABLISHED
TCP 10.0.0.100:25 64.94.119.18:2621 ESTABLISHED
TCP 10.0.0.100:25 64.94.119.18:2622 ESTABLISHED
TCP 10.0.0.100:25 64.94.119.18:2626 ESTABLISHED
TCP 10.0.0.100:25 65.65.198.73:2482 ESTABLISHED
TCP 10.0.0.100:25 65.65.198.73:2602 ESTABLISHED
TCP 10.0.0.100:25 65.65.198.73:2822 ESTABLISHED
TCP 10.0.0.100:25 65.65.198.73:2921 ESTABLISHED
TCP 10.0.0.100:25 203.7.198.1:56991 ESTABLISHED
TCP 10.0.0.100:18887 149.174.40.140:25 ESTABLISHED
TCP 10.0.0.100:18925 207.217.120.23:25 ESTABLISHED
TCP 10.0.0.100:18996 207.136.229.14:25 TIME_WAIT
UDP 127.0.0.1:2567 *:*
UDP 127.0.0.1:2568 *:*
UDP 10.0.0.100:2535 *:*
Top

Re: Strange SMTP Behavior by Damian

Damian
Sat Oct 25 09:26:31 CDT 2003

Hi,

Change the log format for the SMTP VS to IIS, it may yield more information.

It looks like they are never getting your +220 back after they send the
HELO, even though you are sending it out (according to the log), or your
server never gets the MAIL FROM from the remote end. It could mean a number
of things, a blackhole router causing problems with fragmentation (MTU size)
might be one.
A netmon capture of the incoming connection attempt would be very useful
also. If we could get a concurrent netmon on both ends at the same time,
then we would have an answer to what is going on.

It does seem like there are several incoming connections to your smtp
server, take a quick look at the queues under the SMTP VS, do they look
reasonable for your environment (in regards to numbers), also check your
\exchsrvr\mailroot\vsi1\badmail folder, how big is it?

In regards to the Earthlink situation, a netmon and SMTP log of the server
sending out those emails will help understand. My first impression is that
we send the email successfully, but never get the confirmation from the
Earthlink server, even though they are sending it back to you.

Some additional information:
159211 Diagnoses and Treatment of Black Hole Routers
http://support.microsoft.com/?id=159211

314825 How to Troubleshoot Black Hole Router Issues
http://support.microsoft.com/?id=314825



Regards,
Damian

--
Damian N. Leibaschoff, MS IST, MCSE
Microsoft Corporation

Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via

your newsreader so that others may learn and benefit

from your issue.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
"Paddy Ryan" <paddy@fpmt.org> wrote in message
news:uYFl6slmDHA.2200@TK2MSFTNGP12.phx.gbl...
> Hello,
>
> Our Exchange Server suddenly stopped receiving emails from a particular
> email address. This address is not filtered in any way on our server.
> Additionally, I can actually see that server connecting to ours in the
SMTP
> Current Sessions but no mail acutally gets delivered. I turned on logging
> to see if I could see what was happening and the results, for that domain,
> are below:
> 17:14:10 64.94.119.18 HELO - 250
> 17:14:10 64.94.119.18 HELO - 250
> 17:16:44 64.94.119.18 QUIT - 0
> 17:16:44 64.94.119.18 QUIT - 0
>
>
> Additionally, any email we send to earthlink takes a long time to get
there
> and when it does arrive it tends to be delivered anywhere from 3 - 12
times.
>
> I have ensured that Relaying is not enabled. I have also made sure that
the
> SMTP is configured so that only the "list below" can relay and there is
> nothing in the list below and the checkbox to allow authenticated people
to
> relay regarless of this is unchecked, i.e. if you are not on the list you
> cannot relay regardless of if you can authenticate.
>
> I am at a loss to resolve either of these problems.
>
> Hoping someone can help.
>
> Thanks
> Paddy.
>
> p.s here is an output of netstat -an : find ":25"
>
> TCP 0.0.0.0:25 0.0.0.0:0 LISTENING
> TCP 10.0.0.100:25 64.94.119.17:3101 ESTABLISHED
> TCP 10.0.0.100:25 64.94.119.18:2621 ESTABLISHED
> TCP 10.0.0.100:25 64.94.119.18:2622 ESTABLISHED
> TCP 10.0.0.100:25 64.94.119.18:2626 ESTABLISHED
> TCP 10.0.0.100:25 65.65.198.73:2482 ESTABLISHED
> TCP 10.0.0.100:25 65.65.198.73:2602 ESTABLISHED
> TCP 10.0.0.100:25 65.65.198.73:2822 ESTABLISHED
> TCP 10.0.0.100:25 65.65.198.73:2921 ESTABLISHED
> TCP 10.0.0.100:25 203.7.198.1:56991 ESTABLISHED
> TCP 10.0.0.100:18887 149.174.40.140:25 ESTABLISHED
> TCP 10.0.0.100:18925 207.217.120.23:25 ESTABLISHED
> TCP 10.0.0.100:18996 207.136.229.14:25 TIME_WAIT
> UDP 127.0.0.1:2567 *:*
> UDP 127.0.0.1:2568 *:*
> UDP 10.0.0.100:2535 *:*
>
>


Top