4

We have Microsoft Standard Exchange 2007. Sometime recently we have suddenly lost the ability to receive emails from AOL. As far as I can tell, we are receiving all other email normally.

The only anti-spam solution we use is a blocklist from zen.spamhaus.org. I've temporarily disabled it with no change. I didn't think it would make a difference anyway since the aol servers don't appear to be in zen.

We use OpenDNS as our DNS provider, but it's not blocking aol.com.

We are able to SEND to aol.com and these messages are received so it's not like they are blocking our domain.

============================================
UPDATE 1: Here's a typical aol log (I chopped out the IP's and other stuff):

,<,EHLO imr-da02.mx.aol.com,
,>,250-mail.mydomain.com Hello [205.188.105.144],
,>,250-SIZE,
250-PIPELINING,
250-DSN,
250-ENHANCEDSTATUSCODES,
250-STARTTLS,
250-AUTH GSSAPI NTLM,
250-X-EXPS GSSAPI NTLM,
250-8BITMIME,
250-BINARYMIME,
250-CHUNKING,

,250 XEXCH50,
<,MAIL From: SIZE=8356995,
,08CBB8907FCC1A80;2009-08-18T18:37:33.812Z;1,receiving message
,250 2.1.0 Sender OK,
<,RCPT To:,
,250 2.1.5 Recipient OK,
<,DATA,
,354 Start mail input; end with .,
,+,,
,,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
,>,"220 mail.mydomain.com Microsoft ESMTP MAIL Service ready at Tue, 18 Aug 2009 14:37:45 -0400",

======================================================================
UPDATE 2: Using the Microsoft Troubleshooting assistant, the mail tracking results for a specific email gave this error message:

550 5.2.0 STOREDRV.Deliver: The Microsoft Exchange Information Store service reported an error. The following information should help identify the cause of this error: "MapiExceptionNamedPropsQuotaExceeded:16.18969:23010000, 17.27161:00000000E4000000000000000000000000000000, 255.23226:00000000, 255.27962:7A000000, 255.27962:56000000, 255.17082:00090480, 0.16993:80030400, 4.21921:00090480, 255.27962:FA000000, 255.1494:00000000, 255.26426:56000000, 4.6363:0F010480, 2.31229:00000000, 4.6363:0F010480, 2.22787:00000000, 2.22787:00000000, 2.22957:00000000, 2.19693:00000000, 2.17917:00000000, 2.27341:00000000, 2.22787:00000000, 4.5415:00090480, 4.7867:00090480, 4.4475:00090480, 4.4603:00090480, 4.5323:00090480, 5.10786:000000004E414C2D4D41494C303100100F010480, 255.1750:00090480, 0.26849:00090480, 255.21817:00090480, 0.24529:00090480, 4.18385:00090480".

jscott
  • 24,484
  • 8
  • 79
  • 100
Knox
  • 2,463
  • 2
  • 26
  • 34
  • Have you check the Junk Folder? – xeon Aug 18 '09 at 18:15
  • no, the emails are not in the junk folders. Our entire domain seems to be affected so we checked in the individual folders for some of the users. – Knox Aug 18 '09 at 18:28
  • On a sidet note, depending on how big a problem spam is, Postini is a very good solution that gives you a mail spool when you have server problems. In my experience dns blocklists are not nearly enough. (Disclosure: I'm a reseller but only because it's very good, similar tech to gmail.) – reconbot Aug 18 '09 at 18:36

2 Answers2

4

From your new information, you can read about named properties here:

http://msexchangeteam.com/archive/2009/04/06/451003.aspx

There is apparently a bug/limitation that is fixed in UR8 (supposedly) with information here on workarounds:

http://technet.microsoft.com/en-us/library/bb851493.aspx

You apparently need to configure a number upwards of the maximum since the default is in the 16k range. More information about this value can be found here:

http://technet.microsoft.com/en-us/library/bb851492.aspx

and you might be seeing these errors in your event log

http://technet.microsoft.com/en-us/library/bb851495.aspx

If you're not on UR8 or UR9 for Exchange, I would first start by updating the system and see if the error persists. Otherwise, start looking at the workarounds.

It also looks like this HeaderFilterAgent

http://www.codeplex.com/HeaderFilterAgent

can be used to strip the unwanted X-headers from filling up your quota

Kevin Kuphal
  • 9,134
  • 1
  • 35
  • 41
  • I was about to post what I had found out about named properties, but you've nailed it. – Knox Aug 18 '09 at 20:10
  • RESOLUTION: Yes, this was the problem. We increased the named properties as above and that took care of the problem. I speculate that AOL mail had some named property that happened to take us over the limit. – Knox Aug 18 '09 at 20:30
  • Good answer. This is going to be a more common problem for people as Exchange 2007 installs get older and aren't kept updated to the latest patch. – Doug Luxem Aug 18 '09 at 20:39
  • Very good to know. I honestly haven't worked with 2007 much. – reconbot Aug 19 '09 at 16:21
3

First goto AOL's postmaster tools and sine up for a feedback loop. They might have blocked you for some reason and you can work with them to resolve the problem. If you ever get a virus on your network that starts spamming, this not only lets you know but lets your resolve the issue with aol faster. (You have outgoing smtp on a different ip then your default route right?)

Then enable smtp logging and look for aol hostnames (should be mx.aol.com) to see what's erroring. If you can't find any trace that aol is talking to your smtp connector. Next step is to do a traceroute to mx.aol.com. Chances are the network path is not the problem as you can send to aol, or at least one of aol's servers on their farm.

It will also help to note what errors are aol memebers getting when sending to your domain.

Next, fire up Wireshark and record the smtp traffic while sending a test email. You should be able to filter for aol and see what problems the protocol is having. SMTP uses plain text so you should be able to at least get an error code or reference url out of it.

reconbot
  • 2,455
  • 3
  • 25
  • 30
  • That's pretty comprehensive advice. I'm currently working on the logging. Thanks. – Knox Aug 18 '09 at 18:38
  • Make sure you do the postmaster's tools, when you're dealing with that much mail, you make up a bit of your own protocol and standards, so that's how you work with them. Post back if you need more help. – reconbot Aug 18 '09 at 18:46
  • * I don't think they've blocked us. They can RECEIVE from our domain. * incoming and outgoing email is on a dedicated IP. All other internet traffic is on a different IP. – Knox Aug 18 '09 at 18:57
  • Ok, I've got some logs from the SMTP service from exchange. I see AOL email apparently being received with no error messages. – Knox Aug 18 '09 at 18:58
  • 1
    At this point I'd check the Queue Viewer to see if you can find any "stuck" messages and look up the error code. – Kara Marfia Aug 18 '09 at 19:24