Thanks, I'll try that.
Found an MS article about PIX as well-;en-us;Q320027&gssnb=1
Thanks again

On 10/13/05, Coleman, Hunter <[EMAIL PROTECTED]> wrote:
IIRC, you have a dedicated SMTP connector for or You can try going to the Advanced tab of this SMTP connector and checking the box to "Send HELO instead of EHLO," which should drop the extended verb attempts from your side.

From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom Kern
Sent: Wednesday, October 12, 2005 8:29 PM

Subject: Re: [ActiveDir] exchange confusion(OT)

no difference.
i get back all the esmtp verbs including the MS ones.
In a net trace all i see is "tcp retransmission" on port 25 to that server.
i'm sending them about 2,000 emails in my queue but i only see about 3 connections in the trace.
in the protocol log, i see my server give a xexch50, then their servr responds with a "need to auth first", then my server issues a bdat, then nothing-
no quit or rset or anything.
thanks alot
On 10/12/05, Coleman, Hunter <[EMAIL PROTECTED]> wrote:
Network trace is probably the way to go, but lacking that...if you telnet to port 25 on the remote corp's mail host, and issue an ehlo command, do you get back a list of supported verbs? What are they, or if not, what do you get back? Do that from your workstation and also from the Exchange server that's trying to deliver the mail to see if there are any differences or firewall restrictions.

From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom Kern
Sent: Wednesday, October 12, 2005 6:04 PM

Subject: Re: [ActiveDir] exchange confusion(OT)

its 2 seperate orgs.
that seems to be about 2 servers in the same org.
i think the issue rests with the xexch50 esmtp verb.
everytime my exchange server issues it, things just hang.
the remote corp is using a pix firewall with an smtp proxy but not Mailguard.
I know mailguard can cause issues.
do you know of any problems with some MS specific esmtp verbs like xexch50 and pix firewalls?
thanks alot

On 10/11/05, Al Mulnick <[EMAIL PROTECTED] > wrote:
But it's possible you have another issue going on.  Can you capture the trace via netmon? Do you have it available?
Ethereal is fine as well, but... Whichever you use, filter the conversation to those two servers so you can see everything going on.
Also, do you end up getting a NDR?  If so, what is it?
Unable to relay?  You didn't set up any recip policies with by any chance did you?
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom Kern
Sent: Tuesday, October 11, 2005 2:41 PM
Subject: Re: [ActiveDir] exchange confusion(OT)

Both servers are exchange 2k
The conversation goes something like this-
mail from:
rcpt to:
on my mailserver's side.
all these get 250  smtp response codes from the journal server.
then, my mail server tries to send a xexch50 which gets a "need to auth first" response from their server.
now i assume thats just normal exchange routing/mapi info stuff but they're not in the same ORG so thats a normal response.
then the last thing i see is a bdat from my server and thats all she wrote.
i never see a quit or the conversation end.
this is in the smtp protocol logs on my bridgehead server.
in ethereal i just get "tcp retransmission" everytime i see the ip of the journal server.
maybe this is the GRE tunnel and i should play with the PMTUD on the bridgehead?
The thing you say about contacts having an internal address is new to me. i've never worked at a company that gave their contacts internal proxy addys or ever seen it written that you should do that.
every place i've worked just used contacts as an object to represent external addys in the GAL.
isn't this their point?
why would you need an addy pointing back to you for an external contact?
i'm not disagreeing with you, mind you, i'd just like to know why and I know you know :)
also, can you elaborate as to the "weird results" from having a recipient pol point to a FQDN that indicates itself(not sure if thats the way they set it up).
thanks. sorry for all the questions(and OT as they are).

On 10/11/05, Al Mulnick <[EMAIL PROTECTED] > wrote:
One thing Exchange 2000x doesn't do well is deal with hosting a FQDN that indicates itself.  It causes weird results.  So if their internal server primary dns suffix is and they have a recip policy of then they'll have some strange results over time.
One thing you might want to look for is the verbs being passed back and forth between the servers.  If Exchange 2K3 and Exchange 2K are trading messages, they can talk ESMTP with Microsoft specific verbs assuming nothing is between the two. 
A network trace is the easiest way to troubleshoot this.  Look at the successful and failed conversations to see what's going on. At least it's recreatable.
Oh.  Your mail-enabled contact should have an internal address as well. It's a good idea to have it, vs. a requirement, but it's not really mail-enabled if it's just a Windows contact and doesn't have both an internal and an external address (primary of course).
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom Kern
Sent: Tuesday, October 11, 2005 11:30 AM
To: activedirectory
Subject: Re: [ActiveDir] exchange confusion(OT)

when i run ethereal on the bridgehead server, i see many tcp retransmissions to the journal server.
what could this signify?
is this an issue on my Exchange server's side?
thier exchange server?
my bandwidth?
their connection?
thanks again

On 10/11/05, Tom Kern <[EMAIL PROTECTED]> wrote:
ok. i think you guys are overcomplicating things-
i have one contact which like most contacts, is for an address external to my ORG.
this contact has 1 address which is also its primary address.
the address is external to my ORG. In other words, its a contact :)
the smtp address on the contact is [EMAIL PROTECTED].
i have journaling enabled on all my mailstores. the journal "mailbox" is this contact.
journal mail gets forwarded to this contact which is an address on a 3rd party journaling/archive soultion.
their mail infratstructure has nothing to do with me.
they just accept journaled email from us.
now, mail going(via journaling) to this contact gets routed out a dedicated smtp connector.
the address space on this connector is "*".
when mail going to the [EMAIL PROTECTED] gets routed to its smtp connector, the bridgehead server rewrites the RCPT TO: address as [EMAIL PROTECTED]
the archive/journal companie's mailserver only accepts mail for " " NOT " ", so i get "unable to relay" errors and my journal queue builds up.
when i change the coonector address space to "", some mail starts to flow but then it stops as well.
now my 2 questions are-
why does exchange rewrite the RCP TO: address?
why would mail stop flowing? am i sending too much mail to them(they run exchange 2k as well)?
how would i know?
how many connections can exchange accept at one time incoming?
Thanks for the list suggestions but i tried the Sunbelt one which is pretty bad. the noise to info ratio is insanely uneven.
i also tried the one at [EMAIL PROTECTED] which is pretty decent but i didn't get many responses.
that could be my fault and the way i worded my problem(most likely).
thanks for all your help and time spent on this already.

On 10/10/05, Derek Harris <[EMAIL PROTECTED] > wrote:

The Exchange discussion list here has some people who can probably tell you for sure:

Are the servers all in the same Exchange Org?  Where does the contact send the mail?  Your mailboxes & contacts shouldn't have their home server name in their domain string, unless you specifically set them up that way.

From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of joe
Sent: Monday, October 10, 2005 3:48 PM
Subject: RE: [ActiveDir] exchange confusion(OT)

I may regret asking this, but recall I don't know squat about Exchange message routing.
Why do you need a connector? If the name is resolvable from your server, it doesn't seem like it should need anything special to get to it.

From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom Kern
Sent: Monday, October 10, 2005 3:28 PM
To: activedirectory
Subject: [ActiveDir] exchange confusion(OT)

I have a contact with the addy of [EMAIL PROTECTED].
I created a smtp connector with an address space of *
when exchange 2k sends an email destined for [EMAIL PROTECTED] thru that smtp connector, it rewrites the addy in the RCPT TO: as [EMAIL PROTECTED], taking out the servename.
i see this in the smtp logs on the server and the remote server dosen't accept mail to that addy and is saying "relay not allowed".
Now, my question-
why is exchange rewriting the address just because i'm using a wildcard in the connector address space?
is this by design?
What if i wanted a connector going to every domain under like and ?
wouldn't i just create a connector with an address space of *
should exchange 2k just forward the email without changing the RCPT TO: headers?
am i wrong and clueless as usual?
what am i missing?
i'm running Exchange 2k post sp3 rollup in mixed mode(but no exchange 5.5 servers or ADC).
Thanks alot

Reply via email to