Exchange 2003

ddubois89 said:
Also, I understand where you are coming from with dropping everything for them, unfortunately because the users are not making it a huge deal, I get rank pulled on me by my supervisor and the owner to focus on other things. It usually comes down to if its a pain to them its a pain to us, if its not a huge pain for them then its not a huge pain for us. We take priority of jobs from the poc we use at the customer. Office Politics......:rolleyes:
Click to expand...

Ah gotcha....well, if that's the case...do as your boss says.
 
ddubois89 said:
No on-server enabled spam folder. It looks extremely basic.

The only pattern I see is all the users can send email to everyone. Only certain clients of the law firm can not email back. There are only three emails I know for sure this happens to, two of them are Comcast domains and one is in France.
Click to expand...

If you don't know where to find wether IMF was turned on or not...look here at this link.

http://www.petri.co.il/block_spam_with_exchange2003_imf.htm

I'm still not clear on the exact symptoms....and perhaps they're mis communicating to you too. But lets see if I have it somewhat correct..

*Interoffice mail works fine...well, that's often the case, setting up Exchange it's pretty hard to dork up internal e-mail.
*All users of the law firm can send e-mail out fine? And intended recipients do indeed end up receiving these outbound e-mails just fine?
*All users of the law firm are receiving e-mails from outside users just fine? Except...e-mail coming from Comcast domain...and this one sender in France?

*If those Comcast users (and the one from France) send e-mail to anyone else inside of the law office...same problem?

I'd look in message tracking...see if any of those show up. If not...they're not making it to wherever their MX record points to. I'd see if someone from Comcast that gets a bounce-back can send you the NDR and you can peel into the headers.
 
Did you get this resolved yet?

I have a few ideas as to what may be happening here for you... it sounds like it could be 1 of 3 problems.

First go to www.grc.com and do a port scan using Sheilds Up. That will tell you if you do or do not have port 25 unblocked by both your ISP and your firewall.

Second Check your spam filter in exhcnage if it is set really low it could be blocking may non spam incomming messages.

Third Run a DNS report from DNSSTUFF.com if you dont have an account with them send me their domain and I will run the report for you and send you the report.
 
YeOldeStonecat said:
I'm still not clear on the exact symptoms....and perhaps they're mis communicating to you too. But lets see if I have it somewhat correct..

*Interoffice mail works fine...well, that's often the case, setting up Exchange it's pretty hard to dork up internal e-mail.
*All users of the law firm can send e-mail out fine? And intended recipients do indeed end up receiving these outbound e-mails just fine?
*All users of the law firm are receiving e-mails from outside users just fine? Except...e-mail coming from Comcast domain...and this one sender in France?
Click to expand...

Yes, Interoffice is fine, most email to and from outside the network seems mostly fine. They are getting email, I removed the server from three blacklists.

I talked to Comcast support and they tried telling me it is on their blocklist however I submitted a removal request two weeks ago when this started and they told me it was not on their list, however I submitted again just in case.

When I get onsite today I will check for IMF

Port 25, 80, and 443 are all open.

Using MX Toolbox OK - ***.***.***.*** resolves to *********.com
OK - Reverse DNS matches SMTP Banner

Which is all correct.


I was able to get the comcast user to send me actual final notification and this is all I got

_________________________________________________________

This is an automatically generated Delivery Status Notification.

Delivery to the following recipients was aborted after 73.7 hour(s):

********@******born.com


Reporting-MTA: dns; qmta05.westchester.pa.mail.comcast.net [76.96.62.48]
Received-From-MTA: dns; omta18.westchester.pa.mail.comcast.net [76.96.62.90]
Arrival-Date: Thu, 05 Jan 2012 22:27:09 +0000


Final-recipient: rfc822; ********@******born.com
Action: failed
Status: 5.1.1
Last-attempt-Date: Mon, 09 Jan 2012 00:06:25 +0000

____________________________________________________________
 
MTA Stacks?

I noticed MTA Stacks service is disabled. Is that critical to exchange and should be running?


IMF is enabled SCL is set to 7 and archive and the junk setting has scl rating set for 2
Its also using SPAMHaus for blocklist filtering
Im looking in IMF companion for the archived messages ...... oh god theres prob gunna be a **** ton of them
Well none of the emails im looking for were in IMF companion...... any one else have ideas?
 
Last edited:
I would make both settings in your IMF the same and see if that helps... that wide of a spread could be what is causing them to get rejected... i personally have mine set to 7 and 7.
 
ddubois89 said:
MTA Stacks?

I noticed MTA Stacks service is disabled. Is that critical to exchange and should be running?
Click to expand...

Some IT guys disable that.....they think it frees up resources. Not really...they can be running..but if not actually used they won't take up much.

Anyways..they're used when Exchange is on a network with OTHER types of mail servers....older Exchange Servers (like 5.5)...or Lotus Notes, or X.400. If this is the only mail server on their network...you don't need the MTA stacks.
 
For pure troubleshooting...I'd probably disable the Exchange IMF. Yeah..the users will deal with a little spam increase...but I don't find it that effective anyways, and I don't like "black holes" in the e-mail loop. No quarantine, no solid "where did it go" stuff. Once you know e-mail flow is good in both directions...crank it back up if you want to. or better yet..get a real spam/virus solution...some 3rd party outside mail bastion host like appriver.
 
YeOldeStonecat said:
For pure troubleshooting...I'd probably disable the Exchange IMF. Yeah..the users will deal with a little spam increase...but I don't find it that effective anyways, and I don't like "black holes" in the e-mail loop. No quarantine, no solid "where did it go" stuff. Once you know e-mail flow is good in both directions...crank it back up if you want to. or better yet..get a real spam/virus solution...some 3rd party outside mail bastion host like appriver.
Click to expand...

I probably will disable it when I go back there, Thanks for the info on the MTA Stacks. I hate Lotus Notes :mad:

No Dice on the comcast block list. I wish I had a comcast email to test it out myself instead of having to talk to very busy judge to get information.

I enjoy learning a lot more about exchange from this but frustrated I cant solve what seems like a simple problem for my customer. :(

You guys have been wicked helpful, I appreciate it, Ill keep updating this as new ideas and solutions to try are posted and thought of. Its always good to have a reach back when Im at a loss of what to do.
 
You must log in or register to reply here.

Similar threads

thecomputerguy
Clients emails either not being delivered or going to spam.
Replies
6
Views
1K
callthatgirl
callthatgirl
thecomputerguy
How do I investigate vanishing emails from folders/inbox?
Replies
10
Views
1K
Rosco
Rosco
Velvis
OneDrive with Exchange Online Essentials
Replies
2
Views
898
Sky-Knight
Sky-Knight
thecomputerguy
How do I find an email that was sent via token theft?
Replies
14
Views
403
John Kennedy
John Kennedy
callthatgirl
Outlook Classic to New Outlook Autocomplete
Replies
0
Views
915
callthatgirl
callthatgirl
Back
Top