Exchange 2003

ddubois89

New Member
Reaction score
0
Location
Massachusetts
Hey guys, long time no post but I read almost everyday.

Was hoping someone could point me in the right direction on where to start looking. I recently took over an 03 Exchange server at a new customer. The kicker is they are not getting all their email only from their clients. I do not see any major issues or stuck emails in exchange but do not have much experience on where to look either. I can send email all day back and forth with them, but some of their clients with Comcast here in the US and, some from France etc cant send emails and get not available. My first instinct is that this is not an Exchange issue but an ISP issue.

Can anyone point me to where I can read up on some basic troubleshooting for this type of issue. Also Below is an email a user sent me that was generated upon failing.

Im pretty busy today but I will definitely respond if I can with more info if anyone needs it.

________________________________________________________________

Will keep trying and contact you if the message can't be delivered permanently.
>
> Reporting-MTA: dns; qmta04.westchester.pa.mail.comcast.net [76.96.62.40]
> Received-From-MTA: dns; omta03.westchester.pa.mail.comcast.net [76.96.62.27]
> Arrival-Date: Tue, 20 Dec 2011 22:31:06 +0000
>
>
> Final-recipient: rfc822; ********@*******dearborn.com
> Action: delayed
> Status: 4.1.1
> Last-attempt-Date: Wed, 21 Dec 2011 04:56:39 +0000
 
Check blacklists and check thar rDNS is set up correctly. This is a common problem with SBS servers in particular (down to the type of tech suppporting it - not a problem with SBS itself)
 
Thanks

Thanks for the input, Help is much appreciated. Lets just say the army did not go in-depth with exchange training. It also doesnt help I inherited this server and now need to fix a sporadic problem.


Now I used the MX Tool Box, Only real issue is the ip comes up on 2 blacklists, for which I requested removal.

Reverse lookup with the IP comes back to the correct server name mail.m****.com

Everything else on the tests seemed fine, however I feel that it wont be as easy as just removing from only 2 blacklists. Its just weird how I can email back and forth from my email hosting to them my gmail works as well but two of the emails known that dont work are comcast emails.

Looks like I have an area I need to definitely get acquainted with if I am going to properly support this.

If anyone has any other ideas Id be glad to try them!
 
Hey guys, long time no post but I read almost everyday.

Was hoping someone could point me in the right direction on where to start looking. I recently took over an 03 Exchange server at a new customer. The kicker is they are not getting all their email only from their clients. I do not see any major issues or stuck emails in exchange but do not have much experience on where to look either. I can send email all day back and forth with them, but some of their clients with Comcast here in the US and, some from France etc cant send emails and get not available. My first instinct is that this is not an Exchange issue but an ISP issue.

Can anyone point me to where I can read up on some basic troubleshooting for this type of issue. Also Below is an email a user sent me that was generated upon failing.

Im pretty busy today but I will definitely respond if I can with more info if anyone needs it.

________________________________________________________________

Will keep trying and contact you if the message can't be delivered permanently.
>
> Reporting-MTA: dns; qmta04.westchester.pa.mail.comcast.net [76.96.62.40]
> Received-From-MTA: dns; omta03.westchester.pa.mail.comcast.net [76.96.62.27]
> Arrival-Date: Tue, 20 Dec 2011 22:31:06 +0000
>
>
> Final-recipient: rfc822; ********@*******dearborn.com
> Action: delayed
> Status: 4.1.1
> Last-attempt-Date: Wed, 21 Dec 2011 04:56:39 +0000

I can't actually understand fully what you are trying to say. What does "they are not getting all their email only from their clients" actually mean?

What does "I can send email all day back and forth with them" mean? - you can sent emails to them or from them to somewhere specific?

Can you be more precise and exact with what is actually happening? Sending an email from where to where etc
 
Sorry

Sorry, I apologize, Im slammed at the moment haha

My customer is a law firm. They can send inter-office email just fine, but they do not get all of their customer/client email. This results in their clients calling and telling them their emails are being bounced back.

Now I can send email from my cloud hosted email from 1and1 and they can send back to my 1and1 email fine. I also tested with my personal gmail and we can also transmit both ways no problems.

I have not heard differently but It seems to me that all the employees can send email to everyone with no problems. However the problem seems to come up when one of their clients try to respond to the lawyer/paralegal's email they receive the delayed notice and then ultimately a non deliverable.

I thought at first it was a blacklist issue since two the the domains trying to respond were @comcast domains that it was a comcast issue, but they apparently have a customer in France that also can not send emails to them.


This is pretty puzzling to me. Sorry for the confusion, I hope this clears up my explanation and everyones understanding of the issue!
 
Please rerun the CEICW. I had a similar issue and doing this worked in my case.
 
OK thanks for the clarification.

It is puzzling. Does your client have some kind of spam filtering / blacklist? Maybe these particular clients have got on their blacklist.

You could do some testing with the help of these clients - sending emails to a variety of users including one you've just set up yourself to see if it's just specific addresses in the domain or domain-wide and so on.
 
I may try and run the CEICW again. Did it specify or catch what may have been the issue when you ran it?

It seems to be domain wide because every day or so someone else emails me or calls and says they are having the same problem with some of their clients getting bounce backs.

I dont believe that they have a blacklist or spam list. I had one of the judges using the comcast email to email me and me and him can email all day both my 1and1 and personal gmail.



Its one of those days today :eek:
 
Honestly Im not sure, Ill have a look when I go over there tomorrow. If I had to guess I'd assume no. Ill post again when I find out.

I would suspect that before an exchange server. It could be low sbrs, content, volume throttling, etc.

Can you get a copy of the undeliverable email their clients receive? This will tell you right away which host rejected the message.
 
I would suspect that before an exchange server. It could be low sbrs, content, volume throttling, etc.

Can you get a copy of the undeliverable email their clients receive? This will tell you right away which host rejected the message.


That's what I am trying to get a hold of today. Unfortunately it is hard to communicate to the user exactly which email I want from them. I should have it by the end of the day.

I'm pretty sure it doesn't have a email gateway or a spam filter as well.
 
Realize you get "slammed" with business...but a "law firm client with an e-mail server problem".....I'd drop pretty much anything else taking my attention away from them except for healthcare clients. Law firms are very profitable clients to keep happy, lots of money to be made with them keeping their systems updated, they're typically high maintenance clients.

OK so you've inherited an Exchange box...and you're not thoroughly familiar with Exchange.

My first concern with Exchange, including Exchange 2k3...is ensure that it's locked down...not an open relay. Irrelevant of your issue....but if I'm taking on a new mail server...that's one of the first things on my list. I recall a while ago taking on a new client, it was a law firm, their Exchange box was wide open...matter of fact the idiots that set it up put it in the DMZ of a little Stinksys befsr41 router...LOL. That Exchange server was spewing porn spam like a fire hydrant knocked over.

I would do homework on finding out the prior setup....did they have any "bastion host or smtp smart host" middleman?(the smart method) Or was this server setup to just work direct? (bummer).

Check the SMTP properties, see what it is set to be able to receive e-mail from, if any ACLs were put in place. ESM, Servers, Server Object, Protocols, SMTP, Default SMTP Virtual Server..right click...properties...Access Tab, "Connection Control" box...list of IPs. Also the box below connection control, called "Relay Restrictions"..what exact settings do you have there? (there is a potential relay hole here) Where is their MX record pointing? Do you have access to their DNS control panel?

Any 3rd party spam filtering in place?
Is the native Exchange IMF enabled and in place?

Every client of ours with an Exchange Server...we do the bastion host approach. Meaning...there is a middle man setup. Some popular names of this are Postini, MXLogic, AppRiver. We used to use those...but we came up with our own solution that we host and use that now. MX records point to this "middle man"..which filters the e-mail of spam, viruses..and then sends it directly to the clients Exchange server...the public IP of their network. The Exchange Server is setup to ONLY receive e-mail from this public IP address(es) of the bastion host. Port 25 on the edge firewall is closed to all other public IP addresses. This is one major step in securing an Exchange Server. The server forwards outbound SMTP to the bastion hosts outbound servers. This helps cut back on RevDNS/PTR issues...blacklist issues.

Check the recipient policies...the default one, and additional ones? Sometimes if additional ones are added afterwards and poorly used as primery....can lead to issues. Is there a pattern to which recipients can and cannot receive from outsiders?

Going to guess...this is Small Business Server?
 
Thanks

First, Thanks for the in-depth post. It really is going to give me some place to start better familiarize myself with exchange.

Also, I understand where you are coming from with dropping everything for them, unfortunately because the users are not making it a huge deal, I get rank pulled on me by my supervisor and the owner to focus on other things. It usually comes down to if its a pain to them its a pain to us, if its not a huge pain for them then its not a huge pain for us. We take priority of jobs from the poc we use at the customer. Office Politics......:rolleyes:


Using some of the tools provided from earlier in the thread, I know it is not an open relay.

I beleive the server is set up direct and accepting all incoming with the wildcard *.

With my limited knowledge of exchange I see no evidence anywhere of a middleman. Everything points directly to the server that Ive seen.
No on-server enabled spam folder. It looks extremely basic.




I'm going to use your post today and go over there to get some of this information and Ill post back.




The only pattern I see is all the users can send email to everyone. Only certain clients of the law firm can not email back. There are only three emails I know for sure this happens to, two of them are Comcast domains and one is in France.



This just randomly started a couple weeks/months before we were given the job/contract to do IT support for them.

I'm going to go over there today.



I Hate feeling like a user with this. I appreciate everyone's insight in this thread.
 
Back
Top