locked
Outbound mails to external recipients delayed in queue RRS feed

  • Question

  • Hello,

    We recently started expierencing delays with mails being send to external recipients. The messages gets stuck in the queue for about 20-30 minutes and then all mails that are stuck will be deliverd. The next mail to an external recipients gets stuck in the queue again. Internal mail flow has no issue at all.

    In queue viewer i get following information about the alt error:

    "The message has been queued on server 'ndak-h-srv07.ndak-h.be' since 6/22/2018 12:34:33 PM (UTC+01:00) Brussels, Copenhagen, Madrid, Paris. The last attempt to send the message was at 6/22/2018 12:34:33 PM (UTC+01:00) Brussels, Copenhagen, Madrid, Paris and generated the error '[{LRT=};{LED=};{FQDN=};{IP=}]'."

    The same error can be found in the mail delivery report of exchange.

    The mails are being forwarded to a smart host of Symantec via an outbound connector. Eventually every mail gets delivered but the delay causes confusion and miscommunication.

    The exchange server can resolve the smart host and make a telnet connection to it.

    Has anyone encountered a similar problem?

    Friday, June 22, 2018 10:54 AM

All replies

  • Hi,

    Can't tell what the root cause is.

    Is there any intermediate devices between Exchange server and smart host? Any firewall rules?

    For troubleshooting, we could test the message header of the problematic emails in ExRCA. From the result, we could know the hop where message got stuck and the delayed time.

    Hope it helps.

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, June 25, 2018 8:57 AM
  • Hi Manu,

    Thank you for your reply.

    There is a FortiGate firewall between the exchange server and the smart host. There is a policy that allows mail traffic to the exchange server and the ip ranges of Symantec. Nothing has changed for this policy recently.

    I tested Outbound SMTP email with ExRCA and got an error on spf, the maximum dns resolves were surpassed. I changed the spf-record and removed the unnecessary includes until the check completed. I did use the smart host ip as Outbound IP address since the smart host is actually sending the mails. If i use the public ip of our Exchange server i get rejected by SPF since it will fall under the -all category.

    Afterwards I checked the email headers and was able to confirm that the problem occurs when the mail is being sent from the public ip towards the smart host. When checking the header in mxtoolbox as well i noticed that this public ip is listed on 1 blacklist. I'm going to follow the procedure to remove our ip form this blacklist and make sure there is a correct rDNS record.

    I will keep you posted with the results.

     

    Monday, June 25, 2018 12:12 PM
  • Hi Manu,

    Thank you for your reply.

    There is a FortiGate firewall between the exchange server and the smart host. There is a policy that allows mail traffic to the exchange server and the ip ranges of Symantec. Nothing has changed for this policy recently.

    I tested Outbound SMTP email with ExRCA and got an error on spf, the maximum dns resolves were surpassed. I changed the spf-record and removed the unnecessary includes until the check completed. I did use the smart host ip as Outbound IP address since the smart host is actually sending the mails. If i use the public ip of our Exchange server i get rejected by SPF since it will fall under the -all category.

    Afterwards I checked the email headers and was able to confirm that the problem occurs when the mail is being sent from the public ip towards the smart host. When checking the header in mxtoolbox as well i noticed that this public ip is listed on 1 blacklist. I'm going to follow the procedure to remove our ip form this blacklist and make sure there is a correct rDNS record.

    I will keep you posted with the results.

     

    OK, look forwards to your good news!

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, June 26, 2018 2:59 AM
  • Hi,

    Just checking in to see if above information was helpful. Please let us know if you would like further assistance.

    Regards, 

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to shareexplore and talk to experts about Microsoft Teams.

    • Proposed as answer by Manu Meng Friday, July 6, 2018 9:15 AM
    Tuesday, July 3, 2018 10:01 AM