Hi People, I have strange problem with my Exchange 2007 server. The problem is we can't recieve mail from some domains and i can't find the reason for it! The Exchange server is installed on a dc with Hub Transport, Client Access and Mailbox roles.The anti-spam features is installed also. I change the Default Recieve Connector to allow Anonymous connections and after the mx records created mails start to come to mailboxes. In addition we have a Juniper SSG 550 firewall includes Antispam and antivirus protection. I don't think its about the SSG because there is a qmail server behind it and just working fine with that. Thereare some examples of Smtp recieve logs from Exchange 2007 transport agent, as you can see first one has the problem and there is lots of domains that have the same problem, even the hotmail.com! 2007-08-04T00:01:42.881Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111221C,0,82.xxx.xxx.xxx:25,83.zzz.zzz.zzz:49852,+,, 2007-08-04T00:01:42.881Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111221C,1,82.xxx.xxx.xxx:25,83.zzz.zzz.zzz:49852,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions 2007-08-04T00:01:42.881Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111221C,2,82.xxx.xxx.xxx:25,83.zzz.zzz.zzz:49852,>,"220 exchange2007.xxx.net Microsoft ESMTP MAIL Service ready at Sat, 4 Aug 2007 03:01:42 +0300", 2007-08-04T00:01:43.146Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111221C,3,82.xxx.xxx.xxx:25,83.zzz.zzz.zzz:49852,<,EHLO smtp2.zzz.net, 2007-08-04T00:01:43.146Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111221C,4,82.xxx.xxx.xxx:25,83.zzz.zzz.zzz:49852,>,250-exchange2007.xxx.net Hello [83.zzz.zzz.zzz], 2007-08-04T00:01:43.146Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111221C,5,82.xxx.xxx.xxx:25,83.zzz.zzz.zzz:49852,>,250-SIZE 10485760, 2007-08-04T00:01:43.146Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111221C,6,82.xxx.xxx.xxx:25,83.zzz.zzz.zzz:49852,>,250-PIPELINING, 2007-08-04T00:01:43.146Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111221C,7,82.xxx.xxx.xxx:25,83.zzz.zzz.zzz:49852,>,250-DSN, 2007-08-04T00:01:43.146Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111221C,8,82.xxx.xxx.xxx:25,83.zzz.zzz.zzz:49852,>,250-ENHANCEDSTATUSCODES, 2007-08-04T00:01:43.146Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111221C,9,82.xxx.xxx.xxx:25,83.zzz.zzz.zzz:49852,>,250-STARTTLS, 2007-08-04T00:01:43.146Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111221C,10,82.xxx.xxx.xxx:25,83.zzz.zzz.zzz:49852,>,250-AUTH LOGIN, 2007-08-04T00:01:43.146Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111221C,11,82.xxx.xxx.xxx:25,83.zzz.zzz.zzz:49852,>,250-8BITMIME, 2007-08-04T00:01:43.146Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111221C,12,82.xxx.xxx.xxx:25,83.zzz.zzz.zzz:49852,>,250-BINARYMIME, 2007-08-04T00:01:43.146Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111221C,13,82.xxx.xxx.xxx:25,83.zzz.zzz.zzz:49852,>,250 CHUNKING, 2007-08-04T00:01:43.162Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111221C,14,82.xxx.xxx.xxx:25,83.zzz.zzz.zzz:49852,<,MAIL FROM:<mail@zzz.net> SIZE=28309, 2007-08-04T00:01:43.162Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111221C,15,82.xxx.xxx.xxx:25,83.zzz.zzz.zzz:49852,*,08C9A3583111221C;2007-08-04T00:01:42.881Z;1,receiving message 2007-08-04T00:01:43.162Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111221C,16,82.xxx.xxx.xxx:25,83.zzz.zzz.zzz:49852,>,250 2.1.0 Sender OK, 2007-08-04T00:01:43.162Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111221C,17,82.xxx.xxx.xxx:25,83.zzz.zzz.zzz:49852,<,RCPT TO:<abc@xxx.com>, 2007-08-04T00:01:43.162Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111221C,18,82.xxx.xxx.xxx:25,83.zzz.zzz.zzz:49852,>,250 2.1.5 Recipient OK, 2007-08-04T00:01:43.162Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111221C,19,82.xxx.xxx.xxx:25,83.zzz.zzz.zzz:49852,-,,Remote 2007-08-04T00:14:26.616Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,0,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,+,, 2007-08-04T00:14:26.616Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,1,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions 2007-08-04T00:14:26.616Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,2,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,>,"220 exchange2007.xxx.net Microsoft ESMTP MAIL Service ready at Sat, 4 Aug 2007 03:14:26 +0300", 2007-08-04T00:14:27.288Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,3,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,<,EHLO yyy.org, 2007-08-04T00:14:27.288Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,4,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,>,250-exchange2007.xxx.net Hello [208.yyy.yyy.yyy], 2007-08-04T00:14:27.288Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,5,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,>,250-SIZE 10485760, 2007-08-04T00:14:27.288Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,6,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,>,250-PIPELINING, 2007-08-04T00:14:27.288Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,7,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,>,250-DSN, 2007-08-04T00:14:27.288Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,8,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,>,250-ENHANCEDSTATUSCODES, 2007-08-04T00:14:27.288Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,9,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,>,250-STARTTLS, 2007-08-04T00:14:27.288Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,10,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,>,250-AUTH LOGIN, 2007-08-04T00:14:27.288Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,11,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,>,250-8BITMIME, 2007-08-04T00:14:27.288Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,12,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,>,250-BINARYMIME, 2007-08-04T00:14:27.288Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,13,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,>,250 CHUNKING, 2007-08-04T00:14:27.444Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,14,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,<,MAIL FROM:<mail@yyy.com> SIZE=59619, 2007-08-04T00:14:27.444Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,15,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,*,08C9A3583111225D;2007-08-04T00:14:26.616Z;1,receiving message 2007-08-04T00:14:27.444Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,16,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,>,250 2.1.0 Sender OK, 2007-08-04T00:14:27.444Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,17,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,<,RCPT TO:<abc@xxx.com> , 2007-08-04T00:14:27.444Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,18,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,>,250 2.1.5 Recipient OK, 2007-08-04T00:14:27.444Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,19,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,<,DATA, 2007-08-04T00:14:27.444Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,20,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,>,354 Start mail input; end with <CRLF>.<CRLF>, 2007-08-04T00:14:28.647Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,21,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,>,250 2.6.0 <0ba201c7d61d$442a5890$cc7f09b0$@com> Queued mail for delivery, 2007-08-04T00:14:28.647Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,22,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,<,QUIT, 2007-08-04T00:14:28.647Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,23,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,>,221 2.0.0 Service closing transmission channel, 2007-08-04T00:14:28.647Z,EXCHANGE2007\Default EXCHANGE2007,08C9A3583111225D,24,82.xxx.xxx.xxx:25,208.yyy.yyy.yyy:47811,-,,Local Why that's ends up with Remote, do you have any guess? Thanks.

Maybe it is just me, but I did not see any SMTP errors in this log. I'm not really sure what the "remote" response means. The "-" in the column before Remote means that the connection has been closed, so I would suspect it was the remote system closed the connection. This does not appear to be a timeout issue since the previous command was just received. Since the Juniper is handling antispam and anti-virus functions, I'd be willing to bet that it is interferring with the traffic flow. Are the domains you can't accept mail from on an RBL? Are they big organizations or small ones?

Yes that's the strange part, there is no errors, just closed connections. I also inspect the tcp smtp packets but there is nothing either. The domains that i can't recieve mail from are big organizations and now from the hotmail.com. RBL isn't an issue and i'm sure that the problem is in our exchange server or firewall. I will try to disable junipers antispam and antivirus features for exchange rule.Thanks foryour suggestions. I forgot to tell you something, the exchange ison a VMware ESX Server with other 10 virtual servers,accuallty it's a virtual server .Any ideaswould be appreciate.