2

I've looked at a few of the existing SF questions/answers and so far can't find the same situation. It's not a TLS issue like I first thought, since the remote server isn't asking for TLS, and it isn't a firewall issue since the connection is established and starts sending and receiving SMTP commands.

We are getting the following in our Exchange queue for just one domain:

Exchange queue

The remote domain is an Exchange 2003 server it appears.

Here's a copy of the SMTP log for the email:

2013-04-12T19:03:20.684Z,Internet,08D004A55169DB35,0,,XX.XX.XX.XX:25,*,,attempting to connect
2013-04-12T19:03:20.731Z,Internet,08D004A55169DB35,1,10.54.2.15:25977,XX.XX.XX.XX:25,+,,
2013-04-12T19:03:20.777Z,Internet,08D004A55169DB35,2,10.54.2.15:25977,XX.XX.XX.XX:25,<,"220 plexch2k3.REMOTE.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at  Fri, 12 Apr 2013 15:03:20 -0400 ",
2013-04-12T19:03:20.777Z,Internet,08D004A55169DB35,3,10.54.2.15:25977,XX.XX.XX.XX:25,>,EHLO exchange.OURDOMAIN.com,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,4,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-plexch2k3.REMOTE.com Hello [6X.XX.X.70],
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,5,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-TURN,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,6,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-SIZE,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,7,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-ETRN,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,8,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-PIPELINING,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,9,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-DSN,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,10,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-ENHANCEDSTATUSCODES,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,11,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-8bitmime,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,12,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-BINARYMIME,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,13,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-CHUNKING,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,14,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-VRFY,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,15,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-X-EXPS GSSAPI NTLM LOGIN,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,16,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-X-EXPS=LOGIN,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,17,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-AUTH GSSAPI NTLM LOGIN,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,18,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-AUTH=LOGIN,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,19,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-X-LINK2STATE,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,20,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-XEXCH50,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,21,10.54.2.15:25977,XX.XX.XX.XX:25,<,250 OK,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,22,10.54.2.15:25977,XX.XX.XX.XX:25,*,5945,sending message
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,23,10.54.2.15:25977,XX.XX.XX.XX:25,>,MAIL FROM:<Bob@OURDOMAIN.com> SIZE=13577,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,24,10.54.2.15:25977,XX.XX.XX.XX:25,>,RCPT TO:<Dave@REMOTE.com>,
2013-04-12T19:03:20.871Z,Internet,08D004A55169DB35,25,10.54.2.15:25977,XX.XX.XX.XX:25,<,250 2.1.0 Bob@OURDOMAIN.com....Sender OK,
2013-04-12T19:03:20.949Z,Internet,08D004A55169DB35,26,10.54.2.15:25977,XX.XX.XX.XX:25,-,,Remote

I can't seem to figure out what the problem is. It appears that it might be on the remote end as after the:

250 2.1.0 Bob@OURDOMAIN.com....Sender OK,

It then says:

,,Remote

whatever that means, and then that's the end of that log and connection.

Any ideas on how to resolve this one?

TheCleaner
  • 32,627
  • 26
  • 132
  • 191
  • You might test out their domain with http://mxtoolbox.com/. If everything is alright, you might get them to test their exchange using https://www.testexchangeconnectivity.com/ – Nixphoe Apr 12 '13 at 19:31
  • Also, did you see this http://serverfault.com/questions/370103/421-4-4-2-connection-dropped ? – Nixphoe Apr 12 '13 at 19:39
  • Yeah, saw that...and same thing...I can telnet test them and mxtoolbox test them and all is fine. There's no such firewall filtering here, but it might be something on their end, although odd that it gets almost to the body of the message before going nuts. I'm waiting to hear back from their Exchange admin. The other possibility in my mind is that something on their end is purposely dropping us, but odd again that it chooses to do so halfway through the SMTP commands and not at the beginning. – TheCleaner Apr 12 '13 at 20:02

1 Answers1

2

plexch2k3.parkerlabs.com closes TCP session just after rejecting RCPT TO:. It seems to "confuse" your MTA.

My test telnet connection produced:
550 5.7.1 Your email messages have been blocked by the recipient OR by Trend Micro Email Reputation Service. Contact the recipient or his/her administrator using alternate means to resolve the issue.
Connection closed by foreign host.

AnFi
  • 6,103
  • 1
  • 14
  • 27
  • OK, I feel dumb for asking but I have to....how did you know it was plexch2k3.parkerlabs.com? Google search of plexch2k3? You are right, just curious since i "tried" to help them be anonymous on this forum. Not that it really matters, but still. – TheCleaner Apr 12 '13 at 21:14
  • Also, thank you. I was able to search that message, even though it wasn't the one I receieved, and I see that our IP for some reason is on a DUL list (dynamic user list) on Trend's Email Reputation Service. I've requested removal and we'll see if that resolves the issue. If so, I'll edit your answer and then award it to you. – TheCleaner Apr 12 '13 at 21:21
  • 1) Yes, I had googled for plexch2k3. 2) IMHO plexch2k3 behavior is "unusual" but your server should handle it better. You may/should fill a bug report about ignored reply just before TCP connection close. – AnFi Apr 13 '13 at 05:31
  • Thanks, it was the DUL list at Trend that was causing this. – TheCleaner Apr 15 '13 at 15:29