Frustrating Inbound mail issue

fitz

Woah.. I'm still here?
Political Access
Joined
26 Apr 2004
Messages
4,087
So I have some external people that are unable to send mail to us. They get a bounce message back saying the messages timed out.

In my logs, I can see the connection coming in:

I see their EHLO with a 250 success message back
I see their MAIL FROM command with a 250 success
I see their RCPT TO: command with a 250 sucess message back

Then...

nothing.. the DATA command never comes through.. wondering if anyone has seen this or know why this might occur.

Running Exchange 2003 SP2, IMF installed sitting behind an ISA 2000 server w/Server Publishing rules.

This does not occur with everyone, just certain senders domains.
 
Are they sending mail from their corporate accounts? (non-corporate being Hotmail, gmail, yahoo...)

Do you use any sort of filtering software? Is there a whitelist / blacklist you can access?

When did this start happening? Are you aware of any recent changes to the infrastructure executed by Network Operations by chance? Any modifications recently to your mail servers / proxy servers ?
 
Continued...

Are they or their ISP using any kind of certificates or mail authentication to verify the mail is not being intercepted? Government and some corporations are under a big push to use secure email now.
 
Are they sending mail from their corporate accounts? (non-corporate being Hotmail, gmail, yahoo...)

Do you use any sort of filtering software? Is there a whitelist / blacklist you can access?

When did this start happening? Are you aware of any recent changes to the infrastructure executed by Network Operations by chance? Any modifications recently to your mail servers / proxy servers ?

corporate accounts.. most domains work just fine, just certain companies seem to be having problems.

our whitelists/blacklists are empty right now, we do use a couple RBL lists, but I checked that they are not on those

Started happening roughly a week or two ago (at least, so say our wonderfully reliable users). No recent changes to our mail environment or the ISA server..

Continued...

Are they or their ISP using any kind of certificates or mail authentication to verify the mail is not being intercepted? Government and some corporations are under a big push to use secure email now.

Nope.. talked with the IT admins at a couple of the companies having problems sending us mail.

Some more info, I worked with one of the companies yesterday and she was able to get on their mail server, open a telnet connection over port 25 to our mail server and send mail manually sending the commands (HELO/MAIL FROM:/RCPT TO:/DATA) without any problems.. but still having problems going through their mail servers. That info normally would tell me that they have something wrong if their mail server can telnet to port 25 and send a message sucessfully.. but the fact that it is happening with multiple senders domains from different compaines using different mail software and different ISP's in different parts of the country tell me it might be something more.
 
*sigh*

Problem is "solved". I installed Windows 2003 SP1 on the ISA box a couple months ago. Apparently, the problem has been occurring since then.. but my users didn't complain until a couple weeks ago.

The problem is, now I have a box that is near the edge that isn't fully patched.

Damn Microsoft!
 
yeah.. going to shortly. But since service packs are cumulative, i'm guessing we'll have the same problem.

edit:
working with some of the groups that we were having problems with to arrange a time that I can test the SP2 install to see if teh problem reappears
 
Last edited:
Is ISA 2000 compatible (or supposed to be) with SP1/SP2?
 
it probably was never tested since isa2000 is End of Life.

Time to hit the boss up for some money for an upgrade.
 
put a openbsd box in there instead of ISA.

PF is awesome for packetfiltering and traffic routing to internal networks 🙂
 
I would love an openBSD/freeBSD box.. or even a linux box.. we'll have to see how well I can sell it though 😉
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. 🙁

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,016
Messages
673,499
Members
5,627
Latest member
Setups
Back