Re: Exchange 2003 SBS #4.4.7 NDR TO OUR SERVER

Hi Jeff,

Thanks for your detail description. I appreciate your time and efforts
perform test to troubleshooting the issue.

1. If you installed the Symantec Antivirus Corporate Edition 9.x, please
totally remove the whole Symantec Antivirus application first to disable
the the Symantec Antivirus Corporate Edition 9.x Internet Auto-Protect
feature. There is a known issue to the Auto-Protect feature. Please first
remove the Symantec Antivirus application to check if it helps.

2. The hotfix 901160 only will apply to the exchange server that has
enabled the Sender Filtering feature and are experiencing this specific
problem. Since you have not enable Sender Filtering feature, you should not
apply the hotfix.

3. You can check the Exchange SP level as follows: Open Exchange System
Manager, click Help-> About exchange management, what is the version
number? If it is exchange 2003 sp2, the version number is 6.5.7638.

Exchange 2003 with no SP: 6.5.6944
Exchange 2003 SP1: 6.5.7226
Exchange 2003 SP2: 6.5.7638

To the Exchange 2003 SP1, and Exchange 2003 SP2, it is better that you
apply the newest updates although you might not encounter the issues that
fixed in these service packs. The hotfixes and updates in Exchange 2003
SP1/SP2 can be applied all exchange 2003 server.

4. What are the problematic external domains? Can you contact one sender in
the domain and help you to reproduce the issue and collect the information
I requested? Or please let them temporarily create a test account for you.
If we do not know the exact sender email address, recipient, the message
sent time, we can not track the message's transport process.

5. Please confirm if all the messages sent from those specific external
domains would fail. If it happens randomly, it might take a long time to
find the clue. Since many factors will lead to messages receiving failure,
it is hard to say what the problem lies in.

6. You can also try to register some external domain email address to test
the issue from internet

I appreciate your time. I am glad to be further assistance to you.

Have a nice day!

Sincerely,

Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
From: jaellman@xxxxxxxxx
Newsgroups: microsoft.public.windows.server.sbs
Subject: Re: Exchange 2003 SBS #4.4.7 NDR TO OUR SERVER
Date: 12 Jul 2006 19:55:32 -0700
Organization: http://groups.google.com
Lines: 263
Message-ID: <1152759332.725198.88470@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
References: <1152483295.745514.4700@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
<#MkAhT8oGHA.4848@xxxxxxxxxxxxxxxxxxxx>
<b6Mp6eBpGHA.4632@xxxxxxxxxxxxxxxxxxxxx>
NNTP-Posting-Host: 68.20.84.206
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Trace: posting.google.com 1152759336 8992 127.0.0.1 (13 Jul 2006
02:55:36 GMT)
X-Complaints-To: groups-abuse@xxxxxxxxxx
NNTP-Posting-Date: Thu, 13 Jul 2006 02:55:36 +0000 (UTC)
In-Reply-To: <b6Mp6eBpGHA.4632@xxxxxxxxxxxxxxxxxxxxx>
User-Agent: G2/0.2
X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
NET CLR 1.1.4322),gzip(gfe),gzip(gfe)
Complaints-To: groups-abuse@xxxxxxxxxx
Injection-Info: h48g2000cwc.googlegroups.com; posting-host=68.20.84.206;
posting-account=Ha6tCw0AAAAEoRhk-vdXSzthjYWpLfV5
Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!newsfeed00
sul.t-online.de!t-online.de!border2.nntp.dca.giganews.com!border1.nntp.dca.
giganews.com!nntp.giganews.com!postnews.google.com!h48g2000cwc.googlegroups.
com!not-for-mail
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:281019
X-Tomcat-NG: microsoft.public.windows.server.sbs

Ok, I've had some time to look into this. Here are the answers to the
questions below:

Q) Static vs. Dynmatic - We have a static DSL account, unforunately the
pool from which the IP addresses are pulled are within the same subnet
as the dynamic addresses, as such some mail servers see us as being
dynmatic. This is the reason I relay through my ISP for outgoing mail.
I've never had it effect incoming mail though.

Q) Firewalls & Antivirus - I've disabled both Firewall & Symantic
antivirus prior to posting as well as shutting down SMTP "fix up" on
our PIX router. No effect on the issue

Q) Check MX & DNS - I checked the external DNS and it was, in fact,
pointing to the ISP. I've removed these entries as of tonight.

Q) Sender Filter Hotfix - I'm not certain if the Sender Filtering has
ever been enabled, I'm going to assume it could have been for the sake
of discussion. If it has NOT been enabled and I apply the hotfix you
mentioned will it negitively effect anything or is it OK to apply said
hotfix just to be sure?

Q) Service Pack Level - Currently, the Exchange server shows (Service
Pack 2) when looking at the properties of the exchange server in system
manager. I'm not 100% certain of the machine was upgraded from release
to SP1 to SP2 or directly from release to SP2. My question is the same
as above, does appling the hotfix cause any problems if I do not have
the issue you described?

Here are the "further informatioN" questions.
1) Recieve messages directly via MX record which points to the Static
IP of the DSL Account (which is sent via NAT to the static interface on
the exchange server of our local network). Outgoing messages are
relayed via smart host with authenitcation to our ISP.

2) Outgoing email is not a problem, we can send out without any issues.
Incoming is where our problem lies. I have not setup an incoming
relay out on the internet, but I guess that could be an answer if all
else fails.

3) I will attempt to track down these messages, the problem is it's
people sending US messages that are getting the reponse, not US sending
to others.

4) I can send you the SMTP log but there is no entry for the incoming
mail for the users who are getting the return.

5) I ran the SMTPDiag.exe and everything came back successful.

Again, the main reason I'm stumped is because I do not have access to
the senders mail server, and they claim the old fashion "everything
works on our end, it must be you" type of thing, so I'm just looking
for some guidance. You've been a big help. Please let me know what I
should do regarding the hotfixes.
"Jenny wu [MSFT]" wrote:
Hi Jeff,

Thanks for using the SBS newsgroup. Also thanks for N. Hughes's input.

I am sorry for the delayed response due to weekend. Please understand
that
the newsgroups are staffed weekdays by Microsoft Support professionals to
answer your systems and applications questions. Your understanding is
greatly appreciated!

For time critical issues (not business down), we encourage you to contact
CSS directly for more immediate assistance:
International Support (non-US/Canada):
http://support.microsoft.com/common/international.aspx

US and Canada:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone

To continue working with me in the newsgroups, please see the following:

From your description, I understand the issue is that users from some
external domains received 4.4.7 NDR messages while sending emails to your
exchange server. If I am off base, please don't hesitate to let me know.

Based on my research, the NDR code typically indicates an issue on the
receiving server. Let us follow the steps below to trouble shoot the
issue:

#1:
-----------
Based on my research, this issue may occur due to firewalls or antivirus
software configured on the Exchange Server side, such as Symantec
Antivirus
Corporate Edition 9.x. Therefore, I would suggest that we temporarily
disable all third party firewall/antivirus and on Exchange and check
whether this issue disappears.

Also please look into the following article to get more information about
the issue:

SMTP mail cannot be sent or cannot be received in Exchange Server
http://support.microsoft.com/?id=895857

#2:
-----------
Check whether the external MX record/A record of your mail server is
configured on your external DNS.

1. In Exchange System Manager, open the property page of Default SMTP
Virtual Server.
2. Click on the Delivery tab, and click on Advanced button
3. Click on the Configure button next to "Configure external DNS Servers"
4. If there are External servers listed in this dialog box remove them.
5. Restart the Default SMTP Virtual Server

#3:
-----------
Have you enabled the Sender Filtering feature in Exchange server? If you
enabled the Sender Filtering feature on the Simple Mail Transfer Protocol
(SMTP) virtual server in Exchange Server 2003, some messages that are
sent
by users of Microsoft Office Outlook 2003 are not delivered by the
server.
And
error message is similar to the following error message:
4.4.7 Dropping connection due to an error on this server.

If it is the situation, you need apply a hotfix to resolve the issue.
Please check the following article to get detail information:

Some e-mail messages that are sent by Outlook 2003 users are not
delivered
after you enable the Sender Filtering feature in Exchange Server 2003,
and
message senders may receive a non-delivery report message
http://support.microsoft.com/?id=901160

#4:
-----------
What is the service packs level of the Exchange server and the SBS 2003?
If
you have applied the SBS 2003 SP1 to the server box, please try to apply
the hotfix 898060 to see if it helps.

More detail information addressed in the following KB article:
898060 Installing security update MS05-019 or Windows Server 2003 Service
Pack
http://support.microsoft.com/?id=898060

If the issue persists, please help me collect the following information
for
further analyze the issue:

1. How you configured the Exchange server send/receive emails? Using DNS
or
smarthost?

2. Does the issue still happen when you routed all SMTP Traffic through
our
ISP?

3. Please save some samples of the NDR messages as .msg files and send to
my working mailbox:v-yanniw@xxxxxxxxxxxxxx

4. You can mail me the SMTP log file to me for analyze.

Note: Please let me know the message sender address, recipient and the
time.

5. Please use the SMTPDiag tool to diagnose configuration and connection
issues involving SMTP and DNS. Please download the tool via the following
link:

Exchange Server SMTPDiag Tool

http://www.microsoft.com/downloads/details.aspx?familyid=bc1881c7-925d-4a29-
bd42-71e8563c80a9&displaylang=en

More information:
Delivery status notifications in Exchange Server and in Small Business
Server
http://support.microsoft.com/kb/284204

Hope above information helps. I am happy to be of assistance to you and
look forward to your reply.

Have a nice day!

Sincerely,

Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the
corresponding
newsgroups so that they can be resolved in an efficient and timely
manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check
the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In
doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.

--------------------
From: "N. Hughes" <quadrantcomputerNOSPAM@xxxxxxxxxxx>
References: <1152483295.745514.4700@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Exchange 2003 SBS #4.4.7 NDR TO OUR SERVER
Date: Mon, 10 Jul 2006 12:02:35 +1000
Lines: 42
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
X-RFC2646: Format=Flowed; Original
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
Message-ID: <#MkAhT8oGHA.4848@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.sbs
NNTP-Posting-Host: 218-214-129-136.people.net.au 218.214.129.136
Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP03.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:280144
X-Tomcat-NG: microsoft.public.windows.server.sbs

Any other messages error messages?

If you are using the DNS service to send your mail, you need to confirm
whether you have a "real" static IP or a "leased" static IP? The problem
is
becoming more widespread - lthe cheaper leased IPs are treated as
Dynamic
IPs and may be bounced by those email servers which perform reverse-DNS
lookups.

The only recourse is to get a "real" static IP, or use your ISP's mail
server for outbound forwarding.

Regards,
N. Hughes

<jaellman@xxxxxxxxx> wrote in message
news:1152483295.745514.4700@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I've got a situation where my client is telling me (and I've seen) a
few domains are unable to send email to us without getting 4.4.7
errors
returned to the sender. I've disabled all incoming mail filters (IMF)
on the exchange server, from the outside world from multiple IP
addresses I can telnet to 25 to the mail server as well as MANY MANY
MANY users are able to send mail to this exchange server, only a few
cannot.

I'm looking for some general guidance on where I can look from here to
figure this out.

I've done the following:
-Disabled SMTP filtering on Exchange
-Disabled SMTP FIltering on PIX
-Routed all SMTP Traffic through our ISP via Virtual Server (there is
no SMTP Connector)
-Checked SMTP logs and found NO CONNECTIONS from these domains
attempting to send mail to us
-Check DNSREPORT for any DNS errors on our DNS Server...

Anything else I can look for?!? Thanks!

~Jeff







.

Loading