Re: [ActiveDir] exchange confusion(OT)
Thanks. I know there were issues with Cisco's Mailguard feature on a PIX but i can't seem to find any articles on their website. Thanks again On 10/13/05, Al Mulnick [EMAIL PROTECTED] wrote: Actually, there are some knownissues with pix and Exchange. You should check the cisco support and kb articles to see if yours is a match, although I would have thought your journaling company would have figured it out by now.Similar symptoms. The article I sent you had to do with the configuration and you'll possibly see issues regardless of the ORG you're in. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom Kern Sent: Wednesday, October 12, 2005 10:29 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange confusion(OT) no difference. i get back all the esmtp verbs including the MS ones. In a net trace all i see is tcp retransmission on port 25 to that server. i'm sending them about 2,000 emails in my queue but i only see about 3 connections in the trace. in the protocol log, i see my server give a xexch50, then their servr responds with a need to auth first, then my server issues a bdat, then nothing- no quit or rset or anything. thanks alot On 10/12/05, Coleman, Hunter [EMAIL PROTECTED] wrote: Network trace is probably the way to go, but lacking that...if you telnet to port 25 on the remote corp's mail host, and issue an ehlo command, do you get back a list of supported verbs? What are they, or if not, what do you get back? Do that from your workstation and also from the Exchange server that's trying to deliver the mail to see if there are any differences or firewall restrictions. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Wednesday, October 12, 2005 6:04 PM To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange confusion(OT) its 2 seperate orgs. that seems to be about 2 servers in the same org. i think the issue rests with the xexch50 esmtp verb. everytime my exchange server issues it, things just hang. the remote corp is using a pix firewall with an smtp proxy but not Mailguard. I know mailguard can cause issues. do you know of any problems with some MS specific esmtp verbs like xexch50 and pix firewalls? thanks alot On 10/11/05, Al Mulnick [EMAIL PROTECTED] wrote: This was what I was thinking of http://support.microsoft.com/default.aspx?scid=kb;EN-US;288175 But it's possible you have another issue going on. Can you capture the trace via netmon? Do you have it available? Ethereal is fine as well, but... Whichever you use, filter the conversation to those two servers so you can see everything going on. Also, do you end up getting a NDR? If so, what is it? Unable to relay? You didn't set up any recip policies with journaldomain.com by any chancedid you? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom KernSent: Tuesday, October 11, 2005 2:41 PMTo: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] exchange confusion(OT) Both servers are exchange 2k The conversation goes something like this- ehlo mail from: rcpt to: on my mailserver's side. all these get 250 smtp response codes from the journal server. then, my mail server tries to send a xexch50 which gets a need to auth first response from their server. now i assume thats just normal exchange routing/mapi info stuff but they're not in the same ORG so thats a normal response. then the last thing i see is a bdat from my server and thats all she wrote. i never see a quit or the conversation end. this is in the smtp protocol logs on my bridgehead server. in ethereal i just get tcp retransmission everytime i see the ip of the journal server. maybe this is the GRE tunnel and i should play with the PMTUD on the bridgehead? The thing you say about contacts having an internal address is new to me. i've never worked at a company that gave their contacts internal proxy addys or ever seen it written that you should do that. every place i've worked just used contacts as an object to represent external addys in the GAL. isn't this their point? why would you need an addy pointing back to you for an external contact? i'm not disagreeing with you, mind you, i'd just like to know why and I know you know :) also, can you elaborate as to the weird results from having a recipient pol point to a FQDN that indicates itself(not sure if thats the way they set it up). thanks. sorry for all the questions(and OT as they are). On 10/11/05, Al Mulnick [EMAIL PROTECTED] wrote: One thing Exchange 2000x doesn't do well is deal with hosting a FQDN that indicates itself. It causes weird results. So if their internal server primary dns suffix is journaldomain.com and they have a recip policy of servername.journaldomain.com then they'll have some strange results over time. One thing you might want to look for is the verbs being passed back and forth between the servers
RE: [ActiveDir] exchange confusion(OT)
IIRC, you have a dedicated SMTP connector for servername.journaldomain.com or journaldomain.com. You can try going to the Advanced tab of this SMTP connector and checking the box to "Send HELO instead of EHLO," which should drop the extended verb attempts from your side. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom KernSent: Wednesday, October 12, 2005 8:29 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange confusion(OT) no difference. i get back all the esmtp verbs including the MS ones. In a net trace all i see is "tcp retransmission" on port 25 to that server. i'm sending them about 2,000 emails in my queue but i only see about 3 connections in the trace. in the protocol log, i see my server give a xexch50, then their servr responds with a "need to auth first", then my server issues a bdat, then nothing- no quit or rset or anything. thanks alot On 10/12/05, Coleman, Hunter [EMAIL PROTECTED] wrote: Network trace is probably the way to go, but lacking that...if you telnet to port 25 on the remote corp's mail host, and issue an ehlo command, do you get back a list of supported verbs? What are they, or if not, what do you get back? Do that from your workstation and also from the Exchange server that's trying to deliver the mail to see if there are any differences or firewall restrictions. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Wednesday, October 12, 2005 6:04 PM To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange confusion(OT) its 2 seperate orgs. that seems to be about 2 servers in the same org. i think the issue rests with the xexch50 esmtp verb. everytime my exchange server issues it, things just hang. the remote corp is using a pix firewall with an smtp proxy but not Mailguard. I know mailguard can cause issues. do you know of any problems with some MS specific esmtp verbs like xexch50 and pix firewalls? thanks alot On 10/11/05, Al Mulnick [EMAIL PROTECTED] wrote: This was what I was thinking of http://support.microsoft.com/default.aspx?scid=kb;EN-US;288175 But it's possible you have another issue going on. Can you capture the trace via netmon? Do you have it available? Ethereal is fine as well, but... Whichever you use, filter the conversation to those two servers so you can see everything going on. Also, do you end up getting a NDR? If so, what is it? Unable to relay? You didn't set up any recip policies with journaldomain.com by any chancedid you? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom KernSent: Tuesday, October 11, 2005 2:41 PMTo: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] exchange confusion(OT) Both servers are exchange 2k The conversation goes something like this- ehlo mail from: rcpt to: on my mailserver's side. all these get 250 smtp response codes from the journal server. then, my mail server tries to send a xexch50 which gets a "need to auth first" response from their server. now i assume thats just normal exchange routing/mapi info stuff but they're not in the same ORG so thats a normal response. then the last thing i see is a bdat from my server and thats all she wrote. i never see a quit or the conversation end. this is in the smtp protocol logs on my bridgehead server. in ethereal i just get "tcp retransmission" everytime i see the ip of the journal server. maybe this is the GRE tunnel and i should play with the PMTUD on the bridgehead? The thing you say about contacts having an internal address is new to me. i've never worked at a company that gave their contacts internal proxy addys or ever seen it written that you should do that. every place i've worked just used contacts as an object to represent external addys in the GAL. isn't this their point? why would you need an addy pointing back to you for an external contact? i'm not disagreeing with you, mind you, i'd just like to know why and I know you know :) also, can you elaborate as to the "weird results" from having a recipient pol point to a FQDN that indicates itself(not sure if thats the way they set it up). thanks. sorry for all the questions(and OT as they are). On 10/11/05, Al Mulnick [EMAIL PROTECTED] wrote: One thing Exchange 2000x doesn't do well is deal with hosting a FQDN that indicates
Re: [ActiveDir] exchange confusion(OT)
Try searching for the SMTP fixup http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_security_notice09186a0080265e37.html On 10/13/05, Tom Kern [EMAIL PROTECTED] wrote: Thanks. I know there were issues with Cisco's Mailguard feature on a PIX but i can't seem to find any articles on their website. Thanks again On 10/13/05, Al Mulnick [EMAIL PROTECTED] wrote: Actually, there are some knownissues with pix and Exchange. You should check the cisco support and kb articles to see if yours is a match, although I would have thought your journaling company would have figured it out by now.Similar symptoms. The article I sent you had to do with the configuration and you'll possibly see issues regardless of the ORG you're in. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom Kern Sent: Wednesday, October 12, 2005 10:29 PMTo: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] exchange confusion(OT) no difference. i get back all the esmtp verbs including the MS ones. In a net trace all i see is tcp retransmission on port 25 to that server. i'm sending them about 2,000 emails in my queue but i only see about 3 connections in the trace. in the protocol log, i see my server give a xexch50, then their servr responds with a need to auth first, then my server issues a bdat, then nothing- no quit or rset or anything. thanks alot On 10/12/05, Coleman, Hunter [EMAIL PROTECTED] wrote: Network trace is probably the way to go, but lacking that...if you telnet to port 25 on the remote corp's mail host, and issue an ehlo command, do you get back a list of supported verbs? What are they, or if not, what do you get back? Do that from your workstation and also from the Exchange server that's trying to deliver the mail to see if there are any differences or firewall restrictions. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Wednesday, October 12, 2005 6:04 PM To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange confusion(OT) its 2 seperate orgs. that seems to be about 2 servers in the same org. i think the issue rests with the xexch50 esmtp verb. everytime my exchange server issues it, things just hang. the remote corp is using a pix firewall with an smtp proxy but not Mailguard. I know mailguard can cause issues. do you know of any problems with some MS specific esmtp verbs like xexch50 and pix firewalls? thanks alot On 10/11/05, Al Mulnick [EMAIL PROTECTED] wrote: This was what I was thinking of http://support.microsoft.com/default.aspx?scid=kb;EN-US;288175 But it's possible you have another issue going on. Can you capture the trace via netmon? Do you have it available? Ethereal is fine as well, but... Whichever you use, filter the conversation to those two servers so you can see everything going on. Also, do you end up getting a NDR? If so, what is it? Unable to relay? You didn't set up any recip policies with journaldomain.com by any chancedid you? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom KernSent: Tuesday, October 11, 2005 2:41 PMTo: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] exchange confusion(OT) Both servers are exchange 2k The conversation goes something like this- ehlo mail from: rcpt to: on my mailserver's side. all these get 250 smtp response codes from the journal server. then, my mail server tries to send a xexch50 which gets a need to auth first response from their server. now i assume thats just normal exchange routing/mapi info stuff but they're not in the same ORG so thats a normal response. then the last thing i see is a bdat from my server and thats all she wrote. i never see a quit or the conversation end. this is in the smtp protocol logs on my bridgehead server. in ethereal i just get tcp retransmission everytime i see the ip of the journal server. maybe this is the GRE tunnel and i should play with the PMTUD on the bridgehead? The thing you say about contacts having an internal address is new to me. i've never worked at a company that gave their contacts internal proxy addys or ever seen it written that you should do that. every place i've worked just used contacts as an object to represent external addys in the GAL. isn't this their point? why would you need an addy pointing back to you for an external contact? i'm not disagreeing with you, mind you, i'd just like to know why and I know you know :) also, can you elaborate as to the weird results from having a recipient pol point to a FQDN that indicates itself(not sure if thats the way they set it up). thanks. sorry for all the questions(and OT as they are). On 10/11/05, Al Mulnick [EMAIL PROTECTED] wrote: One thing Exchange 2000x doesn't do well is deal with hosting a FQDN that indicates itself. It causes weird results. So if their internal server primary dns suffix is journaldomain.com and they have a recip
Re: [ActiveDir] exchange confusion(OT)
Thanks, I'll try that. Found an MS article about PIX as well- http://support.microsoft.com/default.aspx?scid=kb;en-us;Q320027gssnb=1 Thanks again On 10/13/05, Coleman, Hunter [EMAIL PROTECTED] wrote: IIRC, you have a dedicated SMTP connector for servername.journaldomain.com or journaldomain.com. You can try going to the Advanced tab of this SMTP connector and checking the box to Send HELO instead of EHLO, which should drop the extended verb attempts from your side. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Wednesday, October 12, 2005 8:29 PM To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange confusion(OT) no difference. i get back all the esmtp verbs including the MS ones. In a net trace all i see is tcp retransmission on port 25 to that server. i'm sending them about 2,000 emails in my queue but i only see about 3 connections in the trace. in the protocol log, i see my server give a xexch50, then their servr responds with a need to auth first, then my server issues a bdat, then nothing- no quit or rset or anything. thanks alot On 10/12/05, Coleman, Hunter [EMAIL PROTECTED] wrote: Network trace is probably the way to go, but lacking that...if you telnet to port 25 on the remote corp's mail host, and issue an ehlo command, do you get back a list of supported verbs? What are they, or if not, what do you get back? Do that from your workstation and also from the Exchange server that's trying to deliver the mail to see if there are any differences or firewall restrictions. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Wednesday, October 12, 2005 6:04 PM To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange confusion(OT) its 2 seperate orgs. that seems to be about 2 servers in the same org. i think the issue rests with the xexch50 esmtp verb. everytime my exchange server issues it, things just hang. the remote corp is using a pix firewall with an smtp proxy but not Mailguard. I know mailguard can cause issues. do you know of any problems with some MS specific esmtp verbs like xexch50 and pix firewalls? thanks alot On 10/11/05, Al Mulnick [EMAIL PROTECTED] wrote: This was what I was thinking of http://support.microsoft.com/default.aspx?scid=kb;EN-US;288175 But it's possible you have another issue going on. Can you capture the trace via netmon? Do you have it available? Ethereal is fine as well, but... Whichever you use, filter the conversation to those two servers so you can see everything going on. Also, do you end up getting a NDR? If so, what is it? Unable to relay? You didn't set up any recip policies with journaldomain.com by any chancedid you? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom KernSent: Tuesday, October 11, 2005 2:41 PMTo: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] exchange confusion(OT) Both servers are exchange 2k The conversation goes something like this- ehlo mail from: rcpt to: on my mailserver's side. all these get 250 smtp response codes from the journal server. then, my mail server tries to send a xexch50 which gets a need to auth first response from their server. now i assume thats just normal exchange routing/mapi info stuff but they're not in the same ORG so thats a normal response. then the last thing i see is a bdat from my server and thats all she wrote. i never see a quit or the conversation end. this is in the smtp protocol logs on my bridgehead server. in ethereal i just get tcp retransmission everytime i see the ip of the journal server. maybe this is the GRE tunnel and i should play with the PMTUD on the bridgehead? The thing you say about contacts having an internal address is new to me. i've never worked at a company that gave their contacts internal proxy addys or ever seen it written that you should do that. every place i've worked just used contacts as an object to represent external addys in the GAL. isn't this their point? why would you need an addy pointing back to you for an external contact? i'm not disagreeing with you, mind you, i'd just like to know why and I know you know :) also, can you elaborate as to the weird results from having a recipient pol point to a FQDN that indicates itself(not sure if thats the way they set it up). thanks. sorry for all the questions(and OT as they are). On 10/11/05, Al Mulnick [EMAIL PROTECTED] wrote: One thing Exchange 2000x doesn't do well is deal with hosting a FQDN that indicates itself. It causes weird results. So if their internal server primary dns suffix is journaldomain.com and they have a recip policy of servername.journaldomain.com then they'll have some strange results over time. One thing you might want to look for is the verbs being passed back and forth between the servers. If Exchange 2K3 and Exchange 2K are trading messages, they can talk ESMTP with Microsoft specific verbs assuming
Re: [ActiveDir] exchange confusion(OT)
thanks. i don't think they are running mailguard as when i telnet to the server and issue a ehlo, i get all the esmtp verbs including the MS ones. when i try to issue an xexch50, the server replies with a need to authenticate first. after which i can still happily issue a data or bdat still in my sniffer, all i get is tcp retransmission. In the smtp logs on my bridgehead, i just get a bdat issued by my server and then nothing- no quit or rset. in ESM, my queue to the journal server is backed up and says connection dropped by remote host. eventualy the mail in this queue gets put into the messages with unreachable destination queue. strange.. On 10/13/05, Candee Vaglica [EMAIL PROTECTED] wrote: Try searching for the SMTP fixup http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_security_notice09186a0080265e37.html On 10/13/05, Tom Kern [EMAIL PROTECTED] wrote: Thanks. I know there were issues with Cisco's Mailguard feature on a PIX but i can't seem to find any articles on their website. Thanks again On 10/13/05, Al Mulnick [EMAIL PROTECTED] wrote: Actually, there are some knownissues with pix and Exchange. You should check the cisco support and kb articles to see if yours is a match, although I would have thought your journaling company would have figured it out by now.Similar symptoms. The article I sent you had to do with the configuration and you'll possibly see issues regardless of the ORG you're in. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom Kern Sent: Wednesday, October 12, 2005 10:29 PMTo: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] exchange confusion(OT) no difference. i get back all the esmtp verbs including the MS ones. In a net trace all i see is tcp retransmission on port 25 to that server. i'm sending them about 2,000 emails in my queue but i only see about 3 connections in the trace. in the protocol log, i see my server give a xexch50, then their servr responds with a need to auth first, then my server issues a bdat, then nothing- no quit or rset or anything. thanks alot On 10/12/05, Coleman, Hunter [EMAIL PROTECTED] wrote: Network trace is probably the way to go, but lacking that...if you telnet to port 25 on the remote corp's mail host, and issue an ehlo command, do you get back a list of supported verbs? What are they, or if not, what do you get back? Do that from your workstation and also from the Exchange server that's trying to deliver the mail to see if there are any differences or firewall restrictions. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Wednesday, October 12, 2005 6:04 PM To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange confusion(OT) its 2 seperate orgs. that seems to be about 2 servers in the same org. i think the issue rests with the xexch50 esmtp verb. everytime my exchange server issues it, things just hang. the remote corp is using a pix firewall with an smtp proxy but not Mailguard. I know mailguard can cause issues. do you know of any problems with some MS specific esmtp verbs like xexch50 and pix firewalls? thanks alot On 10/11/05, Al Mulnick [EMAIL PROTECTED] wrote: This was what I was thinking of http://support.microsoft.com/default.aspx?scid=kb;EN-US;288175 But it's possible you have another issue going on. Can you capture the trace via netmon? Do you have it available? Ethereal is fine as well, but... Whichever you use, filter the conversation to those two servers so you can see everything going on. Also, do you end up getting a NDR? If so, what is it? Unable to relay? You didn't set up any recip policies with journaldomain.com by any chancedid you? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom KernSent: Tuesday, October 11, 2005 2:41 PMTo: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] exchange confusion(OT) Both servers are exchange 2k The conversation goes something like this- ehlo mail from: rcpt to: on my mailserver's side. all these get 250 smtp response codes from the journal server. then, my mail server tries to send a xexch50 which gets a need to auth first response from their server. now i assume thats just normal exchange routing/mapi info stuff but they're not in the same ORG so thats a normal response. then the last thing i see is a bdat from my server and thats all she wrote. i never see a quit or the conversation end. this is in the smtp protocol logs on my bridgehead server. in ethereal i just get tcp retransmission everytime i see the ip of the journal server. maybe this is the GRE tunnel and i should play with the PMTUD on the bridgehead? The thing you say about contacts having an internal address is new to me. i've never worked at a company that gave their contacts internal proxy addys or ever seen it written that you should do that. every place i've worked just used contacts
RE: [ActiveDir] exchange confusion(OT)
Honestly, that looks like a mismatched MTU to me. It's
worth checking.
If you turn off EHLO, as someone else suggested, that
should limit the maximum size of the TCP packet rather
dramatically...
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom
KernSent: Thursday, October 13, 2005 10:29 AMTo:
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange
confusion(OT)
thanks.
i don't think they are running mailguard as when i telnet to the server and
issue a ehlo, i get all the esmtp verbs including the MS ones.
when i try to issue an "xexch50", the server replies with a "need to
authenticate first".
after which i can still happily issue a data or bdat
still in my sniffer, all i get is "tcp retransmission".
In the smtp logs on my bridgehead, i just get a bdat issued by my server
and then nothing- no quit or rset.
in ESM, my queue to the journal server is backed up and says "connection
dropped by remote host".
eventualy the mail in this queue gets put into the "messages with
unreachable destination" queue.
strange..
On 10/13/05, Candee
Vaglica [EMAIL PROTECTED]
wrote:
Try searching for the SMTP fixup http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_security_notice09186a0080265e37.html
On 10/13/05, Tom
Kern [EMAIL PROTECTED] wrote:
Thanks.
I know there were issues with Cisco's Mailguard feature on a PIX but i
can't seem to find any articles on their website.
Thanks again
On 10/13/05, Al
Mulnick [EMAIL PROTECTED]
wrote:
Actually, there are some
knownissues with pix and Exchange. You should check the cisco
support and kb articles to see if yours is a match, although I would have
thought your journaling company would have figured it out by
now.Similar symptoms.
The article I sent you
had to do with the configuration and you'll possibly see issues regardless
of the ORG you're in.
-Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Tom Kern
Sent: Wednesday, October 12, 2005 10:29
PMTo: ActiveDir@mail.activedir.org Subject: Re:
[ActiveDir] exchange confusion(OT)
no difference.
i get back all the esmtp verbs including the MS ones.
In a net trace all i see is "tcp retransmission" on port 25 to that
server.
i'm sending them about 2,000 emails in my queue but i only see
about 3 connections in the trace.
in the protocol log, i see my server give a xexch50, then their
servr responds with a "need to auth first", then my server issues a
bdat, then nothing-
no quit or rset or anything.
thanks alot
On 10/12/05, Coleman, Hunter [EMAIL PROTECTED]
wrote:
Network trace is probably the way to go, but lacking that...if
you telnet to port 25 on the remote corp's mail host, and issue an
ehlo command, do you get back a list of supported verbs? What are
they, or if not, what do you get back? Do that from your workstation
and also from the Exchange server that's trying to deliver the mail to
see if there are any differences or firewall restrictions.
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of
Tom KernSent: Wednesday, October 12, 2005 6:04
PM
To: ActiveDir@mail.activedir.orgSubject: Re:
[ActiveDir] exchange confusion(OT)
its 2 seperate orgs.
that seems to be about 2 servers in the same org.
i think the issue rests with the xexch50 esmtp verb.
everytime my exchange server issues it, things just hang.
the remote corp is using a pix firewall with an smtp proxy but
not Mailguard.
I know mailguard can cause issues.
do you know of any problems with some MS specific esmtp verbs
like xexch50 and pix firewalls?
thanks alot
On 10/11/05, Al
Mulnick [EMAIL PROTECTED]
wrote:
This was what I was
thinking of http://support.microsoft.com/default.aspx?scid=kb;EN-US;288175
But it's possible
you have another issue going on. Can you capture the trace via
netmon? Do you have it available?
Ethereal is fine as
well, but... Whichever you use, filter the conversation to those two
servers so you can see everything going on.
Also, do you end up
Re: [ActiveDir] exchange confusion(OT)
mismatched on my side or theirs? I was wrong, its an IPsec tunnel NOT a gre tunnel. The mtu size on my side is the default for a cisco 2600 router(i think thats the setting of the media being used in the router- etherenet=1500,etc). Thanks On 10/13/05, Michael B. Smith [EMAIL PROTECTED] wrote: Honestly, that looks like a mismatched MTU to me. It's worth checking. If you turn off EHLO, as someone else suggested, that should limit the maximum size of the TCP packet rather dramatically... From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Thursday, October 13, 2005 10:29 AM To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange confusion(OT) thanks. i don't think they are running mailguard as when i telnet to the server and issue a ehlo, i get all the esmtp verbs including the MS ones. when i try to issue an xexch50, the server replies with a need to authenticate first. after which i can still happily issue a data or bdat still in my sniffer, all i get is tcp retransmission. In the smtp logs on my bridgehead, i just get a bdat issued by my server and then nothing- no quit or rset. in ESM, my queue to the journal server is backed up and says connection dropped by remote host. eventualy the mail in this queue gets put into the messages with unreachable destination queue. strange.. On 10/13/05, Candee Vaglica [EMAIL PROTECTED] wrote: Try searching for the SMTP fixup http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_security_notice09186a0080265e37.html On 10/13/05, Tom Kern [EMAIL PROTECTED] wrote: Thanks. I know there were issues with Cisco's Mailguard feature on a PIX but i can't seem to find any articles on their website. Thanks again On 10/13/05, Al Mulnick [EMAIL PROTECTED] wrote: Actually, there are some knownissues with pix and Exchange. You should check the cisco support and kb articles to see if yours is a match, although I would have thought your journaling company would have figured it out by now.Similar symptoms. The article I sent you had to do with the configuration and you'll possibly see issues regardless of the ORG you're in. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom Kern Sent: Wednesday, October 12, 2005 10:29 PMTo: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] exchange confusion(OT) no difference. i get back all the esmtp verbs including the MS ones. In a net trace all i see is tcp retransmission on port 25 to that server. i'm sending them about 2,000 emails in my queue but i only see about 3 connections in the trace. in the protocol log, i see my server give a xexch50, then their servr responds with a need to auth first, then my server issues a bdat, then nothing- no quit or rset or anything. thanks alot On 10/12/05, Coleman, Hunter [EMAIL PROTECTED] wrote: Network trace is probably the way to go, but lacking that...if you telnet to port 25 on the remote corp's mail host, and issue an ehlo command, do you get back a list of supported verbs? What are they, or if not, what do you get back? Do that from your workstation and also from the Exchange server that's trying to deliver the mail to see if there are any differences or firewall restrictions. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Wednesday, October 12, 2005 6:04 PM To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange confusion(OT) its 2 seperate orgs. that seems to be about 2 servers in the same org. i think the issue rests with the xexch50 esmtp verb. everytime my exchange server issues it, things just hang. the remote corp is using a pix firewall with an smtp proxy but not Mailguard. I know mailguard can cause issues. do you know of any problems with some MS specific esmtp verbs like xexch50 and pix firewalls? thanks alot On 10/11/05, Al Mulnick [EMAIL PROTECTED] wrote: This was what I was thinking of http://support.microsoft.com/default.aspx?scid=kb;EN-US;288175 But it's possible you have another issue going on. Can you capture the trace via netmon? Do you have it available? Ethereal is fine as well, but... Whichever you use, filter the conversation to those two servers so you can see everything going on. Also, do you end up getting a NDR? If so, what is it? Unable to relay? You didn't set up any recip policies with journaldomain.com by any chancedid you? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom KernSent: Tuesday, October 11, 2005 2:41 PMTo: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] exchange confusion(OT) Both servers are exchange 2k The conversation goes something like this- ehlo mail from: rcpt to: on my mailserver's side. all these get 250 smtp response codes from the journal server. then, my mail server tries to send a xexch50 which gets a need to auth first response from their server. now i assume thats
Re: [ActiveDir] exchange confusion(OT)
I disabled ehlo on the smtp connector and i still get a full unreachable queue- connection was dropped by remote host In ethereal, i get tcp retransmission and tcp zero window during the conversation between my mail server and theirs. does this point to the IPsec tunnel and mtu? My side? Their side? Thanks alot. On 10/13/05, Tom Kern [EMAIL PROTECTED] wrote: mismatched on my side or theirs? I was wrong, its an IPsec tunnel NOT a gre tunnel. The mtu size on my side is the default for a cisco 2600 router(i think thats the setting of the media being used in the router- etherenet=1500,etc). Thanks On 10/13/05, Michael B. Smith [EMAIL PROTECTED] wrote: Honestly, that looks like a mismatched MTU to me. It's worth checking. If you turn off EHLO, as someone else suggested, that should limit the maximum size of the TCP packet rather dramatically... From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Thursday, October 13, 2005 10:29 AM To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange confusion(OT) thanks. i don't think they are running mailguard as when i telnet to the server and issue a ehlo, i get all the esmtp verbs including the MS ones. when i try to issue an xexch50, the server replies with a need to authenticate first. after which i can still happily issue a data or bdat still in my sniffer, all i get is tcp retransmission. In the smtp logs on my bridgehead, i just get a bdat issued by my server and then nothing- no quit or rset. in ESM, my queue to the journal server is backed up and says connection dropped by remote host. eventualy the mail in this queue gets put into the messages with unreachable destination queue. strange.. On 10/13/05, Candee Vaglica [EMAIL PROTECTED] wrote: Try searching for the SMTP fixup http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_security_notice09186a0080265e37.html On 10/13/05, Tom Kern [EMAIL PROTECTED] wrote: Thanks. I know there were issues with Cisco's Mailguard feature on a PIX but i can't seem to find any articles on their website. Thanks again On 10/13/05, Al Mulnick [EMAIL PROTECTED] wrote: Actually, there are some knownissues with pix and Exchange. You should check the cisco support and kb articles to see if yours is a match, although I would have thought your journaling company would have figured it out by now.Similar symptoms. The article I sent you had to do with the configuration and you'll possibly see issues regardless of the ORG you're in. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom Kern Sent: Wednesday, October 12, 2005 10:29 PMTo: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] exchange confusion(OT) no difference. i get back all the esmtp verbs including the MS ones. In a net trace all i see is tcp retransmission on port 25 to that server. i'm sending them about 2,000 emails in my queue but i only see about 3 connections in the trace. in the protocol log, i see my server give a xexch50, then their servr responds with a need to auth first, then my server issues a bdat, then nothing- no quit or rset or anything. thanks alot On 10/12/05, Coleman, Hunter [EMAIL PROTECTED] wrote: Network trace is probably the way to go, but lacking that...if you telnet to port 25 on the remote corp's mail host, and issue an ehlo command, do you get back a list of supported verbs? What are they, or if not, what do you get back? Do that from your workstation and also from the Exchange server that's trying to deliver the mail to see if there are any differences or firewall restrictions. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Wednesday, October 12, 2005 6:04 PM To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange confusion(OT) its 2 seperate orgs. that seems to be about 2 servers in the same org. i think the issue rests with the xexch50 esmtp verb. everytime my exchange server issues it, things just hang. the remote corp is using a pix firewall with an smtp proxy but not Mailguard. I know mailguard can cause issues. do you know of any problems with some MS specific esmtp verbs like xexch50 and pix firewalls? thanks alot On 10/11/05, Al Mulnick [EMAIL PROTECTED] wrote: This was what I was thinking of http://support.microsoft.com/default.aspx?scid=kb;EN-US;288175 But it's possible you have another issue going on. Can you capture the trace via netmon? Do you have it available? Ethereal is fine as well, but... Whichever you use, filter the conversation to those two servers so you can see everything going on. Also, do you end up getting a NDR? If so, what is it? Unable to relay? You didn't set up any recip policies with journaldomain.com by any chancedid you? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom KernSent: Tuesday, October 11, 2005 2:41 PMTo: ActiveDir
RE: [ActiveDir] exchange confusion(OT)
can you send a manual message?
something really doesn't make sense
here.
i'm not acisco/ipsec/vpn expert. it's a common issue
to see mismatched mtu's, with "large" packets, causing packet drops. mtu can be
set on either side.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom
KernSent: Thursday, October 13, 2005 12:03 PMTo:
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange
confusion(OT)
I disabled ehlo on the smtp connector and i still get a full unreachable
queue- "connection was dropped by remote host"
In ethereal, i get "tcp retransmission" and "tcp zero window" during the
conversation between my mail server and theirs.
does this point to the IPsec tunnel and mtu?
My side?
Their side?
Thanks alot.
On 10/13/05, Tom Kern
[EMAIL PROTECTED] wrote:
mismatched on my side or theirs?
I was wrong, its an IPsec tunnel NOT a gre tunnel.
The mtu size on my side is the default for a cisco 2600 router(i think
thats the setting of the media being used in the router-
etherenet=1500,etc).
Thanks
On 10/13/05, Michael B.
Smith [EMAIL PROTECTED]
wrote:
Honestly, that looks like a mismatched MTU to me. It's worth
checking.
If you
turn off EHLO, as someone else suggested, that should limit the maximum size
of the TCP packet rather dramatically...
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of
Tom KernSent: Thursday, October 13, 2005 10:29 AM
To: ActiveDir@mail.activedir.orgSubject: Re:
[ActiveDir] exchange confusion(OT)
thanks.
i don't think they are running mailguard as when i telnet to the server
and issue a ehlo, i get all the esmtp verbs including the MS ones.
when i try to issue an "xexch50", the server replies with a "need to
authenticate first".
after which i can still happily issue a data or bdat
still in my sniffer, all i get is "tcp retransmission".
In the smtp logs on my bridgehead, i just get a bdat issued by my
server and then nothing- no quit or rset.
in ESM, my queue to the journal server is backed up and says
"connection dropped by remote host".
eventualy the mail in this queue gets put into the "messages with
unreachable destination" queue.
strange..
On 10/13/05, Candee
Vaglica [EMAIL PROTECTED]
wrote:
Try searching for the SMTP fixup http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_security_notice09186a0080265e37.html
On 10/13/05, Tom
Kern [EMAIL PROTECTED]
wrote:
Thanks.
I know there were issues with Cisco's Mailguard feature on a PIX
but i can't seem to find any articles on their website.
Thanks again
On 10/13/05, Al
Mulnick [EMAIL PROTECTED]
wrote:
Actually, there are
some knownissues with pix and Exchange. You should check
the cisco support and kb articles to see if yours is a match, although
I would have thought your journaling company would have figured it out
by now.Similar symptoms.
The article I sent
you had to do with the configuration and you'll possibly see issues
regardless of the ORG you're in.
-Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
Of Tom Kern
Sent: Wednesday, October 12, 2005 10:29
PMTo: ActiveDir@mail.activedir.org Subject:
Re: [ActiveDir] exchange
confusion(OT)
no difference.
i get back all the esmtp verbs including the MS ones.
In a net trace all i see is "tcp retransmission" on port 25 to
that server.
i'm sending them about 2,000 emails in my queue but i only see
about 3 connections in the trace.
in the protocol log, i see my server give a xexch50, then their
servr responds with a "need to auth first", then my server issues a
bdat, then nothing-
no quit or rset or anything.
thanks alot
On 10/12/05, Coleman, Hunter [EMAIL PROTECTED]
wrote:
Network trace is probably the way to go, but lacking
that...if you telnet to port 25 on the remote corp's mail host,
and issue an ehlo command, do you get back a list of supported
verbs? What are they, or if not, what do you get back? Do that
from your workstation and also from the Exchange server t
RE: [ActiveDir] exchange confusion(OT)
What do the SMTP conversation and network traces look like
from their side?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom
KernSent: Thursday, October 13, 2005 10:03 AMTo:
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange
confusion(OT)
I disabled ehlo on the smtp connector and i still get a full unreachable
queue- "connection was dropped by remote host"
In ethereal, i get "tcp retransmission" and "tcp zero window" during the
conversation between my mail server and theirs.
does this point to the IPsec tunnel and mtu?
My side?
Their side?
Thanks alot.
On 10/13/05, Tom Kern
[EMAIL PROTECTED] wrote:
mismatched on my side or theirs?
I was wrong, its an IPsec tunnel NOT a gre tunnel.
The mtu size on my side is the default for a cisco 2600 router(i think
thats the setting of the media being used in the router-
etherenet=1500,etc).
Thanks
On 10/13/05, Michael B.
Smith [EMAIL PROTECTED]
wrote:
Honestly, that looks like a mismatched MTU to me. It's worth
checking.
If you
turn off EHLO, as someone else suggested, that should limit the maximum size
of the TCP packet rather dramatically...
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of
Tom KernSent: Thursday, October 13, 2005 10:29 AM
To: ActiveDir@mail.activedir.orgSubject: Re:
[ActiveDir] exchange confusion(OT)
thanks.
i don't think they are running mailguard as when i telnet to the server
and issue a ehlo, i get all the esmtp verbs including the MS ones.
when i try to issue an "xexch50", the server replies with a "need to
authenticate first".
after which i can still happily issue a data or bdat
still in my sniffer, all i get is "tcp retransmission".
In the smtp logs on my bridgehead, i just get a bdat issued by my
server and then nothing- no quit or rset.
in ESM, my queue to the journal server is backed up and says
"connection dropped by remote host".
eventualy the mail in this queue gets put into the "messages with
unreachable destination" queue.
strange..
On 10/13/05, Candee
Vaglica [EMAIL PROTECTED]
wrote:
Try searching for the SMTP fixup http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_security_notice09186a0080265e37.html
On 10/13/05, Tom
Kern [EMAIL PROTECTED]
wrote:
Thanks.
I know there were issues with Cisco's Mailguard feature on a PIX
but i can't seem to find any articles on their website.
Thanks again
On 10/13/05, Al
Mulnick [EMAIL PROTECTED]
wrote:
Actually, there are
some knownissues with pix and Exchange. You should check
the cisco support and kb articles to see if yours is a match, although
I would have thought your journaling company would have figured it out
by now.Similar symptoms.
The article I sent
you had to do with the configuration and you'll possibly see issues
regardless of the ORG you're in.
-Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf
Of Tom Kern
Sent: Wednesday, October 12, 2005 10:29
PMTo: ActiveDir@mail.activedir.org Subject:
Re: [ActiveDir] exchange
confusion(OT)
no difference.
i get back all the esmtp verbs including the MS ones.
In a net trace all i see is "tcp retransmission" on port 25 to
that server.
i'm sending them about 2,000 emails in my queue but i only see
about 3 connections in the trace.
in the protocol log, i see my server give a xexch50, then their
servr responds with a "need to auth first", then my server issues a
bdat, then nothing-
no quit or rset or anything.
thanks alot
On 10/12/05, Coleman, Hunter [EMAIL PROTECTED]
wrote:
Network trace is probably the way to go, but lacking
that...if you telnet to port 25 on the remote corp's mail host,
and issue an ehlo command, do you get back a list of supported
verbs? What are they, or if not, what do you get back? Do that
from your workstation and also from the Exchange server that's
trying to deliver the mail to see if there are any differences or
firewall restrictions.
Re: [ActiveDir] exchange confusion(OT)
its 2 seperate orgs. that seems to be about 2 servers in the same org. i think the issue rests with the xexch50 esmtp verb. everytime my exchange server issues it, things just hang. the remote corp is using a pix firewall with an smtp proxy but not Mailguard. I know mailguard can cause issues. do you know of any problems with some MS specific esmtp verbs like xexch50 and pix firewalls? thanks alot On 10/11/05, Al Mulnick [EMAIL PROTECTED] wrote: This was what I was thinking of http://support.microsoft.com/default.aspx?scid=kb;EN-US;288175 But it's possible you have another issue going on. Can you capture the trace via netmon? Do you have it available? Ethereal is fine as well, but... Whichever you use, filter the conversation to those two servers so you can see everything going on. Also, do you end up getting a NDR? If so, what is it? Unable to relay? You didn't set up any recip policies with journaldomain.com by any chancedid you? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom KernSent: Tuesday, October 11, 2005 2:41 PMTo: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] exchange confusion(OT) Both servers are exchange 2k The conversation goes something like this- ehlo mail from: rcpt to: on my mailserver's side. all these get 250 smtp response codes from the journal server. then, my mail server tries to send a xexch50 which gets a need to auth first response from their server. now i assume thats just normal exchange routing/mapi info stuff but they're not in the same ORG so thats a normal response. then the last thing i see is a bdat from my server and thats all she wrote. i never see a quit or the conversation end. this is in the smtp protocol logs on my bridgehead server. in ethereal i just get tcp retransmission everytime i see the ip of the journal server. maybe this is the GRE tunnel and i should play with the PMTUD on the bridgehead? The thing you say about contacts having an internal address is new to me. i've never worked at a company that gave their contacts internal proxy addys or ever seen it written that you should do that. every place i've worked just used contacts as an object to represent external addys in the GAL. isn't this their point? why would you need an addy pointing back to you for an external contact? i'm not disagreeing with you, mind you, i'd just like to know why and I know you know :) also, can you elaborate as to the weird results from having a recipient pol point to a FQDN that indicates itself(not sure if thats the way they set it up). thanks. sorry for all the questions(and OT as they are). On 10/11/05, Al Mulnick [EMAIL PROTECTED] wrote: One thing Exchange 2000x doesn't do well is deal with hosting a FQDN that indicates itself. It causes weird results. So if their internal server primary dns suffix is journaldomain.com and they have a recip policy of servername.journaldomain.com then they'll have some strange results over time. One thing you might want to look for is the verbs being passed back and forth between the servers. If Exchange 2K3 and Exchange 2K are trading messages, they can talk ESMTP with Microsoft specific verbs assuming nothing is between the two. A network trace is the easiest way to troubleshoot this. Look at the successful and failed conversations to see what's going on. At least it's recreatable. Oh. Your mail-enabled contact should have an internal address as well. It's a good idea to have it, vs. a requirement, but it's not really mail-enabled if it's just a Windows contact and doesn't have both an internal and an external address (primary of course). -ajm -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom KernSent: Tuesday, October 11, 2005 11:30 AMTo: activedirectorySubject: Re: [ActiveDir] exchange confusion(OT) when i run ethereal on the bridgehead server, i see many tcp retransmissions to the journal server. what could this signify? is this an issue on my Exchange server's side? thier exchange server? my bandwidth? their connection? thanks again On 10/11/05, Tom Kern [EMAIL PROTECTED] wrote: ok. i think you guys are overcomplicating things- i have one contact which like most contacts, is for an address external to my ORG. this contact has 1 address which is also its primary address. the address is external to my ORG. In other words, its a contact :) the smtp address on the contact is [EMAIL PROTECTED]. i have journaling enabled on all my mailstores. the journal mailbox is this contact. journal mail gets forwarded to this contact which is an address on a 3rd party journaling/archive soultion. their mail infratstructure has nothing to do with me. they just accept journaled email from us. now, mail going(via journaling) to this contact gets routed outa dedicated smtp connector. the address space on this connector is *.journaldomain.com. when mail going to the [EMAIL PROTECTED] gets
RE: [ActiveDir] exchange confusion(OT)
Network trace is probably the way to go, but lacking that...if you telnet to port 25 on the remote corp's mail host, and issue an ehlo command, do you get back a list of supported verbs? What are they, or if not, what do you get back? Do that from your workstation and also from the Exchange server that's trying to deliver the mail to see if there are any differences or firewall restrictions. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom KernSent: Wednesday, October 12, 2005 6:04 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange confusion(OT) its 2 seperate orgs. that seems to be about 2 servers in the same org. i think the issue rests with the xexch50 esmtp verb. everytime my exchange server issues it, things just hang. the remote corp is using a pix firewall with an smtp proxy but not Mailguard. I know mailguard can cause issues. do you know of any problems with some MS specific esmtp verbs like xexch50 and pix firewalls? thanks alot On 10/11/05, Al Mulnick [EMAIL PROTECTED] wrote: This was what I was thinking of http://support.microsoft.com/default.aspx?scid=kb;EN-US;288175 But it's possible you have another issue going on. Can you capture the trace via netmon? Do you have it available? Ethereal is fine as well, but... Whichever you use, filter the conversation to those two servers so you can see everything going on. Also, do you end up getting a NDR? If so, what is it? Unable to relay? You didn't set up any recip policies with journaldomain.com by any chancedid you? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom KernSent: Tuesday, October 11, 2005 2:41 PMTo: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] exchange confusion(OT) Both servers are exchange 2k The conversation goes something like this- ehlo mail from: rcpt to: on my mailserver's side. all these get 250 smtp response codes from the journal server. then, my mail server tries to send a xexch50 which gets a "need to auth first" response from their server. now i assume thats just normal exchange routing/mapi info stuff but they're not in the same ORG so thats a normal response. then the last thing i see is a bdat from my server and thats all she wrote. i never see a quit or the conversation end. this is in the smtp protocol logs on my bridgehead server. in ethereal i just get "tcp retransmission" everytime i see the ip of the journal server. maybe this is the GRE tunnel and i should play with the PMTUD on the bridgehead? The thing you say about contacts having an internal address is new to me. i've never worked at a company that gave their contacts internal proxy addys or ever seen it written that you should do that. every place i've worked just used contacts as an object to represent external addys in the GAL. isn't this their point? why would you need an addy pointing back to you for an external contact? i'm not disagreeing with you, mind you, i'd just like to know why and I know you know :) also, can you elaborate as to the "weird results" from having a recipient pol point to a FQDN that indicates itself(not sure if thats the way they set it up). thanks. sorry for all the questions(and OT as they are). On 10/11/05, Al Mulnick [EMAIL PROTECTED] wrote: One thing Exchange 2000x doesn't do well is deal with hosting a FQDN that indicates itself. It causes weird results. So if their internal server primary dns suffix is journaldomain.com and they have a recip policy of servername.journaldomain.com then they'll have some strange results over time. One thing you might want to look for is the verbs being passed back and forth between the servers. If Exchange 2K3 and Exchange 2K are trading messages, they can talk ESMTP with Microsoft specific verbs assuming nothing is between the two. A network trace is the easiest way to troubleshoot this. Look at the successful and failed conversations to see what's going on. At least it's recreatable. Oh. Your mail-enabled contact should have an internal address as well. It's a good idea to have it, vs. a requirement, but it's not really mail-enabled if it's just a Windows contact and doesn't have both an internal and an external address (primary of course). -ajm -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom KernSent: Tuesday, October 11, 2005 11:30 AMTo: activedirectorySu
Re: [ActiveDir] exchange confusion(OT)
no difference. i get back all the esmtp verbs including the MS ones. In a net trace all i see is tcp retransmission on port 25 to that server. i'm sending them about 2,000 emails in my queue but i only see about 3 connections in the trace. in the protocol log, i see my server give a xexch50, then their servr responds with a need to auth first, then my server issues a bdat, then nothing- no quit or rset or anything. thanks alot On 10/12/05, Coleman, Hunter [EMAIL PROTECTED] wrote: Network trace is probably the way to go, but lacking that...if you telnet to port 25 on the remote corp's mail host, and issue an ehlo command, do you get back a list of supported verbs? What are they, or if not, what do you get back? Do that from your workstation and also from the Exchange server that's trying to deliver the mail to see if there are any differences or firewall restrictions. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Wednesday, October 12, 2005 6:04 PM To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange confusion(OT) its 2 seperate orgs. that seems to be about 2 servers in the same org. i think the issue rests with the xexch50 esmtp verb. everytime my exchange server issues it, things just hang. the remote corp is using a pix firewall with an smtp proxy but not Mailguard. I know mailguard can cause issues. do you know of any problems with some MS specific esmtp verbs like xexch50 and pix firewalls? thanks alot On 10/11/05, Al Mulnick [EMAIL PROTECTED] wrote: This was what I was thinking of http://support.microsoft.com/default.aspx?scid=kb;EN-US;288175 But it's possible you have another issue going on. Can you capture the trace via netmon? Do you have it available? Ethereal is fine as well, but... Whichever you use, filter the conversation to those two servers so you can see everything going on. Also, do you end up getting a NDR? If so, what is it? Unable to relay? You didn't set up any recip policies with journaldomain.com by any chancedid you? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom KernSent: Tuesday, October 11, 2005 2:41 PMTo: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] exchange confusion(OT) Both servers are exchange 2k The conversation goes something like this- ehlo mail from: rcpt to: on my mailserver's side. all these get 250 smtp response codes from the journal server. then, my mail server tries to send a xexch50 which gets a need to auth first response from their server. now i assume thats just normal exchange routing/mapi info stuff but they're not in the same ORG so thats a normal response. then the last thing i see is a bdat from my server and thats all she wrote. i never see a quit or the conversation end. this is in the smtp protocol logs on my bridgehead server. in ethereal i just get tcp retransmission everytime i see the ip of the journal server. maybe this is the GRE tunnel and i should play with the PMTUD on the bridgehead? The thing you say about contacts having an internal address is new to me. i've never worked at a company that gave their contacts internal proxy addys or ever seen it written that you should do that. every place i've worked just used contacts as an object to represent external addys in the GAL. isn't this their point? why would you need an addy pointing back to you for an external contact? i'm not disagreeing with you, mind you, i'd just like to know why and I know you know :) also, can you elaborate as to the weird results from having a recipient pol point to a FQDN that indicates itself(not sure if thats the way they set it up). thanks. sorry for all the questions(and OT as they are). On 10/11/05, Al Mulnick [EMAIL PROTECTED] wrote: One thing Exchange 2000x doesn't do well is deal with hosting a FQDN that indicates itself. It causes weird results. So if their internal server primary dns suffix is journaldomain.com and they have a recip policy of servername.journaldomain.com then they'll have some strange results over time. One thing you might want to look for is the verbs being passed back and forth between the servers. If Exchange 2K3 and Exchange 2K are trading messages, they can talk ESMTP with Microsoft specific verbs assuming nothing is between the two. A network trace is the easiest way to troubleshoot this. Look at the successful and failed conversations to see what's going on. At least it's recreatable. Oh. Your mail-enabled contact should have an internal address as well. It's a good idea to have it, vs. a requirement, but it's not really mail-enabled if it's just a Windows contact and doesn't have both an internal and an external address (primary of course). -ajm -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom KernSent: Tuesday, October 11, 2005 11:30 AMTo: activedirectorySubject: Re: [ActiveDir] exchange confusion(OT) when i run
Re: [ActiveDir] exchange confusion(OT)
[EMAIL PROTECTED]. thats the one and only address.. On 10/10/05, Ed Crowley [MVP] [EMAIL PROTECTED] wrote: What are the entries under E-Mail Addresses for the contact? Which SMTP address is bolded? Ed Crowley MCSE+Internet MVPFreelance E-Mail PhilosopherProtecting the world from PSTs and Bricked Backups!™ From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Monday, October 10, 2005 5:10 PM To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange confusion(OT) ok, it goes like this- i work for a finanical corp so we have to stay in compliance. i have 2 smtp connectors- one goes to a compliance server, the other to an journal host. for the journal host, all my mail stores point to an external contact(1 smtp proxy addy) for journaling. this gets routed out a smtp connector going to the journal server. the addy on the contact is in the form of [EMAIL PROTECTED]. the address space for the smtp connector is *.journaldomain.com. when mail gets routed out the smtp connector, the RCPT TO: changes from [EMAIL PROTECTED] to [EMAIL PROTECTED] . i see this in the smtp protocol log on the virtual server of the bridgehead server(i have diag logging turned up to max but the app lof shows nothing). The journal server will not accept mail for that domain. mail stays in the queue on the bridgehead. here's where it gets weirder- when i change the smtp connector addy space to servername.journaldomain.com, mail starts flowing for awhile but then stops as well. in the log, i just see MAIL FROM: and RCPT TO:, but nothing else. these 2 things might be unrelated but i'd like to know why exchange rewrites the RCPT TO:. OR why mail is stuck in the queue in this situation. OR both would be cool too :) SO, Exchange 2k sp3 mixed mode no Exchange 5.5 servers. the contact has 1 smtp proxy addy- [EMAIL PROTECTED]. this is the primary and only smtp addy(1 x.400 addy, of course). curiously whoever set it up didn't uncheck the update this addy with recipeint policiy checkbox, but the smtp addy isn't overwritten by the RUS. it still has that addy and not our normal addy set by the RUS. so as you can see, there are alot of strange exchange things going on here. i'd like just an answer to any of these questions. thanks for putting up with me and my story(but i'm sticking to it). thanks On 10/10/05, Ed Crowley [MVP] [EMAIL PROTECTED] wrote: Is this address on a contact that has [EMAIL PROTECTED] as a reply address? Ed Crowley MCSE+Internet MVPFreelance E-Mail PhilosopherProtecting the world from PSTs and Bricked Backups!™ From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Monday, October 10, 2005 3:33 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange confusion(OT) thats because this addy has special needs. its a journal contact that needs to be routed out a dedicated connector to a journal server. i still don't understand why exchange rewrites the address to domain.com instead of servername.domain.com. thanks On 10/10/05, joe [EMAIL PROTECTED] wrote: I may regret asking this, but recall I don't know squat about Exchange message routing. Why do you need a connector? If the name is resolvable from your server, it doesn't seem like it should need anything special to get to it. joe From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Monday, October 10, 2005 3:28 PM To: activedirectorySubject: [ActiveDir] exchange confusion(OT) I have a contact with the addy of [EMAIL PROTECTED]. I created a smtp connector with an address space of *.domain.com. when exchange 2k sends an email destined for [EMAIL PROTECTED] thru that smtp connector, it rewrites the addy in the RCPT TO: as [EMAIL PROTECTED], taking out the servename. i see this in the smtp logs on the server and the remote server dosen't accept mail to that addy and is saying relay not allowed. Now, my question- why is exchange rewriting the address just because i'm using a wildcard in the connector address space? is this by design? What if i wanted a connector going to every domain under domain.com like subdomain.domain.com and childdomain.domain.com ? wouldn't i just create a connector with an address space of *.domain.com? should exchange 2k just forward the email without changing the RCPT TO: headers? am i wrong and clueless as usual? what am i missing? i'm running Exchange 2k post sp3 rollup in mixed mode(but no exchange 5.5 servers or ADC). Thanks alot
RE: [ActiveDir] exchange confusion(OT)
The Exchange discussion list here has some people who can probably tell you for sure: http://e-newsletters.internet.com/discussionlists.html Are the servers all in the same Exchange Org? Where does the contact send the mail? Your mailboxes contacts shouldn't have their home server name in their domain string, unless you specifically set them up that way. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joeSent: Monday, October 10, 2005 3:48 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] exchange confusion(OT) I may regret asking this, but recall I don't know squat about Exchange message routing. Why do you need a connector? If the name is resolvable from your server, it doesn't seem like it should need anything special to get to it. joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom KernSent: Monday, October 10, 2005 3:28 PMTo: activedirectorySubject: [ActiveDir] exchange confusion(OT) I have a contact with the addy of [EMAIL PROTECTED]. I created a smtp connector with an address space of *.domain.com. when exchange 2k sends an email destined for [EMAIL PROTECTED] thru that smtp connector, it rewrites the addy in the RCPT TO: as [EMAIL PROTECTED], taking out the servename. i see this in the smtp logs on the server and the remote server dosen't accept mail to that addy and is saying "relay not allowed". Now, my question- why is exchange rewriting the address just because i'm using a wildcard in the connector address space? is this by design? What if i wanted a connector going to every domain under domain.com like subdomain.domain.com and childdomain.domain.com ? wouldn't i just create a connector with an address space of *.domain.com? should exchange 2k just forward the email without changing the RCPT TO: headers? am i wrong and clueless as usual? what am i missing? i'm running Exchange 2k post sp3 rollup in mixed mode(but no exchange 5.5 servers or ADC). Thanks alot
Re: [ActiveDir] exchange confusion(OT)
ok. i think you guys are overcomplicating things- i have one contact which like most contacts, is for an address external to my ORG. this contact has 1 address which is also its primary address. the address is external to my ORG. In other words, its a contact :) the smtp address on the contact is [EMAIL PROTECTED]. i have journaling enabled on all my mailstores. the journal mailbox is this contact. journal mail gets forwarded to this contact which is an address on a 3rd party journaling/archive soultion. their mail infratstructure has nothing to do with me. they just accept journaled email from us. now, mail going(via journaling) to this contact gets routed outa dedicated smtp connector. the address space on this connector is *.journaldomain.com. when mail going to the [EMAIL PROTECTED] gets routed to its smtp connector, the bridgehead server rewrites the RCPT TO: address as [EMAIL PROTECTED] the archive/journal companie's mailserver only accepts mail for servername.journaldomain.com NOT Journaldomain.com , so i get unable to relay errors and my journal queue builds up. when i change the coonector address space to servername.journaldomain.com, some mail starts to flow but then it stops as well. now my 2 questions are- why does exchange rewrite the RCP TO: address? and why would mail stop flowing? am i sending too much mail to them(they run exchange 2k as well)? how would i know? how many connections can exchange accept at one time incoming? Thanks for the list suggestions but i tried the Sunbelt one which is pretty bad. the noise to info ratio is insanely uneven. i also tried the one at [EMAIL PROTECTED] which is pretty decent but i didn't get many responses. that could be my fault and the way i worded my problem(most likely). thanks for all your help and time spent on this already. On 10/10/05, Derek Harris [EMAIL PROTECTED] wrote: The Exchange discussion list here has some people who can probably tell you for sure: http://e-newsletters.internet.com/discussionlists.html Are the servers all in the same Exchange Org? Where does the contact send the mail? Your mailboxes contacts shouldn't have their home server name in their domain string, unless you specifically set them up that way. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of joeSent: Monday, October 10, 2005 3:48 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] exchange confusion(OT) I may regret asking this, but recall I don't know squat about Exchange message routing. Why do you need a connector? If the name is resolvable from your server, it doesn't seem like it should need anything special to get to it. joe From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Monday, October 10, 2005 3:28 PMTo: activedirectorySubject: [ActiveDir] exchange confusion(OT) I have a contact with the addy of [EMAIL PROTECTED]. I created a smtp connector with an address space of *.domain.com. when exchange 2k sends an email destined for [EMAIL PROTECTED] thru that smtp connector, it rewrites the addy in the RCPT TO: as [EMAIL PROTECTED], taking out the servename. i see this in the smtp logs on the server and the remote server dosen't accept mail to that addy and is saying relay not allowed. Now, my question- why is exchange rewriting the address just because i'm using a wildcard in the connector address space? is this by design? What if i wanted a connector going to every domain under domain.com like subdomain.domain.com and childdomain.domain.com ? wouldn't i just create a connector with an address space of *.domain.com? should exchange 2k just forward the email without changing the RCPT TO: headers? am i wrong and clueless as usual? what am i missing? i'm running Exchange 2k post sp3 rollup in mixed mode(but no exchange 5.5 servers or ADC). Thanks alot
Re: [ActiveDir] exchange confusion(OT)
when i run ethereal on the bridgehead server, i see many tcp retransmissions to the journal server. what could this signify? is this an issue on my Exchange server's side? thier exchange server? my bandwidth? their connection? thanks again On 10/11/05, Tom Kern [EMAIL PROTECTED] wrote: ok. i think you guys are overcomplicating things- i have one contact which like most contacts, is for an address external to my ORG. this contact has 1 address which is also its primary address. the address is external to my ORG. In other words, its a contact :) the smtp address on the contact is [EMAIL PROTECTED]. i have journaling enabled on all my mailstores. the journal mailbox is this contact. journal mail gets forwarded to this contact which is an address on a 3rd party journaling/archive soultion. their mail infratstructure has nothing to do with me. they just accept journaled email from us. now, mail going(via journaling) to this contact gets routed outa dedicated smtp connector. the address space on this connector is *.journaldomain.com. when mail going to the [EMAIL PROTECTED] gets routed to its smtp connector, the bridgehead server rewrites the RCPT TO: address as [EMAIL PROTECTED] the archive/journal companie's mailserver only accepts mail for servername.journaldomain.com NOT Journaldomain.com , so i get unable to relay errors and my journal queue builds up. when i change the coonector address space to servername.journaldomain.com, some mail starts to flow but then it stops as well. now my 2 questions are- why does exchange rewrite the RCP TO: address? and why would mail stop flowing? am i sending too much mail to them(they run exchange 2k as well)? how would i know? how many connections can exchange accept at one time incoming? Thanks for the list suggestions but i tried the Sunbelt one which is pretty bad. the noise to info ratio is insanely uneven. i also tried the one at [EMAIL PROTECTED] which is pretty decent but i didn't get many responses. that could be my fault and the way i worded my problem(most likely). thanks for all your help and time spent on this already. On 10/10/05, Derek Harris [EMAIL PROTECTED] wrote: The Exchange discussion list here has some people who can probably tell you for sure: http://e-newsletters.internet.com/discussionlists.html Are the servers all in the same Exchange Org? Where does the contact send the mail? Your mailboxes contacts shouldn't have their home server name in their domain string, unless you specifically set them up that way. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of joeSent: Monday, October 10, 2005 3:48 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] exchange confusion(OT) I may regret asking this, but recall I don't know squat about Exchange message routing. Why do you need a connector? If the name is resolvable from your server, it doesn't seem like it should need anything special to get to it. joe From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Monday, October 10, 2005 3:28 PMTo: activedirectorySubject: [ActiveDir] exchange confusion(OT) I have a contact with the addy of [EMAIL PROTECTED]. I created a smtp connector with an address space of *.domain.com. when exchange 2k sends an email destined for [EMAIL PROTECTED] thru that smtp connector, it rewrites the addy in the RCPT TO: as [EMAIL PROTECTED], taking out the servename. i see this in the smtp logs on the server and the remote server dosen't accept mail to that addy and is saying relay not allowed. Now, my question- why is exchange rewriting the address just because i'm using a wildcard in the connector address space? is this by design? What if i wanted a connector going to every domain under domain.com like subdomain.domain.com and childdomain.domain.com ? wouldn't i just create a connector with an address space of *.domain.com? should exchange 2k just forward the email without changing the RCPT TO: headers? am i wrong and clueless as usual? what am i missing? i'm running Exchange 2k post sp3 rollup in mixed mode(but no exchange 5.5 servers or ADC). Thanks alot
RE: [ActiveDir] exchange confusion(OT)
Title: Message One thing Exchange 2000x doesn't do well is deal with hosting a FQDN that indicates itself. It causes weird results. So if their internal server primary dns suffix is journaldomain.com and they have a recip policy of servername.journaldomain.com then they'll have some strange results over time. One thing you might want to look for is the verbs being passed back and forth between the servers. If Exchange 2K3 and Exchange 2K are trading messages, they can talk ESMTP with Microsoft specific verbs assuming nothing is between the two. A network trace is the easiest way to troubleshoot this. Look at the successful and failed conversations to see what's going on. At least it's recreatable. Oh. Your mail-enabled contact should have an internal address as well. It's a good idea to have it, vs. a requirement, but it's not really mail-enabled if it's just a Windows contact and doesn't have both an internal and an external address (primary of course). -ajm -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom KernSent: Tuesday, October 11, 2005 11:30 AMTo: activedirectorySubject: Re: [ActiveDir] exchange confusion(OT) when i run ethereal on the bridgehead server, i see many tcp retransmissions to the journal server. what could this signify? is this an issue on my Exchange server's side? thier exchange server? my bandwidth? their connection? thanks again On 10/11/05, Tom Kern [EMAIL PROTECTED] wrote: ok. i think you guys are overcomplicating things- i have one contact which like most contacts, is for an address external to my ORG. this contact has 1 address which is also its primary address. the address is external to my ORG. In other words, its a contact :) the smtp address on the contact is [EMAIL PROTECTED]. i have journaling enabled on all my mailstores. the journal "mailbox" is this contact. journal mail gets forwarded to this contact which is an address on a 3rd party journaling/archive soultion. their mail infratstructure has nothing to do with me. they just accept journaled email from us. now, mail going(via journaling) to this contact gets routed outa dedicated smtp connector. the address space on this connector is "*.journaldomain.com". when mail going to the [EMAIL PROTECTED] gets routed to its smtp connector, the bridgehead server rewrites the RCPT TO: address as [EMAIL PROTECTED] the archive/journal companie's mailserver only accepts mail for "servername.journaldomain.com " NOT "Journaldomain.com ", so i get "unable to relay" errors and my journal queue builds up. when i change the coonector address space to "servername.journaldomain.com", some mail starts to flow but then it stops as well. now my 2 questions are- why does exchange rewrite the RCP TO: address? and why would mail stop flowing? am i sending too much mail to them(they run exchange 2k as well)? how would i know? how many connections can exchange accept at one time incoming? Thanks for the list suggestions but i tried the Sunbelt one which is pretty bad. the noise to info ratio is insanely uneven. i also tried the one at [EMAIL PROTECTED] which is pretty decent but i didn't get many responses. that could be my fault and the way i worded my problem(most likely). thanks for all your help and time spent on this already. On 10/10/05, Derek Harris [EMAIL PROTECTED] wrote: The Exchange discussion list here has some people who can probably tell you for sure: http://e-newsletters.internet.com/discussionlists.html Are the servers all in the same Exchange Org? Where does the contact send the mail? Your mailboxes contacts shouldn't have their home server name in their domain string, unless you specifically set them up that way. From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of joeSent: Monday, October 10, 2005 3:48 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] exchange confusion(OT) I may regret asking this, but recall I don't know squat about Exchange message routing. Why do you need a connector? If the name is resolvable from your server, it doesn't seem like it should need anything special to get to it. joe From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Monday, October 10, 2005 3:28 PMTo: activedirectorySubject: [ActiveDir] exchange confusion(OT) I have a contact with the addy o
Re: [ActiveDir] exchange confusion(OT)
Both servers are exchange 2k The conversation goes something like this- ehlo mail from: rcpt to: on my mailserver's side. all these get 250 smtp response codes from the journal server. then, my mail server tries to send a xexch50 which gets a need to auth first response from their server. now i assume thats just normal exchange routing/mapi info stuff but they're not in the same ORG so thats a normal response. then the last thing i see is a bdat from my server and thats all she wrote. i never see a quit or the conversation end. this is in the smtp protocol logs on my bridgehead server. in ethereal i just get tcp retransmission everytime i see the ip of the journal server. maybe this is the GRE tunnel and i should play with the PMTUD on the bridgehead? The thing you say about contacts having an internal address is new to me. i've never worked at a company that gave their contacts internal proxy addys or ever seen it written that you should do that. every place i've worked just used contacts as an object to represent external addys in the GAL. isn't this their point? why would you need an addy pointing back to you for an external contact? i'm not disagreeing with you, mind you, i'd just like to know why and I know you know :) also, can you elaborate as to the weird results from having a recipient pol point to a FQDN that indicates itself(not sure if thats the way they set it up). thanks. sorry for all the questions(and OT as they are). On 10/11/05, Al Mulnick [EMAIL PROTECTED] wrote: One thing Exchange 2000x doesn't do well is deal with hosting a FQDN that indicates itself. It causes weird results. So if their internal server primary dns suffix is journaldomain.com and they have a recip policy of servername.journaldomain.com then they'll have some strange results over time. One thing you might want to look for is the verbs being passed back and forth between the servers. If Exchange 2K3 and Exchange 2K are trading messages, they can talk ESMTP with Microsoft specific verbs assuming nothing is between the two. A network trace is the easiest way to troubleshoot this. Look at the successful and failed conversations to see what's going on. At least it's recreatable. Oh. Your mail-enabled contact should have an internal address as well. It's a good idea to have it, vs. a requirement, but it's not really mail-enabled if it's just a Windows contact and doesn't have both an internal and an external address (primary of course). -ajm -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom KernSent: Tuesday, October 11, 2005 11:30 AMTo: activedirectorySubject: Re: [ActiveDir] exchange confusion(OT) when i run ethereal on the bridgehead server, i see many tcp retransmissions to the journal server. what could this signify? is this an issue on my Exchange server's side? thier exchange server? my bandwidth? their connection? thanks again On 10/11/05, Tom Kern [EMAIL PROTECTED] wrote: ok. i think you guys are overcomplicating things- i have one contact which like most contacts, is for an address external to my ORG. this contact has 1 address which is also its primary address. the address is external to my ORG. In other words, its a contact :) the smtp address on the contact is [EMAIL PROTECTED]. i have journaling enabled on all my mailstores. the journal mailbox is this contact. journal mail gets forwarded to this contact which is an address on a 3rd party journaling/archive soultion. their mail infratstructure has nothing to do with me. they just accept journaled email from us. now, mail going(via journaling) to this contact gets routed outa dedicated smtp connector. the address space on this connector is *.journaldomain.com. when mail going to the [EMAIL PROTECTED] gets routed to its smtp connector, the bridgehead server rewrites the RCPT TO: address as [EMAIL PROTECTED] the archive/journal companie's mailserver only accepts mail for servername.journaldomain.com NOT Journaldomain.com , so i get unable to relay errors and my journal queue builds up. when i change the coonector address space to servername.journaldomain.com, some mail starts to flow but then it stops as well. now my 2 questions are- why does exchange rewrite the RCP TO: address? and why would mail stop flowing? am i sending too much mail to them(they run exchange 2k as well)? how would i know? how many connections can exchange accept at one time incoming? Thanks for the list suggestions but i tried the Sunbelt one which is pretty bad. the noise to info ratio is insanely uneven. i also tried the one at [EMAIL PROTECTED] which is pretty decent but i didn't get many responses. that could be my fault and the way i worded my problem(most likely). thanks for all your help and time spent on this already. On 10/10/05, Derek Harris [EMAIL PROTECTED] wrote: The Exchange discussion list here has some people who can probably tell you for sure: http://e
RE: [ActiveDir] exchange confusion(OT)
Title: Message This was what I was thinking of http://support.microsoft.com/default.aspx?scid=kb;EN-US;288175 But it's possible you have another issue going on. Can you capture the trace via netmon? Do you have it available? Ethereal is fine as well, but... Whichever you use, filter the conversation to those two servers so you can see everything going on. Also, do you end up getting a NDR? If so, what is it? Unable to relay? You didn't set up any recip policies with journaldomain.com by any chancedid you? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom KernSent: Tuesday, October 11, 2005 2:41 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange confusion(OT) Both servers are exchange 2k The conversation goes something like this- ehlo mail from: rcpt to: on my mailserver's side. all these get 250 smtp response codes from the journal server. then, my mail server tries to send a xexch50 which gets a "need to auth first" response from their server. now i assume thats just normal exchange routing/mapi info stuff but they're not in the same ORG so thats a normal response. then the last thing i see is a bdat from my server and thats all she wrote. i never see a quit or the conversation end. this is in the smtp protocol logs on my bridgehead server. in ethereal i just get "tcp retransmission" everytime i see the ip of the journal server. maybe this is the GRE tunnel and i should play with the PMTUD on the bridgehead? The thing you say about contacts having an internal address is new to me. i've never worked at a company that gave their contacts internal proxy addys or ever seen it written that you should do that. every place i've worked just used contacts as an object to represent external addys in the GAL. isn't this their point? why would you need an addy pointing back to you for an external contact? i'm not disagreeing with you, mind you, i'd just like to know why and I know you know :) also, can you elaborate as to the "weird results" from having a recipient pol point to a FQDN that indicates itself(not sure if thats the way they set it up). thanks. sorry for all the questions(and OT as they are). On 10/11/05, Al Mulnick [EMAIL PROTECTED] wrote: One thing Exchange 2000x doesn't do well is deal with hosting a FQDN that indicates itself. It causes weird results. So if their internal server primary dns suffix is journaldomain.com and they have a recip policy of servername.journaldomain.com then they'll have some strange results over time. One thing you might want to look for is the verbs being passed back and forth between the servers. If Exchange 2K3 and Exchange 2K are trading messages, they can talk ESMTP with Microsoft specific verbs assuming nothing is between the two. A network trace is the easiest way to troubleshoot this. Look at the successful and failed conversations to see what's going on. At least it's recreatable. Oh. Your mail-enabled contact should have an internal address as well. It's a good idea to have it, vs. a requirement, but it's not really mail-enabled if it's just a Windows contact and doesn't have both an internal and an external address (primary of course). -ajm -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom KernSent: Tuesday, October 11, 2005 11:30 AMTo: activedirectorySubject: Re: [ActiveDir] exchange confusion(OT) when i run ethereal on the bridgehead server, i see many tcp retransmissions to the journal server. what could this signify? is this an issue on my Exchange server's side? thier exchange server? my bandwidth? their connection? thanks again On 10/11/05, Tom Kern [EMAIL PROTECTED] wrote: ok. i think you guys are overcomplicating things- i have one contact which like most contacts, is for an address external to my ORG. this contact has 1 address which is also its primary address. the address is external to my ORG. In other words, its a contact :) the smtp address on the contact is [EMAIL PROTECTED]. i have journaling enabled on all my mailstores. the journal "mailbox" is this contact. journal mail gets forwarded to this contact which is an address on a 3rd party journaling/archive soultion. their mail infratstructure has nothing to do with me. they just accept journaled email from us. now, mail going(via journaling) to this contact gets routed outa dedic
RE: [ActiveDir] exchange confusion(OT)
You should be able to just do domain.com and it will pick up any child domains, unless you have a child that needs special priveledges. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom KernPosted At: Monday, October 10, 2005 2:28 PMPosted To: ActiveDirectoryConversation: [ActiveDir] exchange confusion(OT)Subject: [ActiveDir] exchange confusion(OT) I have a contact with the addy of [EMAIL PROTECTED]. I created a smtp connector with an address space of *.domain.com. when exchange 2k sends an email destined for [EMAIL PROTECTED] thru that smtp connector, it rewrites the addy in the RCPT TO: as [EMAIL PROTECTED], taking out the servename. i see this in the smtp logs on the server and the remote server dosen't accept mail to that addy and is saying "relay not allowed". Now, my question- why is exchange rewriting the address just because i'm using a wildcard in the connector address space? is this by design? What if i wanted a connector going to every domain under domain.com like subdomain.domain.com and childdomain.domain.com ? wouldn't i just create a connector with an address space of *.domain.com? should exchange 2k just forward the email without changing the RCPT TO: headers? am i wrong and clueless as usual? what am i missing? i'm running Exchange 2k post sp3 rollup in mixed mode(but no exchange 5.5 servers or ADC). Thanks alot
Re: [ActiveDir] exchange confusion(OT)
thats because this addy has special needs. its a journal contact that needs to be routed out a dedicated connector to a journal server. i still don't understand why exchange rewrites the address to domain.com instead of servername.domain.com. thanks On 10/10/05, joe [EMAIL PROTECTED] wrote: I may regret asking this, but recall I don't know squat about Exchange message routing. Why do you need a connector? If the name is resolvable from your server, it doesn't seem like it should need anything special to get to it. joe From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Monday, October 10, 2005 3:28 PM To: activedirectorySubject: [ActiveDir] exchange confusion(OT) I have a contact with the addy of [EMAIL PROTECTED]. I created a smtp connector with an address space of *.domain.com. when exchange 2k sends an email destined for [EMAIL PROTECTED] thru that smtp connector, it rewrites the addy in the RCPT TO: as [EMAIL PROTECTED], taking out the servename. i see this in the smtp logs on the server and the remote server dosen't accept mail to that addy and is saying relay not allowed. Now, my question- why is exchange rewriting the address just because i'm using a wildcard in the connector address space? is this by design? What if i wanted a connector going to every domain under domain.com like subdomain.domain.com and childdomain.domain.com ? wouldn't i just create a connector with an address space of *.domain.com? should exchange 2k just forward the email without changing the RCPT TO: headers? am i wrong and clueless as usual? what am i missing? i'm running Exchange 2k post sp3 rollup in mixed mode(but no exchange 5.5 servers or ADC). Thanks alot
RE: [ActiveDir] exchange confusion(OT)
Not enough information. Is this one of it's domains for whichthe Exchange serverhas a recipient policy? That's the most likely reason. Can you tell us more about the scenario? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom KernSent: Monday, October 10, 2005 6:33 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange confusion(OT) thats because this addy has special needs. its a journal contact that needs to be routed out a dedicated connector to a journal server. i still don't understand why exchange rewrites the address to domain.com instead of servername.domain.com. thanks On 10/10/05, joe [EMAIL PROTECTED] wrote: I may regret asking this, but recall I don't know squat about Exchange message routing. Why do you need a connector? If the name is resolvable from your server, it doesn't seem like it should need anything special to get to it. joe From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Monday, October 10, 2005 3:28 PM To: activedirectorySubject: [ActiveDir] exchange confusion(OT) I have a contact with the addy of [EMAIL PROTECTED]. I created a smtp connector with an address space of *.domain.com. when exchange 2k sends an email destined for [EMAIL PROTECTED] thru that smtp connector, it rewrites the addy in the RCPT TO: as [EMAIL PROTECTED], taking out the servename. i see this in the smtp logs on the server and the remote server dosen't accept mail to that addy and is saying "relay not allowed". Now, my question- why is exchange rewriting the address just because i'm using a wildcard in the connector address space? is this by design? What if i wanted a connector going to every domain under domain.com like subdomain.domain.com and childdomain.domain.com ? wouldn't i just create a connector with an address space of *.domain.com? should exchange 2k just forward the email without changing the RCPT TO: headers? am i wrong and clueless as usual? what am i missing? i'm running Exchange 2k post sp3 rollup in mixed mode(but no exchange 5.5 servers or ADC). Thanks alot
RE: [ActiveDir] exchange confusion(OT)
Is this address on a contact that has [EMAIL PROTECTED] as a reply address? Ed Crowley MCSE+Internet MVPFreelance E-Mail PhilosopherProtecting the world from PSTs and Bricked Backups! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom KernSent: Monday, October 10, 2005 3:33 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange confusion(OT) thats because this addy has special needs. its a journal contact that needs to be routed out a dedicated connector to a journal server. i still don't understand why exchange rewrites the address to domain.com instead of servername.domain.com. thanks On 10/10/05, joe [EMAIL PROTECTED] wrote: I may regret asking this, but recall I don't know squat about Exchange message routing. Why do you need a connector? If the name is resolvable from your server, it doesn't seem like it should need anything special to get to it. joe From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Monday, October 10, 2005 3:28 PM To: activedirectorySubject: [ActiveDir] exchange confusion(OT) I have a contact with the addy of [EMAIL PROTECTED]. I created a smtp connector with an address space of *.domain.com. when exchange 2k sends an email destined for [EMAIL PROTECTED] thru that smtp connector, it rewrites the addy in the RCPT TO: as [EMAIL PROTECTED], taking out the servename. i see this in the smtp logs on the server and the remote server dosen't accept mail to that addy and is saying "relay not allowed". Now, my question- why is exchange rewriting the address just because i'm using a wildcard in the connector address space? is this by design? What if i wanted a connector going to every domain under domain.com like subdomain.domain.com and childdomain.domain.com ? wouldn't i just create a connector with an address space of *.domain.com? should exchange 2k just forward the email without changing the RCPT TO: headers? am i wrong and clueless as usual? what am i missing? i'm running Exchange 2k post sp3 rollup in mixed mode(but no exchange 5.5 servers or ADC). Thanks alot
Re: [ActiveDir] exchange confusion(OT)
ok, it goes like this- i work for a finanical corp so we have to stay in compliance. i have 2 smtp connectors- one goes to a compliance server, the other to an journal host. for the journal host, all my mail stores point to an external contact(1 smtp proxy addy) for journaling. this gets routed out a smtp connector going to the journal server. the addy on the contact is in the form of [EMAIL PROTECTED]. the address space for the smtp connector is *.journaldomain.com. when mail gets routed out the smtp connector, the RCPT TO: changes from [EMAIL PROTECTED] to [EMAIL PROTECTED] . i see this in the smtp protocol log on the virtual server of the bridgehead server(i have diag logging turned up to max but the app lof shows nothing). The journal server will not accept mail for that domain. mail stays in the queue on the bridgehead. here's where it gets weirder- when i change the smtp connector addy space to servername.journaldomain.com, mail starts flowing for awhile but then stops as well. in the log, i just see MAIL FROM: and RCPT TO:, but nothing else. these 2 things might be unrelated but i'd like to know why exchange rewrites the RCPT TO:. OR why mail is stuck in the queue in this situation. OR both would be cool too :) SO, Exchange 2k sp3 mixed mode no Exchange 5.5 servers. the contact has 1 smtp proxy addy- [EMAIL PROTECTED]. this is the primary and only smtp addy(1 x.400 addy, of course). curiously whoever set it up didn't uncheck the update this addy with recipeint policiy checkbox, but the smtp addy isn't overwritten by the RUS. it still has that addy and not our normal addy set by the RUS. so as you can see, there are alot of strange exchange things going on here. i'd like just an answer to any of these questions. thanks for putting up with me and my story(but i'm sticking to it). thanks On 10/10/05, Ed Crowley [MVP] [EMAIL PROTECTED] wrote: Is this address on a contact that has [EMAIL PROTECTED] as a reply address? Ed Crowley MCSE+Internet MVPFreelance E-Mail PhilosopherProtecting the world from PSTs and Bricked Backups!™ From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom Kern Sent: Monday, October 10, 2005 3:33 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange confusion(OT) thats because this addy has special needs. its a journal contact that needs to be routed out a dedicated connector to a journal server. i still don't understand why exchange rewrites the address to domain.com instead of servername.domain.com. thanks On 10/10/05, joe [EMAIL PROTECTED] wrote: I may regret asking this, but recall I don't know squat about Exchange message routing. Why do you need a connector? If the name is resolvable from your server, it doesn't seem like it should need anything special to get to it. joe From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Monday, October 10, 2005 3:28 PM To: activedirectorySubject: [ActiveDir] exchange confusion(OT) I have a contact with the addy of [EMAIL PROTECTED]. I created a smtp connector with an address space of *.domain.com. when exchange 2k sends an email destined for [EMAIL PROTECTED] thru that smtp connector, it rewrites the addy in the RCPT TO: as [EMAIL PROTECTED], taking out the servename. i see this in the smtp logs on the server and the remote server dosen't accept mail to that addy and is saying relay not allowed. Now, my question- why is exchange rewriting the address just because i'm using a wildcard in the connector address space? is this by design? What if i wanted a connector going to every domain under domain.com like subdomain.domain.com and childdomain.domain.com ? wouldn't i just create a connector with an address space of *.domain.com? should exchange 2k just forward the email without changing the RCPT TO: headers? am i wrong and clueless as usual? what am i missing? i'm running Exchange 2k post sp3 rollup in mixed mode(but no exchange 5.5 servers or ADC). Thanks alot
RE: [ActiveDir] exchange confusion(OT)
What are the entries under E-Mail Addresses for the contact? Which SMTP address is bolded? Ed Crowley MCSE+Internet MVPFreelance E-Mail PhilosopherProtecting the world from PSTs and Bricked Backups! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom KernSent: Monday, October 10, 2005 5:10 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange confusion(OT) ok, it goes like this- i work for a finanical corp so we have to stay in compliance. i have 2 smtp connectors- one goes to a compliance server, the other to an journal host. for the journal host, all my mail stores point to an external contact(1 smtp proxy addy) for journaling. this gets routed out a smtp connector going to the journal server. the addy on the contact is in the form of [EMAIL PROTECTED]. the address space for the smtp connector is *.journaldomain.com. when mail gets routed out the smtp connector, the RCPT TO: changes from [EMAIL PROTECTED] to [EMAIL PROTECTED] . i see this in the smtp protocol log on the virtual server of the bridgehead server(i have diag logging turned up to max but the app lof shows nothing). The journal server will not accept mail for that domain. mail stays in the queue on the bridgehead. here's where it gets weirder- when i change the smtp connector addy space to servername.journaldomain.com, mail starts flowing for awhile but then stops as well. in the log, i just see MAIL FROM: and RCPT TO:, but nothing else. these 2 things might be unrelated but i'd like to know why exchange rewrites the RCPT TO:. OR why mail is stuck in the queue in this situation. OR both would be cool too :) SO, Exchange 2k sp3 mixed mode no Exchange 5.5 servers. the contact has 1 smtp proxy addy- [EMAIL PROTECTED]. this is the primary and only smtp addy(1 x.400 addy, of course). curiously whoever set it up didn't uncheck the "update this addy with recipeint policiy" checkbox, but the smtp addy isn't overwritten by the RUS. it still has that addy and not our normal addy set by the RUS. so as you can see, there are alot of strange exchange things going on here. i'd like just an answer to any of these questions. thanks for putting up with me and my story(but i'm sticking to it). thanks On 10/10/05, Ed Crowley [MVP] [EMAIL PROTECTED] wrote: Is this address on a contact that has [EMAIL PROTECTED] as a reply address? Ed Crowley MCSE+Internet MVPFreelance E-Mail PhilosopherProtecting the world from PSTs and Bricked Backups! From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Monday, October 10, 2005 3:33 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] exchange confusion(OT) thats because this addy has special needs. its a journal contact that needs to be routed out a dedicated connector to a journal server. i still don't understand why exchange rewrites the address to domain.com instead of servername.domain.com. thanks On 10/10/05, joe [EMAIL PROTECTED] wrote: I may regret asking this, but recall I don't know squat about Exchange message routing. Why do you need a connector? If the name is resolvable from your server, it doesn't seem like it should need anything special to get to it. joe From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Tom KernSent: Monday, October 10, 2005 3:28 PM To: activedirectorySubject: [ActiveDir] exchange confusion(OT) I have a contact with the addy of [EMAIL PROTECTED]. I created a smtp connector with an address space of *.domain.com. when exchange 2k sends an email destined for [EMAIL PROTECTED] thru that smtp connector, it rewrites the addy in the RCPT TO: as [EMAIL PROTECTED], taking out the servename. i see this in the smtp logs on the server and the remote server dosen't accept mail to that addy and is saying "relay not allowed". Now, my question- why is exchange rewriting the address just because i'm using a wildcard in the connector address space? is this by design? What if i wanted a connector going to every domain under domain.com like subdomain.domain.com and childdomain.domain.com ? wouldn't i just create a connector with an address space of *.domain.com? should exchange 2k just forward the email without changing the RCPT TO: headers? am i wrong and clueless as usual? what am i missing? i'm running Exchange 2k post sp3 rollup in mixed mode(but no exchange 5.5 servers or ADC). Thanks alot
