One of my clients is having issues with their smtp connector. Several mails from various domains cannot be delivered. When I look in the smtp queue I can see the servers make their connection and everything seems to go well up until the server sends the rcpt to command. After this all communication stops, and ten minutes later there is a timeout. I have tried increasing the timeout but that only makes the connection time out later. The other side gets a message that delivery has been delayed and eventually they get a message saying that the message couldn't be delivered. I have made sure that the FQDN is correct in the welcome message and that the ptr points to the same address as in the FQDN. 2010-03-07 23:10:54 123.123.123.123 senderserver.com SMTPSVC1 SBS-SERVER 192.168.3.253 0 EHLO - +senderserver.com 250 0 316 22 0 SMTP - - - - 2010-03-07 23:10:54 123.123.123.123 senderserver.com SMTPSVC1 SBS-SERVER 192.168.3.253 0 MAIL - +From:<personA@senderdomain.com> 250 0 48 46 0 SMTP - - - - 2010-03-07 23:10:54 123.123.123.123 senderserver.com SMTPSVC1 SBS-SERVER 192.168.3.253 0 RCPT - +To:<personB@internaldomain.com> 250 0 0 43 16 SMTP - - - - 2010-03-07 23:21:45 123.123.123.123 senderserver.com SMTPSVC1 SBS-SERVER 192.168.3.253 0 TIMEOUT - senderserver.com 121 457657025 84 4 650531 SMTP - - - - 2010-03-07 23:21:45 123.123.123.123 senderserver.com SMTPSVC1 SBS-SERVER 192.168.3.253 0 QUIT - senderserver.com 240 650578 84 4 650531 SMTP - - - -

On Wed, 10 Mar 2010 13:43:50 +0000, Gwen Alfa wrote:>One of my clients is having issues with their smtp connector. Several mails from various domains cannot be delivered. When I look in the smtp queue I can see the servers make their connection and everything seems to go well up until the server sends the rcpt to command. After this all communication stops, and ten minutes later there is a timeout. I have tried increasing the timeout but that only makes the connection time out later. The other side gets a message that delivery has been delayed and eventually they get a message saying that the message couldn't be delivered. I have made sure that the FQDN is correct in the welcome message and that the ptr points to the same address as in the FQDN. 2010-03-07 23:10:54 123.123.123.123 senderserver.com SMTPSVC1 SBS-SERVER 192.168.3.253 0 EHLO - +senderserver.com 250 0 316 22 0 SMTP - - - - >2010-03-07 23:10:54 123.123.123.123 senderserver.com SMTPSVC1 SBS-SERVER 192.168.3.253 0 MAIL - +From:<personA@senderdomain.com> 250 0 48 46 0 SMTP - - - - >2010-03-07 23:10:54 123.123.123.123 senderserver.com SMTPSVC1 SBS-SERVER 192.168.3.253 0 RCPT - +To:<personB@internaldomain.com> 250 0 0 43 16 SMTP - - - - >2010-03-07 23:21:45 123.123.123.123 senderserver.com SMTPSVC1 SBS-SERVER 192.168.3.253 0 TIMEOUT - senderserver.com 121 457657025 84 4 650531 SMTP - - - - >2010-03-07 23:21:45 123.123.123.123 senderserver.com SMTPSVC1 SBS-SERVER 192.168.3.253 0 QUIT - senderserver.com 240 650578 84 4 650531 SMTP - - - -Does the sending server ever send the DATA or BDAT command? Do theyget the 250 response your server sent to their RCPT TO command?You're well beyond any FQDN/PTR/DNS stuff at this point. If thishappens only for one sending server then I'd be looking at the sendingside. Firewalls, SMTP proxies, MTU sizes, are all suspect.---Rich MatheisenMCSE+I, Exchange MVP--- Rich Matheisen MCSE+I, Exchange MVP

Is there a way to see which commands are given by my smtp server to the other side?

I have used wireshark to monitor traffic on port 25the server that seems to have trouble getting through sends his message in the following manner:Mail from:emailadres@domain.com SIZE=16124250 2.1.0 emailadres@domain.com....Sender OKRCP To:emailadres@internaldomain.com | DATA250 2.1.5 emailadres@internaldomain.com354 Start mail input; end with <CRLF>.<CRLF>After this the connection is idle until it times out...

On Thu, 11 Mar 2010 15:56:20 +0000, Gwen Alfa wrote:>I have used wireshark to monitor traffic on port 25the server that seems to have trouble getting through sends his message in the following manner:Mail from:emailadres@domain.com SIZE=16124250 2.1.0 emailadres@domain.com....Sender OKRCP To:emailadres@internaldomain.com | DATA250 2.1.5 emailadres@internaldomain.com354 Start mail input; end with <CRLF>.<CRLF>After this the connection is idle until it times out... It's refreshing to see someone actually use the right tools to getmeaningful information, Thanks!The 250 responses don't appear to be from Exchange. Exchange just says"250 2.1.5 Recipient OK". Is there any 3rd-party software on themachine? A spam filter, perhaps?Mail from:emailadres@domain.com SIZE=1612250 2.1.0 emailadres@domain.com....Sender OKRCP To:emailadres@internaldomain.com | DATA250 2.1.5 emailadres@internaldomain.com354 Start mail input; end with <CRLF>.<CRLF>The "RCP To:" looks a bit odd, too. It's missing the "T" in "RCPT".Notice how the DATA command is received before the 250 response to the"RCP To" command is sent? That looks like the sender may be having aproblem with pipelining. Perhaps they never see the 354 status? Thatwould account for your not seeing any data!Ask the sending domain to try using SMTP instead of ESMTP when thesend to your domain. If it's a pipelining problem you should get themessage. Then you can figure out if it's them or something other thanExchange that's the problem.---Rich MatheisenMCSE+I, Exchange MVP--- Rich Matheisen MCSE+I, Exchange MVP

On Thu, 11 Mar 2010 15:56:20 +0000, Gwen Alfa wrote:>I have used wireshark to monitor traffic on port 25the server that seems to have trouble getting through sends his message in the following manner:Mail from:emailadres@domain.com SIZE=16124250 2.1.0 emailadres@domain.com....Sender OKRCP To:emailadres@internaldomain.com | DATA250 2.1.5 emailadres@internaldomain.com354 Start mail input; end with <CRLF>.<CRLF>After this the connection is idle until it times out... ---Rich MatheisenMCSE+I, Exchange MVP--- Rich Matheisen MCSE+I, Exchange MVP

There is indeed 3rd party software on the server (symantec brightmail). However I did disable all brightmail services and restarted the smtp service. And the same problem still occurs.Could it be that the cisco firewall is causing problems? Is there a form of compatibilty mode for the smtp connector?the missing T was a type error on my account :$I am also puzzeled by the | data after the RPCT TO, is this even allowed?

On Tue, 16 Mar 2010 07:49:25 +0000, Gwen Alfa wrote:>There is indeed 3rd party software on the server (symantec brightmail). However I did disable all brightmail services and restarted the smtp service. And the same problem still occurs.Could it be that the cisco firewall is causing problems? Could it be? Sure. *Is* it the problem? I don't know.>Is there a form of compatibilty mode for the smtp connector?If it is a problem with pipelining you can turn that off easilyenough. Use the set-receiveconnector cmdlet with "-piplining:$false"as a troubleshooting step. If the problem goes away you can just leaveit alone -- or you can tell the other guy to send HELO instead of EHLOand they'll never use any of the SMTP extentions.>the missing T was a type error on my account :$It happens.>I am also puzzeled by the | data after the RPCT TO, is this even allowed? I'd have to go look at the RFC but, in general, pipelining allows thesender to send lots of commands and then wait for the responses. Itshortens the time it takes to get through that send-ack-send-ack formof communicating. Unfortunately, not everyone does it well.---Rich MatheisenMCSE+I, Exchange MVP--- Rich Matheisen MCSE+I, Exchange MVP

On Tue, 16 Mar 2010 07:49:25 +0000, Gwen Alfa wrote:>There is indeed 3rd party software on the server (symantec brightmail). However I did disable all brightmail services and restarted the smtp service. And the same problem still occurs.Could it be that the cisco firewall is causing problems? Could it be? Sure. *Is* it the problem? I don't know.>Is there a form of compatibilty mode for the smtp connector?If it is a problem with pipelining you can turn that off easilyenough. Use the set-receiveconnector cmdlet with "-piplining:$false"as a troubleshooting step. If the problem goes away you can just leaveit alone -- or you can tell the other guy to send HELO instead of EHLOand they'll never use any of the SMTP extentions.>the missing T was a type error on my account :$It happens.>I am also puzzeled by the | data after the RPCT TO, is this even allowed? I'd have to go look at the RFC but, in general, pipelining allows thesender to send lots of commands and then wait for the responses. Itshortens the time it takes to get through that send-ack-send-ack formof communicating. Unfortunately, not everyone does it well.---Rich MatheisenMCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP The client is using a exchange 2003 server. Can pipelining be turned off on that?

On Thu, 18 Mar 2010 08:01:52 +0000, Gwen Alfa wrote:>On Tue, 16 Mar 2010 07:49:25 +0000, Gwen Alfa wrote:>There is indeed 3rd party software on the server (symantec brightmail). However I did disable all brightmail services and restarted the smtp service. And the same problem still occurs.Could it be that the cisco firewall is causing problems? Could it be? Sure. *Is* it the problem? I don't know.>Is there a form of compatibilty mode for the smtp connector?If it is a problem with pipelining you can turn that off easilyenough. Use the set-receiveconnector cmdlet with "-piplining:$false"as a troubleshooting step. If the problem goes away you can just leaveit alone -- or you can tell the other guy to send HELO instead of EHLOand they'll never use any of the SMTP extentions.>the missing T was a type error on my account :$It happens.>I am also puzzeled by the | data after the RPCT TO, is this even allowed? I'd have to go look at the RFC but, in general, pipelining allows thesender to send lots of commands and then wait for the responses.>Itshortens the time it takes to get through that send-ack-send-ack formof communicating. Unfortunately, not everyone does it well.---Rich MatheisenMCSE+I, Exchange MVP >--- Rich Matheisen MCSE+I, Exchange MVPThe client is using a exchange 2003 server. Can pipelining be turned off on that? You don't want to turn it off on THEIR machine, you want to stopadvertising the keyword on YOUR machine. If they don't see the"250-PIPELINING" in the set of ESMTP keywords they won't use it.Alternatively, THEY can create a SMTP Connector specifically for YOURdomain and configure it to send HELO instead of EHLO. This way theywon't use ANY ESMTP features.---Rich MatheisenMCSE+I, Exchange MVP--- Rich Matheisen MCSE+I, Exchange MVP