1

I am seeing quite a few "421 4.4.2 connection dropped" errors in my queue view in Exchange 2007. I have verified the rDNS and such is set up properly. I have rebooted. It's not all domains, just a handful.

When I look at the packets the last command I get from the SMTP server is "SMTP server ready"

174.47.59.19    172.16.2.178    SMTP    SMTP:Rsp 220  mail.ntgrated.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at  Thu, 15 Mar 2012 09:58:11 -0500 , 119 bytes
172.16.2.178    174.47.59.19    SMTP    SMTP:Cmd EHLO mail.serviceprovidergroup.com, 36 bytes
174.47.59.19    172.16.2.178    SMTP    SMTP:Rsp 250 -mail.ntgrated.com Hello [69.128.140.103], 334 bytes
172.16.2.178    174.47.59.19    SMTP    SMTP:Cmd STARTTLS, Server is currently able to negotiate the use of TLS
174.47.59.19    172.16.2.178    SMTP    SMTP:Rsp 220  2.0.0 SMTP server ready, 29  bytes
174.47.59.19    172.16.2.178    SMTP    SMTP:Rsp 220  mail.ntgrated.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at  Thu, 15 Mar 2012 09:58:12 -0500 , 119 bytes
172.16.2.178    174.47.59.19    SMTP    SMTP:Cmd EHLO mail.serviceprovidergroup.com, 36 bytes
174.47.59.19    172.16.2.178    SMTP    SMTP:Rsp 250 -mail.ntgrated.com Hello [69.128.140.103], 334 bytes
172.16.2.178    174.47.59.19    SMTP    SMTP:Cmd STARTTLS, Server is currently able to negotiate the use of TLS
174.47.59.19    172.16.2.178    SMTP    SMTP:Rsp 220  2.0.0 SMTP server ready, 29 bytes

And when comparing an email that gets through to another domain, I see the full communication:

172.16.2.178    69.128.140.110  SMTP    SMTP:Rsp 220  mail.serviceprovidergroup.com Microsoft ESMTP MAIL Service ready at Thu, 15 Mar 2012 11:00:31 -0400, 105 bytes
69.128.140.110  172.16.2.178    SMTP    SMTP:Cmd EHLO se-10-1-10-1.localdomain, 31 bytes
172.16.2.178    69.128.140.110  SMTP    SMTP:Rsp 250 -mail.serviceprovidergroup.com Hello [69.128.140.110], 191 bytes
69.128.140.110  172.16.2.178    SMTP    SMTP:Cmd MAIL FROM:<do-not-reply@localdomain>, 38 bytes
172.16.2.178    69.128.140.110  SMTP    SMTP:Rsp 250  2.1.0 Sender OK, 21 bytes
69.128.140.110  172.16.2.178    SMTP    SMTP:Cmd RCPT TO:<Amy.Ebert@serviceprovidergroup.com>, 46 bytes
172.16.2.178    69.128.140.110  SMTP    SMTP:Rsp 250  2.1.5 Recipient OK, 24 bytes
69.128.140.110  172.16.2.178    SMTP    SMTP:Cmd DATA, Begins message composition
172.16.2.178    69.128.140.110  SMTP    SMTP:Rsp 354  Start mail input; end with <CRLF>.<CRLF>, 46 bytes
69.128.140.110  172.16.2.178    SMTP    SMTP:Data Payload, 1448 bytes
...
69.128.140.110  172.16.2.178    SMTP    SMTP:Data Payload, 107 bytes
172.16.2.178    69.128.140.110  SMTP    SMTP:Rsp 250  2.6.0 <27098604.1331814857000.JavaMail.root@se-10-1-10-1.localdomain> Queued mail for delivery, 100 bytes
69.128.140.110  172.16.2.178    SMTP    SMTP:Cmd QUIT, Terminates the mail session
172.16.2.178    69.128.140.110  SMTP    SMTP:Rsp 221  2.0.0 Service closing transmission channel, 48 bytes

I can telnet to these domains and manually execute the commands all day long and it gets through, it's only when sending in Exchange.

This started happening this weekend when we upgraded our Fortigate Firewall, but I cannot find anything that would be causing these issues.

Using ping (unless there's a better way) I have confirmed that packets are not dropping between the two.

Thanks

jeremib
  • 185
  • 1
  • 2
  • 6
  • I followed the problem back to my firewall. I have content filtering on all outgoing traffic, and that was causing an issue with this. As soon as I excluded the exchange server from this filtering, it worked. – jeremib Mar 15 '12 at 18:10
  • Could you post that as an Answer and mark it as accepted when you have a chance? – Chris S Feb 04 '13 at 16:49
  • THANKS!!!!!!!! I had exactly the same problem and searched during many days how to solve it. My problem was solved after disable the UTM on my Exchange server in Fortigate. –  Feb 04 '13 at 16:29

0 Answers0