Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Where the frig is this message coming from?
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
Where the frig is this message coming from? - 28.Oct.2004 7:16:00 PM
|
|
|
pborkstrom
Posts: 22
Joined: 12.May2003
From: Chicago
Status: offline
|
A fellow administrator from another company called me today and informed me that his frewall logs show that it's blocking an incoming SMTP message at his router, because it is hitting his Outgoing SMTP address (his actual Exchange server), and not his incoming SMTP address (his 1st line of SPAM defense).
The message would probably go through, except that it's not hitting his incoming SMTP address. I've traced the message back to my Exchange 2000 server by checking our Cisco PIX logs, but I do not know to tell what/who exactly is sending the message.
How can I find this out? Is there a way I can see who/what originated a message with a destination of 63.A.B.130? There is no MX record pointing to the .130 address that keeps getting hit on his end, and our Exchange server will allow relaying from a few internal servers that send mail off of it. I'll try to illustrate the procedure:
* Message originates from our Exchange server (63.A.B.61) and hits his outgoing SMTP address (63.A.B.130). His router is set to block incoming SMTP traffic to the .130 address.
OurNetwork
63.A.B.61
His Network
Incoming SMTP 63.A.B.130
Outgoing SMTP 63.A.B.134
* His MX Record points to 63.A.B.134 only.
* I checked my PIX logs and seen translations from 172.A.B.36 to 63.A.B.61 (our internal IP to our public IP).
* We are not getting any bounce back messages.
Please help!
|
|
|
|
RE: Where the frig is this message coming from? - 29.Oct.2004 1:06:00 AM
|
|
|
koggen
Posts: 980
Joined: 31.Oct.2001
From: Göteborg - Sweden
Status: offline
|
If you are sure that there's no MX record for the other server, my guess is that either an address translating firewall rule is causing the problem, or a smarthost setting used on either the SMTP Virtual Server or a SMTP connector. I'm assuming here that the two servers are not part of the same Exchange organization. What ip addresses do the headers of an email that is allowed through report? That might give you a clue as to what is happening.
// Johan
|
|
|
|
|
RE: Where the frig is this message coming from? - 31.Oct.2004 5:01:00 PM
|
|
|
pborkstrom
Posts: 22
Joined: 12.May2003
From: Chicago
Status: offline
|
Both email servers are in separate Exchange organizations. I am completely sure there's no MX record pointing to the other server. As far as the headders from the "renegade" message, I don't know any way of viewing them because I don't know how to tell where exactly the message is coming out of (either an Exchange user or one of several servers we allow relaying from). The other administrator gets entries in his log file (on his PIX firewall) that says SMTP traffic is trying to enter the network from his Outgoing SMTP server's IP address. And since SMTP is only allowed to leave his network, the message just gets blocked at his PIX, and it is never actully received (and thus can't be inspected). It happens about every 15-20 minutes all day every day. Any other suggestions?
|
|
|
|
RE: Where the frig is this message coming from? - 31.Oct.2004 6:19:00 PM
|
|
|
MSRyman
Posts: 63
Joined: 31.Oct.2004
From: Dallas Tx
Status: offline
|
Not sure why this is working the way it is but here is a possible workaround for you and a couple of possibilities as to why.
workaround is setup an smtp connector with the address space (@whatever.com)and put a smarthost setting on that connector like [external ip address for buddys mail system] and restart the smtp and routing engine services and try mail again this should work. Also do you ever get an ndr? Do you have logging turned on on the smtp virtual server? If so then go to \windows\system32\logfiles\smtpsvc and look at the log directly after a failure and maybe you can see what's up
one possibility is that you have external dns servers setup on the smtp virtual server on the delivery tab advanced and then configure on right check and see
another is that maybe you have the setting to forward all mail with unresolved recipient to host and give the .130 address (not likely just possible)
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
