ISA is delaying outgoing email - ISA DNS problem?
- From: Ryan <Ryan@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 1 Nov 2006 06:50:02 -0800
I manage a SBS 2000 server running the latest Service Packs and Updates. In
the last couple weeks the server has been queuing more mail than usual and
it’s becoming a problem to the company. It seems that the emails eventually
go through but the delay is unacceptable.
This SBS 2000 server is also running ISA. I
have a troubleshooting rule I sometimes use in ISA that allows all traffic
through but enablimg this rule had no effect on the mail delays.
The DNS forwarders tab has the DNS servers as well as some extras I added.
I also added the same set of addresses to the SMTP virtual server (mail
didn’t seem to move without the DNS server entered in there)
From the errors below you can see that a single domain doesn’t alwaysgenerate the same error so I’m really having trouble pinpointing the issue.
Please Help!
Here are some examples of the Event 4000 SMTPSVC errors I’m getting:
Message delivery to the remote domain 'yahoo.com' failed for the following
reason: The connection was dropped by the
remote host.
Message delivery to the remote domain 'yahoo.com' failed for the following
reason: The specified network name is no longer available.
Message delivery to the remote domain 'sympatico.ca' failed for the
following reason:
Message delivery to the remote domain 'sympatico.ca' failed for the
following reason: Unable to bind to the destination server in DNS.
Message delivery to the remote domain 'INCO.COM' failed for the following
reason: Unable to bind to the destination server in DNS.
Message delivery to the remote domain 'unitz.ca' failed for the following
reason: The connection was dropped by the remote host.
Message delivery to the remote domain 'unitz.ca' failed for the following
reason: Unable to bind to the destination server in DNS.
Message delivery to the remote domain 'renegodbout.com' failed for the
following reason: Unable to bind to the destination server in DNS.
I think have narrowed the issue down but I'm still not sure how to fix it.
I tracked the problems to a start date and found that the email delays
started after I ran the SBS Internet Connection Wizard. I had some rules
that I know were set up properly but they didn't block the way they were
designed. After running ICW to reset the ISA rules I set up my block rules
the exact same way and this time they worked. Unfortunately now emails seem
to be delayed. I created some ISA backups and have gone back a couple times
to reproduce this issue so its definitely something in ISA that's causing
this intermittent behaviour.
The rules I had after running ICW seemed to prevent recursive DNS queries
from passing in the DNS properties. Maybe that tells you something? The
block rule I set up just blocks a specific user account from having Internet
access after hours.
Any ideas what in ISA I need to configure for DNS to function properly?
Here's some nslookup results with an ISA backup before the 5th:
sympatico.caServer: localhost
Address: 127.0.0.1
Non-authoritative answer:
sympatico.ca MX preference = 5, mail exchanger = toip1.bellnexxia.net
sympatico.ca MX preference = 5, mail exchanger = toip2.bellnexxia.net
sympatico.ca MX preference = 5, mail exchanger = toip3.bellnexxia.net
sympatico.ca MX preference = 5, mail exchanger = toip4.bellnexxia.net
sympatico.ca MX preference = 5, mail exchanger = toip5.bellnexxia.net
sympatico.ca MX preference = 5, mail exchanger = toip6.bellnexxia.net
sympatico.ca MX preference = 5, mail exchanger = toip7.bellnexxia.net
toip1.bellnexxia.net internet address = 209.226.175.84
toip2.bellnexxia.net internet address = 209.226.175.85
toip3.bellnexxia.net internet address = 209.226.175.86
toip4.bellnexxia.net internet address = 209.226.175.87
toip5.bellnexxia.net internet address = 209.226.175.88
toip6.bellnexxia.net internet address = 209.226.175.174
toip7.bellnexxia.net internet address = 209.226.175.175
yahoo.comServer: localhost
Address: 127.0.0.1
Non-authoritative answer:
yahoo.com MX preference = 1, mail exchanger = mx3.mail.yahoo.com
yahoo.com MX preference = 5, mail exchanger =
mta-v1.mail.vip.re3.yahoo.co
m
yahoo.com MX preference = 1, mail exchanger = mx1.mail.yahoo.com
yahoo.com MX preference = 1, mail exchanger = mx2.mail.yahoo.com
mx3.mail.yahoo.com internet address = 67.28.113.71
mx3.mail.yahoo.com internet address = 67.28.113.10
mx3.mail.yahoo.com internet address = 4.79.181.168
mx3.mail.yahoo.com internet address = 4.79.181.134
mx3.mail.yahoo.com internet address = 67.28.113.74
mta-v1.mail.vip.re3.yahoo.com internet address = 66.196.97.250
mx1.mail.yahoo.com internet address = 4.79.181.15
mx1.mail.yahoo.com internet address = 4.79.181.168
mx1.mail.yahoo.com internet address = 67.28.113.73
mx1.mail.yahoo.com internet address = 67.28.113.19
mx1.mail.yahoo.com internet address = 4.79.181.14
mx2.mail.yahoo.com internet address = 4.79.181.135
mx2.mail.yahoo.com internet address = 4.79.181.136
mx2.mail.yahoo.com internet address = 4.79.181.168
mx2.mail.yahoo.com internet address = 67.28.113.70
mx2.mail.yahoo.com internet address = 67.28.113.72
renegodbout.comServer: localhost
Address: 127.0.0.1
Non-authoritative answer:
renegodbout.com MX preference = 10, mail exchanger = mxmail.register.com
inco.comServer: localhost
Address: 127.0.0.1
Non-authoritative answer:
inco.com MX preference = 10, mail exchanger = smtp.sin.inco.com
inco.com MX preference = 5, mail exchanger = smtp.tor.inco.com
inco.com MX preference = 10, mail exchanger = ap.test.inco.com
inco.com MX preference = 10, mail exchanger = na.test.inco.com
smtp.sin.inco.com internet address = 203.208.251.199
smtp.tor.inco.com internet address = 129.33.168.70
ap.test.inco.com internet address = 203.208.251.200
na.test.inco.com internet address = 129.33.168.76
Now some NSLookup results form a ISA backup made on the 30th (after running
ICW and setting up some custom block rules):
inco.comServer: localhost
Address: 127.0.0.1
Non-authoritative answer:
inco.com MX preference = 10, mail exchanger = smtp.sin.inco.com
inco.com MX preference = 5, mail exchanger = smtp.tor.inco.com
inco.com MX preference = 10, mail exchanger = ap.test.inco.com
inco.com MX preference = 10, mail exchanger = na.test.inco.com
smtp.sin.inco.com internet address = 203.208.251.199
smtp.tor.inco.com internet address = 129.33.168.70
ap.test.inco.com internet address = 203.208.251.200
na.test.inco.com internet address = 129.33.168.76
sympatico.caServer: localhost
Address: 127.0.0.1
DNS request timed out.
timeout was 2 seconds.
*** Request to localhost timed-out
yahoo.comServer: localhost
Address: 127.0.0.1
DNS request timed out.
timeout was 2 seconds.
*** Request to localhost timed-out
renegodbout.comServer: localhost
Address: 127.0.0.1
DNS request timed out.
timeout was 2 seconds.
*** Request to localhost timed-out
.
- Prev by Date: Re: DNS issue for HTTPS to HTTPS bridging
- Next by Date: Re: Can't update virus defs for Symantec 9 Corporate through ISA20
- Previous by thread: Re: DNS issue for HTTPS to HTTPS bridging
- Next by thread: Re: Can't update virus defs for Symantec 9 Corporate through ISA20
- Index(es):
Relevant Pages
|
