Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SMTP TimeOuts

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> General >> SMTP TimeOuts Page: [1]
Login
Message << Older Topic   Newer Topic >>
SMTP TimeOuts - 20.Jan.2008 4:17:09 PM   
bjblackmore

 

Posts: 80
Joined: 9.Aug.2005
Status: offline 		Hi,

We're running Windows 2003 Server (standard) SP2, with ISA Server 2006 (standard). IIS6 is setup as our edge SMTP relay, with an Exchange 2003 server (standard) SP2, on our internal network.

For a while now we've been told that some emails aren't getting through to us. This only seems to be from 1 or 2 domains, but its always the same domains.

I've checked the SMTP logs, and it shows the below information, which seems to suggest a timeout (TIMEOUT 121). I have tried solving this by increasing the timeout to 15, 20 then 25 minutes, but this didn't solve the problem. Having googled the issue some people suggest changing the MTU size of any routers, so on our DSL router I have tried setting the MTU size from 1500, to 1480, 1458, 1412, and 1400 (a few suggested values), but still the problem persists.

2008-01-20 18:46:16 195.2xx.2xx.51 mail3.sendersdomain.com SMTPSVC1 ISA 192.168.0.1 HELO 250 48 27 0 SMTP - -
2008-01-20 18:46:16 195.2xx.2xx.51 mail3.sendersdomain.com SMTPSVC1 ISA 192.168.0.1 MAIL 250 46 39 0 SMTP - -
2008-01-20 18:46:16 195.2xx.2xx.51 mail3.sendersdomain.com SMTPSVC1 ISA 192.168.0.1 RCPT 250 33 36 0 SMTP - -
2008-01-20 19:17:02 195.2xx.2xx.51 mail3.sendersdomain.com SMTPSVC1 ISA 192.168.0.1 TIMEOUT 121 84 4 1845562 SMTP - -
2008-01-20 19:17:02 195.2xx.2xx.51 mail3.sendersdomain.com SMTPSVC1 ISA 192.168.0.1 QUIT 240 84 4 1845562 SMTP - -

The following site, http://chris-linfoot.net/d6plinks/CWLT-5WADL5, says MTU size can be negotiated between two hosts, but some firewalls can block the negotiation. Apparently MTU path discovery uses ICMP 'destination host unreachable' to negotiate the MTU size, and suggests allowing it through any firewall. So I have created a new protocol in ISA toolbox for ICMP: code=1, type=3, (which is apparently destination host unreachable). I have then added the protocol to the firewall allow rules. But I'm still getting the TIMEOUT issue.

I've also increased the message size allowed for incoming messages to 20mb, although the messages that we've been told we're not getting, have since been forwarded to a yahoo account, and they are just small plain text emails, no massive attachments or anything, probably less than 50kb!

I'm not too sure what else could be causing the problem. ISA 2006 seems to be configured correctly! Could it be something on the sending SMTP server? Something misconfigured on a router between us and the sender? If so, how do you go about solving this?

Any help, or suggestions greatly appreciated!

Ben

< Message edited by bjblackmore -- 20.Jan.2008 4:19:16 PM >
Post #: 1
RE: SMTP TimeOuts - 21.Jan.2008 10:35:21 AM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Check my blog and newsletter for configuring PMTU discovery and Black Hole router discovery on the ISA Firewall.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to bjblackmore)
Post #: 2
RE: SMTP TimeOuts - 5.Feb.2008 10:24:28 AM   
bjblackmore

 

Posts: 80
Joined: 9.Aug.2005
Status: offline 		Hi Tom,

Thanks for the reply. Sorry its taken me a while to post my results (one problem after another keeps cropping up).

I read your post on PMTU discovery & black hole routers, I managed to use it to find a working MTU size, and used the Microsoft KB you link to in the article, to set the MTU size on the adaptor in the ISA server, (even though I'd set the same MTU on the DSL router attached to this adaptor previously it still failed), after setting the MTU on the adaptor, mail started coming in from the connections that were timing out before!

There are still a few TIMEOUT errors in the SMTP logs, but these now all seem to be from what I would call possible spammers, most of the connections are .tw, .cn, or .ru domains, who we never deal with, or from connections that are obviously not corporate SMTP servers, i.e. 'fredspc', so I'm less worried about these timing out and not receiving their mail/spam.

Many thanks

Ben

(in reply to tshinder)
Post #: 3
RE: SMTP TimeOuts - 5.Feb.2008 11:57:07 AM   
tshinder

 

Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Ben,

You bet! Let us know if you run into any other problems.

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to bjblackmore)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> General >> SMTP TimeOuts Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts