Helo but no data RSS Back to forum
@Barry George: What does ORF log exactly? Could you submit the related entries from the ORF log please?
Hi Krisztian,
Here is a past from one of the ORF logs - hope that's what you wanted?
Version: 4.3 REGISTERED
Log Mode: Verbose
Server: claven.dougallmedia.com
Source: SMTPSVC-1
Time: 8/13/2010 7:42:37 AM
Class: Whitelist
Severity: Information
Actions: (not available)
Filtering Point: Before Arrival
HELO/EHLO Domain: (not available)
Related IP Address: 216.82.241.83
Message ID: (not available)
Email Subject: (not available)
Sender:
Recipient(s):
*
Message:
Recipient whitelisted by the sender whitelist.
Version: 4.3 REGISTERED
Log Mode: Verbose
Server: claven.dougallmedia.com
Source: SMTPSVC-1
Time: 8/13/2010 1:49:20 AM
Class: Whitelist
Severity: Information
Actions: (not available)
Filtering Point: Before Arrival
HELO/EHLO Domain: (not available)
Related IP Address: 216.82.241.83
Message ID: (not available)
Email Subject: (not available)
Sender:
Recipient(s):
*
Message:
Recipient whitelisted by the sender whitelist.
And they go on and on, multiple entries to valid address within our organization. Then some will come through showing Subject line etc as per normal. They are all bouncing around from different IP's within the farm.
Are there any On Arrival entries, or only Before Arrival entries? ORF obviously allows the email through the RCPT TO: phase, if there are no On Arrival entries, I would say something (another software) drops them for some reason before the emails could reach the On Arrival phase (end of DATA/BDAT), or the sender terminates the connections somehow... It is hard to tell, but I'm 100% sure it is not ORF (assuming there are no On Arrival entries).
No there is On Arrivals to (these are the email we actually get):
Version: 4.3 REGISTERED
Log Mode: Verbose
Server: claven.dougallmedia.com
Source: SMTPSVC-1
Time: 8/13/2010 9:14:50 AM
Class: Whitelist
Severity: Information
Actions: (not available)
Filtering Point: On Arrival
HELO/EHLO Domain: (not available)
Related IP Address: 216.82.254.211
Message ID: <>
Email Subject: Tags Canadian Blood Services All Markets except Thunder Bay Aug 16 - Aug 22
Sender:
Recipient(s):
*
Message:
Email whitelisted by the sender whitelist.
We do have a Firewall appliance that has spam filtering and I've taken a look at it to see if there is something that might be causing this intermittent problem. I've added the senders domain to the exception list and I monitor to see if it makes any difference. It not I'll disable the Firewall spam filtering altogether and check again.
I'm looking for some troubleshooting advice for the following problem:
I have a client that sends us regular email - they have been whitelisted for a long time. I see in the IIS logs that a Helo and to, from, connection is established but no data is passed. The connection then quits. This also seems to be intermittent but most times fails. The client is on a server farm. ORF records the connection without any details such has subject etc.
2010-08-12 14:22:37 216.82.241.83 mail37.messagelabs.com SMTPSVC1 CLAVEN 216.26.204.69 0 HELO - +mail37.messagelabs.com 250 0 51 27 0 SMTP - - - -
2010-08-12 14:22:37 216.82.241.83 mail37.messagelabs.com SMTPSVC1 CLAVEN 216.26.204.69 0 MAIL - +FROM:+<> 250 0 47 35 0 SMTP - - - -
2010-08-12 14:22:37 216.82.241.83 mail37.messagelabs.com SMTPSVC1 CLAVEN 216.26.204.69 0 RCPT - +TO:+<> 250 0 36 34 32 SMTP - - - -
2010-08-12 14:22:37 216.82.241.83 mail37.messagelabs.com SMTPSVC1 CLAVEN 216.26.204.69 0 RCPT - +TO:+<> 250 0 39 37 31 SMTP - - - -
2010-08-12 14:22:40 216.82.241.83 mail37.messagelabs.com SMTPSVC1 CLAVEN 216.26.204.69 0 QUIT - mail37.messagelabs.com 240 3125 46 4 2672 SMTP - - - -
Can anyone make some suggestions before I call the senders?
Thanks