'Lost' Mail
Hello all,
I am working with Exchange server 2003, I have another server setup running bright mail anti-spam also that all incoming mail comes into, is scanned, then should be forwarded to the exchange. Everything works with no issues with exception of mail from one particular place. We use Central Desktop and it seems that mail coming from this does not make it to our users, Central Desktop support mail is able to make it through though. I have done the obvious and disabled all of the Anti-Virus/Anti-Spyware with no resolution. I have checked log after log and I can see the messages coming into the system, but have no idea where they are going from there. Any help woul be really appreciated, I've been trying to track this down and am just running out of thoughts at this point.
2007-12-04 14:58:15 66.226.4.171 www3.centraldesktop.com SMTPSVC1 MYSERVER XX.XX.X.XX 0 EHLO - +www3.centraldesktop.com 250 0 202 28 0 SMTP - -
2007-12-04 14:58:15 66.226.4.171 www3.centraldesktop.com SMTPSVC1 MYSERVER XX.XX.X.XX 0 MAIL - +FROM:<www@www4.centraldesktop.com> 250 0 52 63 0 SMTP - -
2007-12-04 14:58:15 66.226.4.171 www3.centraldesktop.com SMTPSVC1 MYSERVER XX.XX.X.XX 0 RCPT - +TO:<cjweyandt@mydomain.com> 250 0 38 74 0 SMTP - -
2007-12-04 14:58:15 66.226.4.171 www3.centraldesktop.com SMTPSVC1 MYSERVER XX.XX.X.XX 0 DATA - +<3122b51d888b7fd2767464e2f5e51798@mydomain.centraldesktop.com> 250 0 149 1705 297 SMTP - -
2007-12-04 14:58:15 66.226.4.171 www3.centraldesktop.com SMTPSVC1 MYSERVER XX.XX.X.XX 0 QUIT - www3.centraldesktop.com 240 500 82 4 0 SMTP - -
2007-12-04 14:58:15 XX.XX.X.XX OutboundConnectionResponse SMTPSVC1 MYSERVER - 25 - - 220+mail.mydomain.com+Microsoft+ESMTP+MAIL+Service,+Version:+6.0.3790.3959+ready+at++Tue,+4+Dec+2007+09:58:17+-0500+ 0 0 119 0 0 SMTP - -
2007-12-04 14:58:15 XX.XX.X.XX OutboundConnectionCommand SMTPSVC1 MYSERVER - 25 HELO - MyServer.corphq.mydomain.local 0 0 4 0 0 SMTP - -
2007-12-04 14:58:15 XX.XX.X.XX OutboundConnectionResponse SMTPSVC1 MYSERVER - 25 - - 250+mail.mydomain.com+Hello+[XX.XX.X.XX] 0 0 44 0 0 SMTP - -
2007-12-04 14:58:15 XX.XX.X.XX OutboundConnectionCommand SMTPSVC1 MYSERVER - 25 QUIT - - 0 0 4 0 16 SMTP - -
2007-12-04 14:58:15 XX.XX.X.XX OutboundConnectionResponse SMTPSVC1 MYSERVER - 25 - - 221+2.0.0+mail.mydomain.com+Service+closing+transmission+channel 0 0 67 0 16 SMTP - -
2007-12-04 14:58:16 66.226.4.152 OutboundConnectionResponse SMTPSVC1 MYSERVER - 25 - - 220+www4.centraldesktop.com+ESMTP+Postfix 0 0 41 0 109 SMTP - -
2007-12-04 14:58:16 66.226.4.152 OutboundConnectionCommand SMTPSVC1 MYSERVER - 25 EHLO - MyServer.corphq.mydomain.local 0 0 4 0 109 SMTP - -
2007-12-04 14:58:16 66.226.4.152 OutboundConnectionResponse SMTPSVC1 MYSERVER - 25 - - 250-www4.centraldesktop.com 0 0 27 0 203 SMTP - -
2007-12-04 14:58:16 66.226.4.152 OutboundConnectionCommand SMTPSVC1 MYSERVER - 25 MAIL - FROM:<>+SIZE=3492 0 0 4 0 203 SMTP - -
2007-12-04 14:58:16 66.226.4.152 OutboundConnectionResponse SMTPSVC1 MYSERVER - 25 - - 250+2.1.0+Ok 0 0 12 0 297 SMTP - -
2007-12-04 14:58:16 66.226.4.152 OutboundConnectionCommand SMTPSVC1 MYSERVER - 25 RCPT - TO:<www@www4.centraldesktop.com> 0 0 4 0 297 SMTP - -
2007-12-04 14:58:16 66.226.4.152 OutboundConnectionResponse SMTPSVC1 MYSERVER - 25 - - 250+2.1.5+Ok 0 0 12 0 391 SMTP - -
2007-12-04 14:58:16 66.226.4.152 OutboundConnectionCommand SMTPSVC1 MYSERVER - 25 DATA - - 0 0 4 0 391 SMTP - -
2007-12-04 14:58:16 66.226.4.152 OutboundConnectionResponse SMTPSVC1 MYSERVER - 25 - - 354+End+data+with+<CR><LF>.<CR><LF> 0 0 35 0 500 SMTP - -
2007-12-04 14:58:16 66.226.4.152 OutboundConnectionResponse SMTPSVC1 MYSERVER - 25 - - 250+2.0.0+Ok:+queued+as+8BA782842A 0 0 34 0 609 SMTP - -
2007-12-04 14:58:16 66.226.4.152 OutboundConnectionCommand SMTPSVC1 MYSERVER - 25 QUIT - - 0 0 4 0 625 SMTP - -2007-12-04 14:58:16 66.226.4.152 OutboundConnectionResponse SMTPSVC1 MYSERVER - 25 - - 221+2.0.0+Bye 0 0 13 0 703 SMTP - -
December 4th, 2007 9:43pm
I haven't yet figured out what is going on here, still looking for some help if any one has any. I was wondering if there are any Microsoft (or even otherwise) tools that I could possibly install on this server to track messages and find out wha is happening to them when they should be getting relayed to the Exchange box.
Thanks again
EDIT:
I don't know that this would have anything to do with it but I have noticed that the FROM and TO on these emails are not the same as the other messages that are being delivered. It seems they have the to being the sender and the from being basically blank!
2007-12-04 14:58:16 66.226.4.152 OutboundConnectionCommand SMTPSVC1 MYSERVER - 25 MAIL - FROM:<>+SIZE=3492 0 0 4 0 203 SMTP - -
2007-12-04 14:58:16 66.226.4.152 OutboundConnectionResponse SMTPSVC1 MYSERVER - 25 - - 250+2.1.0+Ok 0 0 12 0 297 SMTP - -
2007-12-04 14:58:16 66.226.4.152 OutboundConnectionCommand SMTPSVC1 MYSERVER - 25 RCPT - TO:<www@www4.centraldesktop.com> 0 0 4 0 297 SMTP - -
2007-12-04 14:58:16 66.226.4.152 OutboundConnectionResponse SMTPSVC1 MYSERVER - 25 - - 250+2.1.5+Ok 0 0 12 0 391 SMTP - -
Free Windows Admin Tool Kit Click here and download it now
December 5th, 2007 8:00pm
Not sure if this will help or not,
http://www.msexchange.org/tutorials/Exchange-2003-Message-Tracking-Logging.html
There are a couple of other related links at the bottom of that page as well that may prove of use.
John V.
December 6th, 2007 8:50pm
Thanks but I've looked through there. That's part of the issue, the messages aren't making it into exchange mail boxes so there is nothing for me to be able to track there
Free Windows Admin Tool Kit Click here and download it now
December 6th, 2007 9:06pm
Bright mail Quarantining them? Might add them to safe sender domain just to be sure that isn't the issue. We use Brightmail at my org and (while it does a great job most of the time) I've seen quirks where things like this would happen until we added them to Safe Senders. Sometimes the messages would show up in quarantine, other times, just gone.
John
December 6th, 2007 9:23pm
I've definitely added it In, I even went as far as disabling Brightmail all together for a brief period of time (that sure made users happy) with no success. I've pretty much stuck right now to be honest with you. Do you find anything odd about the logs that I posted?
Free Windows Admin Tool Kit Click here and download it now
December 6th, 2007 9:25pm
Ok, I finally got some new information. I found that whomever originally setup this system did not have NDR's being sent to anyone, so I threw in my address and got one...that's an awful big help. Problem is I've seen this before and have been unsuccessfull at correcting it. I think it has something to do with 8 bit MIME. Any suggestions would be great!
Your message did not reach some or all of the intended recipients.
Subject: Your login information for Central Desktop
Sent: 12/6/2007 1:26 PM
The following recipient(s) cannot be reached:
Cliff Moten on 12/6/2007 1:26 PM
The message contains a content type that is not supported
<MyServer.corphq.MyDomain.local #5.6.1 smtp;554 5.6.1 Body type not supported by Remote Host>
December 6th, 2007 9:31pm