Microsoft Small Business Server 2003 Unleashed
Exchange is a complex product, and the SBS implementation of Exchange makes it more so. One chapter in a book cannot begin to cover all the troubleshooting possibilities for Exchange. The remainder of this chapter instead covers some of the commonly encountered issues with Exchange related to topics covered in the chapter. Troubleshooting Outbound Mail Delivery
Many outbound mail delivery issues can be identified with just a couple of basic toolsExchange System Manager and telnet. When you suspect outbound mail delivery problems, open the Exchange System Manager and look at the outbound SMTP queues (which can be found under Servers, your server name, Queues). When you have Exchange set to deliver mail through DNS, you see a queue for each mail domain where Exchange has recently attempted delivery. The status of the queue is listed in the State column, shown in Figure 12.13. If the status is anything other than Ready, you must identify and resolve the problem before Exchange can deliver mail. Figure 12.13. Exchange System Manager displays the status of each outbound mail queue.
When you highlight the problem mail queue, the Additional Queue Information field gives you an indication of the problem. In Figure 12.13, the queue for delivery to aol.com is in a Retry state, meaning that Exchange will make another attempt to deliver mail to aol.com. The Additional Queue Information area indicates that the last connection attempt failed because of an SMTP protocol error. In most cases, this is likely not a protocol error, but a delivery refusal. You can narrow down the cause in one of two ways from here. First, you can enable SMTP logging and review the information collected in the log file. Follow these instructions to enable SMTP logging:
Now that you have SMTP logging enabled, you can force Exchange to make another connection attempt and record the transaction in the logs. You can do this by right-clicking the connector in the Queues listing and selecting Force Connection. Next, you can review the information in the SMTP log file. Browse to the folder where the log files are stored (C:\Windows\System32\LogFiles by default), open the SMTPSVC1 folder, and open the most recent log file. The following listing displays a typical response you might get from a refused connection: [View full width] year-mo-da 15:22:20 hostserverIP OutboundConnectionResponse SMTPSVC1 SBS - 25 - 554-+
In this example, you can see that AOL responds to the connection attempt and does not accept connections from IPs that are registered as residential or dynamic by ISPs. AOL even provides a URL in the error that gives you more information about why it refused the connection. Note Some mail hosts handle refusing mail in different ways. AOL refuses to accept the connection, but in such a way that no NDR is generated. The Exchange SMTP queue continues to attempt delivery to AOL until the delivery timeout is received, at which point, it generates its own NDR indicating that the message could not be delivered within the time configured on the server. Other ISPs refuse the connection in such a way that an NDR is generated immediately and tells the sender exactly why the mail has been rejected. It is easier to troubleshoot delivery failures when these NDRs are generated because they generally indicate which black list or other spam-blocking tool they used to refuse your request. Another way to investigate mail delivery problems is to make a manual SMTP connection to see what is happening. This can be useful for those occasions when no information about the connection problem is listed in the SMTP logs. You use the telnet tool to connect to the mail server and attempt mail delivery to see how the remote system responds. Before you can telnet to the mail server, you need to know where the mail server is. Use nslookup to find the address or name of the mail server. Follow these steps to find a remote mail server using nslookup:
nslookup returns the mail exchanger record(s) for the mail domain. After you have noted the name or address of the remote mail server, type exit and press Enter to quit nslookup. Now you can use telnet to attempt a manual message delivery by following these steps:
If you get anything other than a 220 response on the initial connection or a 250 response after any of the other steps, review the SMTP server responses and continue troubleshooting from there. Some responses make it obvious what the problem is. For example, if you don't have the correct server address for a mail domain, you may get a 550 5.7.1 Unable to relay error. Other errors may not be as obvious, but you can at least look up the errors on the Internet and see what may be causing the problems. Troubleshooting IMF
One indicator that there may be a problem with the configuration of the IMF is users reporting that they are not getting the messages they are expecting. The first place to look for trouble is the SMTP log file. The following two samples from the SMTP log file show two different mail delivery sessions: [View full width] year-mo-da 16:05:10 [remoteIP] - SMTPSVC1 SBS [externalIP] 0 EHLO - - 250 0 year-mo-da 16:05:14 [remoteIP] - SMTPSVC1 SBS [externalIP] 0 MAIL [ic:ccc}+from:+user@remotedomain.net 250 year-mo-da 16:05:18 [remoteIP] - SMTPSVC1 SBS [externalIP] 0 RCPT +to
The difference between these two sessions in the log is the DATA response line in the first listing. This line indicates that the message was accepted for delivery and queued into the Exchange process. The second listing has no DATA line, which means that no message was queued for delivery in Exchange. In this example, the IMF was configured to delete messages with an SCL of 8 or higher. If a user complains that she is not receiving messages from a particular person, you can search through the SMTP logs for that email address and see whether a connection attempt has even been made. If it has and you see the email address listed in one of the MAIL lines in the log, you will see a corresponding DATA line after the message has been queued for delivery. One option to identify whether IMF is blocking messages that it should not be is to set the Gateway Blocking Configuration to take No Action on messages at that level. This allows those messages to pass through to the next filter, where they get dumped into the Junk Mail folder for the client. Alternatively, you can set the Gateway Blocking Configuration to Archive. This places blocked messages into a folder (C:\Program Files\Exchsrvr\Mailroot\vsi 1\UceArchive by default) as individual .eml files. In the SMTP log, you will not see the DATA entry for messages that get moved to the Archive folder, and if you do not monitor this folder, you could run out of disk space quickly during a spam attack on your server. You can open the messages stored in this folder with Outlook Express, but it is highly recommended that you use Notepad or some other text viewer instead to prevent any malicious content that may be in the message from being executed in Outlook Express from the server.
Troubleshooting POP3 Connector
Troubleshooting issues with the POP3 Connector is similar to troubleshooting outbound mail delivery. Setting up and reviewing the extended logging with the POP3 Connector and using telnet to test connectivity are your primary tools. The logging level for the POP3 Connector is set in the Troubleshooting tab of the POP3 Connector Manager. The four levels are
When you encounter problems with the POP3 connector, set the logging level up to Maximum and restart the POP3 Connector service. Then force connection attempts by clicking the Retrieve Now button in the Scheduling tab of the POP3 Connector Manager. After the connection attempt has had time to complete, you can open the Event Viewer and go through the messages related to the POP3 Connector. Fortunately, when logging is set to Maximum for the POP3 Connector, you can view each step of the entire process to see where problems are actually occurring. Unfortunately, so much information is stored in the logs, it may take a long time to sort through the data to find the information you need. Caution Do not forget to set logging back to Minimum (or none) and restart the POP3 Connector service when you have finished your troubleshooting session. Otherwise, your event logs will fill up quickly and could cause other problems on the server. The logging settings will not actually change until the service has been restarted.
Alternatively, you can use telnet to verify access credentials and message availability on the remote POP3 server. Follow these steps to connect to the server and see how many messages are waiting:
This process verifies several pieces of the POP3 puzzle. First, if the username and password are not correct, you get a ERR response after the password entry line. Second, you can see whether messages are waiting to be downloaded. This can be helpful if you suspect mail delivery problems at the other side. You can simply keep repeating the list command to get the current count and size of the messages and watch for changes to indicate when new messages have arrived. Caution You can also use Outlook Express or another POP mail client to verify the username and password on the remote server. Be sure that when you build a profile in a mail client for testing purposes that you configure the profile to leave the messages on the POP3 server when checking mail. Otherwise, those messages will be deleted from the server, and the POP3 Connector will not be able to download and deliver them.
One scenario in particular that can cause much grief for an SBS administrator is when a user has her POP3 mail account configured for use in Outlook or Outlook Express. If more than one POP3 client is pulling mail from the POP3 server, irregular mail delivery is practically guaranteed. When a new SBS server is installed in an environment where users had been relying solely on POP3 for mail delivery, you should make sure that all users remove the POP3 account configuration from their mail clients for the POP3 Connector to work correctly. One last step to verify that a message on the POP3 server will get delivered correctly is to issue the retr command in the POP3 telnet session to view the contents of the message without deleting it from the server. Simply type retr [message#] after authenticating to the POP3 server, and the server will send the entire contents of the message. At that point, you can look through the headers for the TO: and CC: fields for a valid address for your server. If an address within your domain space is not listed in the TO: or CC: fields, the message downloads to the server but does not get delivered, unless you specify a mailbox to receive delivery of all undeliverable messages. |
Категории