Mail not being delivered to Exchange

Unanswered Question
Jul 18th, 2008

Hi there,

I have just put an Iron Port C150 in place and works well, for the most part.

A number of messages are not being delievered to Exchange even though the Iron Port states they are. I know the messages come in to the Iron Port as I am able to catch them in quarantine but after releasing they disappear. There are no Exchange logs stating message received.

Help appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
steven_geerts Fri, 07/18/2008 - 22:16

Hello Matty,

Have you checked the Ironport Maillog?

if you enter the command line (via SSH) you can use the "tail" command to see the real time content of you "maillog". All relevant action are logged there so it is a good starting point for troubleshooting his problem.

If you are not able to find the root cause of your problem, please note the MID number (from the mailog) of one of the problematic messages and use that as input for the "findevent" command of the CLI. If you post the output of the findevent command I think the Forum can help you further.

Steven

kluu_ironport Tue, 07/22/2008 - 01:45

Whether a quarantined message is released by the recipient or by the Ironport administrator, they will both look the same in the "mail_logs" and will have the original MID that the message came in on.


Below is an example of what to look for in a message that is released from the IronPort Spam Quarantine. The example below shows these items:

1. The original MID
2. The destination host that the system will try to hand this mail off to, in this case, it's 1.2.3.4
3. It also shows the destination accepting the message.

I've put in BOLD most of the important items.


In your case, the best way to approach tracking this down is to get either the From/To/Subject of the original message that got quarantined. Then search for it in the log to see if it was released from quarantine and then see if the mailserver accepted it or bounced it.

grep -i "[email protected]" mail_logs

You'll want to pay attention to the MID and DCID.

Mon Jul 21 17:30:23 2008 Info: Start MID 645 ICID 0 (ISQ Released Message)
Mon Jul 21 17:30:23 2008 Info: ISQ: Reinjected MID 514 as MID 645
Mon Jul 21 17:30:23 2008 Info: MID 645 ICID 0 From:
Mon Jul 21 17:30:23 2008 Info: MID 645 ICID 0 RID 0 To:
Mon Jul 21 17:30:23 2008 Info: MID 645 Subject '[possible spam] Buy viagra'
Mon Jul 21 17:30:23 2008 Info: MID 645 ready 231 bytes from
Mon Jul 21 17:30:23 2008 Info: MID 645 queued for delivery
Mon Jul 21 17:30:23 2008 Info: New SMTP DCID 610 interface 74.201.91.95 address 1.2.3.4 port 25
Mon Jul 21 17:30:23 2008 Info: Delivery start DCID 610 MID 645 to RID [0]
Mon Jul 21 17:30:24 2008 Info: Message done DCID 610 MID 645 to RID [0]
Mon Jul 21 17:30:24 2008 Info: MID 645 RID [0] Response 'ok: Message 94849932 accepted'
Mon Jul 21 17:30:24 2008 Info: Message finished MID 645 done






Hi there,

I have just put an Iron Port C150 in place and works well, for the most part.

A number of messages are not being delievered to Exchange even though the Iron Port states they are. I know the messages come in to the Iron Port as I am able to catch them in quarantine but after releasing they disappear. There are no Exchange logs stating message received.

Help appreciated.
bddgrw_ironport Thu, 10/16/2008 - 10:45

I had the same problem. The Problem is, if the Message is released from Quarantine the same Message-ID is used. The Exchange Server doesn't recognize that a new mail has been send.

To solve that Problem you have to strip Message-ID in the E-Mail Header first with an Action Rule like strip-header("Message-ID") before you Quarantine the mail. Now the Mail gets a new Message-ID and the Exchange-Server will send the released Mail properly.

Hope that will help you.

Regards,
Andreas

Actions

This Discussion