SMTP Connector erroneously entering Link Down state
We've recently worked out the what's going on with a problem we're seeing with outbound SMTP mail flow from E2K. On our live system (2 back-ends, 2 front-ends and a legacy Ex55 IMS system that we're in the process of removing) outbound mail normally flows through the FE's, but sometimes goes out via the IMS (a higher cost route that shouldn't be used) for a period of several minutes. On a test system we found we can provoke the problem at will. We took a W2K SP3 system running E2K SP3, with an SMTP connector set to route all mails to a downstream Unix system running Exim 4.20 as MTA, and it goes like this: - Exchange initiates an SMTP connection to the downstream MTA - It sends a RCPT TO with an invalid address, and the command is rejected by the MTA with a 550 - in some cases a single line message, sometimes a multi-line message - An NDR goes back to the sender - The routing engine logs a 977 event Following connector failed to connect to its target bridgehead... - A link down event is distributed round the routing group All further outbound mail is now queued on the messages for unreachable destination queue. After 15 minutes the connector attempts an SMTP connection to the downstream system, succeeds, and the link is brought up. If we change the SMTP connector configuration to Use DNS to route to each address space everything works fine. We can't use this in live service, though, since we have to have all outbound mail handled by our central hub systems. Anyone got any comments? It seems like this is one for PSS - taking a link down just because a recipient is rejected by the downstream system does not seem a sensible thing to do - actually it's a good way for users to do a DOS attack, just by mailing to non-existent addresses... Thanks Alan _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: SMTP Connector erroneously entering Link Down state
Your downstream MTA is supposed to accept all mail from your MTA. That's why the option says ..forward ALL mail... (emphasis added). To resolve this issue, mail for domains which this external MTA is authoritative should be sent through another connector. Aha. Yes, I see what you mean - anything that the downstream MTA can validate goes out using a connector set to use DNS, which will end up in the same MTA because the MX records will take it there, and fails here will not cause link-downing. BUT - what about the case where a user types a syntactically-invalid address? Something like [EMAIL PROTECTED],com (note the comma). That will also get a 550 response from the MTA and trigger a link down _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: SMTP Connector erroneously entering Link Down state
My Outlook client won't even let me try and send a message to [EMAIL PROTECTED],com and when trying to route the same through Exchange using a POP3 client (SMTP) the Exchange SMTP refuses to accept it for delivery. So, I think[1] the risk is relatively low. [1] Not much thought admittedly, I'm in the process of building a new lab. Yes, I think you're right with that one. I'm not sure I couldn't come up with a do-able example where the MTA really will get passed something it doesn't want to accept - it would be well within its rights to reject permanently a 100 squillibyte message! (And being a university, we have lots of people who'll want to try to find the loopholes...) But however we want to argue that, I'm not convinced that taking the connector down *is* appropriate behaviour. It depends what you define as the link - in this case there *is* SMTP connectivity; and the *retry* handler certainly regards the simple ability to make an SMTP connection as enough to mark the connector as up again. If inability to issue a RCPT command is enough to take the connector down, shouldn't a success be required to bring it up? Don't know. What would be the meaning of a message that failed with one recipient and succeeded with 10 others, for instance? The problem that we have here with this behaviour is that's it's radically different from how the Ex55 IMS did things. And isn't there an inconsistency in how things are done anyway? An error occurs which is deemed so serious that the connector must be marked down; yet the message which caused this is *not* requeued, and an NDR is generated. Isn't one layer saying Hmm, an error here but I've handled it, nothing to worry about and another saying Hey, something really really terrible is happening?. Don't know. Anyway, I'm on holiday for a week now, so my co-workers can worry about all this! Thanks for your thoughts! Alan _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Change the primary SMTP address using VBscript
I use ADSI for these things. The proxyAddresses attribute is an array. Code I've written manipulates the entries in the array. Be sure not to put the same address in twice--ADSI doesn't like that and you'll get the typical useless error message. Do you ever encounter problems when the mailbox has a *custom* address (X500 or any invent-your-own) associated with it, Ed? C++ code I have here using IMailRecipient::put_ProxyAddresses to set the addresses works perfectly if there are no custom addresses, but fails E_UNEXPECTED (0x8000 Catastrophic failure) if there is even one. I haven't had any response to queries about this on the ADSI developers news group, so I really suspect I'm doing something so stupid I can't see it I'd love to know if I'm the only person in the world to see this. Should I be using IADsUser::PutEx instead of the E2K interfaces, I wonder?? I'd love to know what UsersComputers does here... Alan _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Change the primary SMTP address using VBscript
I can't help with actually doing this from VB (I use CDOEXM from C++), but if you get an IMailRecipient interface on the user object, you simply set the SMTPEmail property to change the primary SMTP address. (In C++ it's the put_SMTPEmail method). The old primary address is demoted but left around. Setting the proxy addresses by using the PutEx method on a user object can be dangerous - there's no interlock to stop you doing things like setting two primary addresses for a protocol, and you can get the attribute in a state that will confuse UsersComputers. As far as I know it's best to use an IMailRecipient interface for this, as it contains the Exchange-specific attribute validations you need. (You do, of course, need the E2K Management Tools at least on the machine running the code). Alan _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
E2K interworking with plain-text mail systems
I've raised this point before, and following up the answers and taling to PSS brought up more issues I'd like advice on. If you set E2K up with the SMTP connnector working in default mode, any plain text message you send out to an Internet address gets rendered into quoted-printable form. If the end system is aware of this the result is good - you keep the paragraph-based nature of the stuff you type in Outlook, in distinction to how the Ex5.5 IMS breaks the text into arbitrary lines. However, there are two issues from this: - People who insist on using clients that can handle only plain text - Systems like MajorDomo that expect plain text In our environment (a University) the first could be bad - someone mails off a text with A = B + 7 in it and the recipient using mailx (yuk) sees A =3D B + 7 We can maybe tell our users that we no longer support plain-text-only mail (but it will be hard). The MajorDomo issue could be worse, but we'll probably get by. But what do we do with text-driven automatic systems that expect stuff like Something Something = Something ??? And what will auto-responder systems do with the = added at the end of lines broken for transmission? We could set the SMTP connector to send out in UUEncode format - but mail clients like Eudora Lite can't handle this, and moving off MIME is rather silly. PSS tell us there's no way at all to turn quoted-printable encoding off otherwise. Other people must have a need to interwork with plain-text-only systems, surely? What are you guys doing in these cases?? We are just on the point of going live on E2K, and we are having to seriously consider junking it and moving it to a Unix-based mail system because of this Thanks _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
E2K Sending plain text over SMTP as MIME
We've got E2K SP3 systems arranged as back-ends and front-ends. Using O2K, a user sends a mail that is composed in RTF format, default text formatting only, no attachments, to an Internet address, and it goes out via an SMTP connector on one or other front end. Now, doing that on Ex5.5 will result in the recipient getting the message as plain text with no MIME stuff at all. With E2K, though, what arrives is a message with headers like these: X-MS-Has-Attach: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-MS-TNEF-Correlator: Content-Transfer-Encoding: quoted-printable Thread-Topic: US Thread-Index: AcKgZ3cil1mlRx6FRLy3t7LCRls3nQ== content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 The plain text then follows (but not in a MIME section) and it uses = to mark the ends of lines. This is bad news, because we have a lot of users (sadly some with a lot of organisational clout) who want to use hideous clients like mailx on Unix, which will not do well with this - we need things to work just as they did with the Ex5.5 IMS. These guys simply will not use MIME-aware clients (sigh) In System Manager we've got the settings in Global Settings / Internet Message Format to the default for domain *, which is Use MIME / Body part as plain text; we've tried with character sets specified as Western European and US Ascii. Apart from a few messages on newsgroups asking essentially the same question, no info on this in archives, Google, TechNet or anywhere else we tried. Any ideas? Thanks _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Managing Ex5.5 Mailboxes from E2K
We have an Exchange 2000 SP3 setup with some Exchange 5.5 SP4 servers in it. With UsersComputers on the AD side, users with Exchange 5.5 mailboxes show the Exchange-related tabs; we can do things like changing storage limits and have the ADC replicate these into the Exchange 5.5 directory. If we use UC's Exchange Tasks to try to delete an Exchange 5.5 mailbox, though, it doesn't manage to do it - the AD entries for the mailbox (HomeMDB attribute and so on) get cleared; nothing changes on the Exchange 5.5 side after the next ADC replication; and on the replication after that the ADC puts the Exchange 5.5 details back in to AD and we're back where we started. I surmise this is because we are allowed to manage properties on a downlevel mailbox, but deletion of a mailbox is not supported across the ADC. Am I right, or have we got our ADC misconfigured? (The aim of the exercise is to have our ADSI tools manage/delete mailboxes without regard to where they might be while we're in the process of moving mailboxes to E2K) Thanks Alan _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: It all started with a lie - Q313819
Are we talking about the right attribute here? msExchUserAccountControl is documented and controls locking out the account until the Recipient Update Service has populated the mail address attributes. The LDIFDE problem, discussed in Q324353, is that this method does not set the msExchMailboxSecurityDescriptorAttribute for the user object before the mailbox is created; if this is not done Exchange cannot propogate permissions into the store. Creating with CDOEXM does this correctly. Q304935 has more on this attribute and how to programatically set it to correct the LDIFDE problem; and somewhere in one of these or a linked KB article is the flat statement that the *only* way to create a mailbox programatically is with CDOEXM. -Original Message- From: Moore, David K [mailto:[EMAIL PROTECTED]] Sent: 19 September 2002 21:17 To: Exchange Discussions Subject: It all started with a lie - Q313819 So, I write this to test the waters and see how others have managed this issue - For many years, going back to 4.0, we used CSV files to create/manage/delete mailboxes within Exchange and this worked well. Then comes along Exchange 2000, which with it's integration of Active Directory and the requirement to use LDIFDE. Ok, no problem I can learn new tools and I learn the silly new LDIF import format and I make it do what I want it to do - mailbox enable an existing AD account. All is well until a few weeks following the mailbox enabling of the accounts, our users discover access to public folders (along with free/busy, off-line address book, etc) can not be had. A call to Microsoft produces the answer that, the attribute of msExchUserAccountControl had not been properly populated into AD. Microsoft writes a script for us that uses CDOEXM to re-set the permissions and while this does resolve the problem for existing users it doesn't resolve the on-going problems. So, Microsoft transferred me between a few groups (it's hard I guess to know what is what when you've got half of your mail system managed by another non-communicative group - Active Directory support) where I landed with an LDIFDE support engineer. This engineer then proceeded to explain that it was not possible to create mailbox enabled AD accounts with LDIFDE and pointed me to an article Q324353 [XADM: Users Cannot Access Public Folders or Delegate Mailboxes on a Separate Server] which states: If you want to use LDIFDE/ADSI to create users, Microsoft recommends that you use LDIFDE/ADSI to create only the user accounts, and then use Active Directory Users and Computers to create the mailboxes. to which I replied that Microsoft does support it and the answer can be found in Q313819 - [HOW TO: Create Mailbox-Enabled Account Using LDIFDE in Exchange 2000 Server] and after a bit of discussion Microsoft decided that it really sucks. It all seems to boil down to the fact that no one knows how the encoding of msExchUserAccountControl is done (in PSS that is) and without the ability to set that attribute at creation time, the RUS does not properly setup the account and Microsoft has no intentions to support this, even with the Q article on how to do it. So, my question? Simple - has anyone managed to use LDIFDE to create and mailbox enable or just to mailbox enable an existing account in AD and had it work properly, namely the use of public folders? I don't know about others that have a long history with Exchange but, do some of you feel that Exchange has made some real steps backward from the functionality that Exchange 5.5 had? And a word of warning to those still on 5.5 - if it aint' broken, don't fix it. Thanks, david moore Chevron Phillips Chemical _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Creating EX2K mailboxes programmatically from C++
Does anyone have any samples, or links, or know of any good books, that cover creating/managing Ex2K mailboxes programatically from C++? A Google search and looking on obvious sites has lots of samples, but they're all in VB and are basically clones of the rather underdescribed stuff in MSDN. We have here a user managemant system written in C++ that I need to make Ex2K aware, and I'd like to shortcut a lot of the experimentation that seems needed to translate the VB way into C++/COM Thanks _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Admin access to Ex2K mailboxes
On our Exchange 5.5 system we've set the Exchange Admins group to be able to read all messages in people's mailboxes - we get a large number of support calls from users where we need to look at what they've got. We haven't yet found a way of setting this on Ex2K so that the permissions are set as the mailboxes are created. It must be there in some policy somewhere - can anyone give us a recipy? Thanks _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Admin access to Ex2K mailboxes
Thanks, Kevin. That does it on a mailbox-by-mailbox basis though - what we want is to have those rights inherited automatically as we create each mailbox Alan Tis very simple Admin Rights to mail boxes http://support.microsoft.com/default.aspx?scid=kb;en-us;Q184573 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Admin access to Ex2K mailboxes
Hi Kevin - Yes, the link you sent to Q184573 shows how to set permissions explicitly on a mailbox. But you put us on the right track, and what we needed was Q262054 - the trick is to look up service account in TexhNet. Thanks! Alan -Original Message- From: Kevin Miller [mailto:[EMAIL PROTECTED]] Sent: 09 April 2002 16:16 To: Exchange Discussions Subject: RE: Admin access to Ex2K mailboxes I just double checked that link, and it is a global setting. Not per mail box. Not sure what you got? _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: IMAP client causes 13000 event log entry
Go look at the profile for the client [mailboxname]. See what's funny - ie. They're hitting the mailbox using MAPI and IMAP within the same profile, with both trying to deliver to PST... Don't just fix it - delete it and build it properly from scratch using only the services you need. Not applicable in this case. I tracked down one user, and he's accessing his mailbox from a Linux box using a client called KMail _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
IMAP client causes 13000 event log entry
All of a sudden, we are seeing quite a few occurences of download failure involving IMAP 4 clients (servers are all Ex5.5SP4 on NT4SP6a, running Norton AV 2.17) The MSExchange IMAP4 Interface logs an error with ID 13000 and text: An error (0x7da) occurred while rendering a message for download on mailbox mailboxname EventID.net has nothing on ID 13000; nothing in the group messages we have stored; archives not working. TechNet has a few KB articles on similar messages, but none with this specific error code and all allegedly fixed well before SP4. Anyone able to suggest what we might look for in this specific case or what 0x7da indicates (it certainly doesn't make sense as a Win32 error code...)? Thanks _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Antivirus causing move errors thingamajig
We've noticed problems like this with NAV 2.17 in the last few weeks. Everything was fine when we were on 2.16, and all of a sudden we had a horde of users reporting move/archive problems. Eventually we noticed that on both the servers involved, the scan attachment in background setting was set to off (Select AutoProtect in the Web GUI interface). This certainly *should* have been on - we surmise that the upgrade from 2.16 to 2.17 set it to off. The effect seems to have been that NAV *never* did any background scanning, even when Live Update changed the virus definitions. We set it the switch to on, cycled NAV and IS, and immediately NAV started a background scan. Since then, we have (so far!!) had no complaints; a couple of users who did see problems specifically retested and things worked OK. Alan -Original Message- From: Halliday S (ISELS) [mailto:[EMAIL PROTECTED]] Sent: 14 December 2001 10:09 To: Exchange Discussions Subject: RE: Antivirus causing move errors thingamajig If you check the archives, I had and still have the same problem here with NAV and users not being able to move attachments. I had MS look at it and Symantec and both blamed each other. I ran optimiser and that didn't cure it. The next stage (which I still haven't got round to yet) is checking the IS for corruption. What I have found is that when I upgrade to a new version of NAV (uninstall/reinstall) it starts of working fine and then gradually performance becomes a real issue with alot of stuff being quarantined (when quarantining is disabled!) and users start to get mail sitting in the outbox for a while. I am running NAV 2.17 Build 75 in MAPI/VAPI. Ex 5.5 SP4.0, NT4.0 SP5a. Stephanie. University of Glamorgan. UK _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Antivirus causing move errors thingamajig
I am running NAV 2.12 in MAPI/VAPI and it seems to work fine IF the background scanning option is enabled. The only drawback is that every time the definitions are updated it must rescan the whole IS in the background (about 24 hours for our 20G store). In version 2.14 the added an option to inhibit the automatic rescanning when new definitions are installed. How did you get version 2.17? We paid extra for a year of updates and had to call and bug them to get the corporate 7.6 update but they sent no navmse update. However, if you disable background-scan-after-Live-Update you're back where you started, with all scanning needing to be done at first attachment access time Our 12Gb store takes about 12 hours to scan - depends on number of attachments, server spec and so on, of course. We took one server from 385M to 1024M and it made a *lot* of difference here. We have Gold Support, so we posted a note on their message board and asked for a link. That gets you a password-protected ZIP file. I'm not sure that they have not changed this now - some replies to requests I've seen lately said to phone the Symantec Support Line. In general their update policy is lousy - they don't even put a note of what their latest version *is* anywhere I've found... _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Mailbox
In addition to those locations, check the Outlook Today folder. It's a common problem for people to drop stuff there - you'll never see it again with the standard OL client. You'll need to use an IMAP or Exchange client to clean those out. O2K Advanced Find shows stuff in Outlook Today - it calls it Top Of Information Store. You can delete from the find results window _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Mailbox
And I just noted that Q289949 explains how to disable viewing the root folder as Outlook Today to allow for recovery of lost items I think OL98 does that, too. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
O2K transport stack order not reliable?
We have a couple of users with O2K installed in CW mode, set to use mailboxes on our EX5.5SP4 servers and also POP mailboxes on a Unix machine. They want mail to Internet addresses to go out via the SMTP smarthost set up in the POP configuration, so they have the Internet Mail transport at the top of the delivery stack above the Exchange service. The users *claim* that up to 6 weeks ago it worked as they wanted; but since then *all* messages go out via the Exchange server. We've tried on a test system using O2K SP2, and find that about 1 in 4 messages to Internet addresses don't go via the SMTP transport but use the Exchange server. The connection to the SMTP server is reliable on a LAN - there's not enough time for it to be timing out, and testing shows that if O2K gets a refused connection from the smarthost you get a popup message. So it looks like the client just doesn't always respect the defined transport stack order. Has anyone got any ideas what might be going on? Thanks! _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]