Server 2008 R2, MS IIS build 7.5 being used as an outgoing SMTP relay only. Session/message limits and attachment limits set to 500 MB per attachment and session. Attachment is between 10-20 KB.
When sending out mass e-mails via our GoldMine CRM software
, the attachment comes through in the body of the text as base64 encoding. If I send it out via Outlook it works fine. Sending the e-mail with attachment via GoldMine
to an individual comes through just fine. It's only when sending to multiple recipients. This also includes HTML
based e-mails. The HTML will come through as plain text and not parsed.
If I change the outgoing SMTP to use our ISP's server which is also an IIS 7.5 relay (relay.somedomain.com — 66.110.x.x) it goes through with success.
xmail*.myhosting.com is the 3rd party e-mail hosting provider we use to receive our e-mail. We stopped using them as an outgoing host because we were constantly being black listed via RBL's.
Here is the e-mail server log:
#Software: Microsoft Internet Information Services 7.5
#Version: 1.0
#Date: 2016-05-17 13:12:32
#Fields: date time c-ip cs-username s-computername s-ip s-port cs-method cs-uri-query sc-status sc-win32-status sc-bytes cs-bytes time-taken cs-version cs-host cs(User-Agent)
2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 EHLO +MAILSVR01.localdomain.com 250 0 231 36 0 SMTP - -
2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 MAIL +FROM:<me@ourdomain.com> 250 0 46 33 0 SMTP - -
2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<email1@ourdomain.com> 250 0 35 32 0 SMTP - -
2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<email2@ourdomain.com> 250 0 33 30 0 SMTP - -
2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<email3@ourdomain.com> 250 0 32 29 0 SMTP - -
2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<email4@ourdomain.com> 250 0 38 35 0 SMTP - -
2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<email5@ourdomain.com> 250 0 37 34 0 SMTP - -
2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 RCPT +TO:<email6@ourdomain.com> 250 0 34 31 0 SMTP - -
2016-05-17 13:12:32 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 DATA +<SjQ5TkVLTShMNzFHJD5QNTk3ODk5NzEy@MAILSVR01> 250 0 130 43284 15 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 220+relay.COC.com+Microsoft+ESMTP+MAIL+Service,+Version:+7.5.7600.16385+ready+at++Tue,+17+May+2016+09:12:31+-0400+ 0 0 114 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 EHLO MAILSVR01.localdomain.com 0 0 4 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 250-relay.somedomain.com+Hello+[66.110.xx.xxx] 0 0 39 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 MAIL FROM:<sender1@ourdomain.com>+SIZE=43574 0 0 4 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 250+2.1.0+sender1@ourdomain.com....Sender+OK 0 0 44 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<email1@ourdomain.com> 0 0 4 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<email2@ourdomain.com> 0 0 4 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<email3@ourdomain.com> 0 0 4 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<email4@ourdomain.com> 0 0 4 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<email5@ourdomain.com> 0 0 4 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 RCPT TO:<email6@ourdomain.com> 0 0 4 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 250+2.1.5+email1@ourdomain.com+ 0 0 33 0 0 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 250+2.1.5+email2@ourdomain.com+ 0 0 31 0 16 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 250+2.1.5+email3@ourdomain.com+ 0 0 35 0 16 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 250+2.1.5+email4@ourdomain.com+ 0 0 31 0 16 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 BDAT 43574+LAST 0 0 4 0 16 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 250+2.6.0+<RELAYbnGjke2bgzMnJt00001ab6@relay.somedomain.com>+Queued+mail+for+delivery 0 0 78 0 344 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 QUIT - 0 0 4 0 344 SMTP - -
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionResponse MAILSVR01 - 25 - 221+2.0.0+relay.somedomain.com+Service+closing+transmission+channel 0 0 60 0 344 SMTP - -
2016-05-17 13:12:34 192.168.x.x MAILSVR01.localdomain.com MAILSVR01 192.168.4.15 0 QUIT MAILSVR01.localdomain.com 240 1794 79 4 0 SMTP - -
This is how the e-mail is received with headers:
Return-Path: <myemail@ourdomain.com>
Delivered-To: myemail@ourdomain.com
Received: (qmail 26071 invoked from network); 17 May 2016 12:33:54 -0000
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on xsa04.softcom.biz
X-Spam-Level:
X-Spam-DCC: : xsa04 1323; Body=1 Fuz1=1
X-Spam-Pyzor:
X-Spam-Status: No, score=-0.1 hits=-0.1 required=5.0 tests=AWL,BAYES_00,
MISSING_HEADERS,RDNS_NONE,URIBL_BLOCKED autolearn=no version=3.3.1
Received: from unknown (HELO relay.somedomain.com) ([66.110.xx.xx])
(envelope-sender <myemail@ourdomain.com>)
by xmail04.myhosting.com (qmail-ldap-1.03) with SMTP
for <email1@ourdomain.com>; 17 May 2016 12:33:48 -0000
Received: from MAILSVR01.localdomain.com ([66.110.xx.xx]) by relay.somedomain.com with Microsoft SMTPSVC(7.5.7600.16385);
Tue, 17 May 2016 08:30:14 -0400
Received: from MAILSVR01.localdomain.com ([192.168.x.xx]) by MAILSVR01.localdomain.com with Microsoft SMTPSVC(7.5.7601.17514);
Tue, 17 May 2016 08:30:15 -0400
Date: Tue, 17 May 2016 08:30:15 -0400
From: Travis <myemail@ourdomain.com>
Subject: Test Day 2 #1
Bcc:
Return-Path: myemail@ourdomain.com
Message-ID: <RELAYz2hW3BdeUJt3qL00001ab4@relay.somedomain.com>
X-OriginalArrivalTime: 17 May 2016 12:30:14.0665 (UTC) FILETIME=[DCECC790:01D1B037]
To: ---redacted--
Message-ID: <SjQ5S09PSyFKWDEgJD5QNTk1MzYyNTEy@MAILSVR01>
Mime-Version: 1.0
Organization: Company Name
X-Mailer: GoldMine [2014.1.0.489]
X-GM-Attachments-Sync-Time: 20160517083014
Content-Type: multipart/mixed; boundary="nqp=nb64=()17phzZSPf"
Return-Path: myemail@ourdomain.com
X-OriginalArrivalTime: 17 May 2016 12:30:15.0874 (UTC) FILETIME=[DDA54220:01D1B037]
--nqp=nb64=()17phzZSPf
Content-Type: text/plain
Test day 2
--nqp=nb64=()17phzZSPf
Content-Type: image/jpeg; name="image9.jpeg"
Content-Disposition: attachment; filename="image9.jpeg"
Content-Transfer-Encoding: base64
/9j/4Q/+RXhpZgAATU0AKgAAAAgACwEPAAIAAAAGAAAAkgEQAAIAAAAJAAAAmAESAAMAAAAB
AAYAAAEaAAUAAAABAAAAogEbAAUAAAABAAAAqgEoAAMAAAABAAIAAAExAAIAAAAGAAAAsgEy
-----removed fluff to cut down for Server Fault character limit----
AKGhrCvfip8DkRkktNfYf9d7fj6/uqwm+K/wSBaSHT9dcdCDcwdPUYhqPrstbN/cy3RXl+B/
/9l=
--nqp=nb64=()17phzZSPf--
Headers for a successful e-mail attachment through our ISP's SMTP.
Subject:Test Day 2 #2
Date:Tuesday, May 17, 2016 8:43 am
From:Travis <myemail@ourdomain.com>
To:<redcated recipients>
Org:Western Plastics
X-Mailer:GoldMine [2014.1.0.489]
MIME Version:1.0
MIME Type:multipart/mixed; boundary="nqp=nb64=()J6Ske6A0R"
Message-id:<SjQ5TEtDMSA5QF9JJD5QNTk2MTgyODU4@MAILSVR1>
Return-Path:<myemail@ourdomain.com>
Delivered-To:myemail@ourdomain.com
Received:(qmail 1683 invoked from network); 17 May 2016 12:47:28
-0000
X-Spam-Checker-Version:SpamAssassin 3.3.1 (2010-03-16) on
xsa09.softcom.biz
X-Spam-DCC:: xsa09 1323; Body=1 Fuz1=1
X-Spam-Status:No, score=0.5 hits=0.5 required=5.0
tests=AWL,BAYES_50, RDNS_NONE,URIBL_BLOCKED autolearn=no
version=3.3.1
Received:from unknown (HELO relay.COC.com) ([66.110.220.12])
(envelope-sender <myemail@ourdomain.com>) by
xmail08.myhosting.com (qmail-ldap-1.03) with SMTP for
<email1@ourdomain.com>; 17 May 2016 12:47:24 -0000
Received:from MAILSVR1.localdomain.com ([66.110.xx.xx]) by
relay.somedomain.com with Microsoft SMTPSVC(7.5.7600.16385); Tue, 17 May
2016 08:43:54 -0400
Return-Path:myemail@ourdomain.com
X-OriginalArrivalTime:17 May 2016 12:43:54.0806 (UTC)
FILETIME=[C5C45D60:01D1B039]
Attachments:\\192.168.x.x\MailBox\Attach\TRAVIS\image7.jpeg
Test Email 2
Best Answer
Finally figured it out after a lot of scrutinizing log files.
The e-mail client was sending
DATA
but the internal SMTP server was sending it out to the smart host viaBDAT
and evidently this is a potential DDoS issue and I guess somewhere along the way it was not allowing it to process properly. It's possible that ourSonicWall
firewall was screwing with it some how also.Offending Line:
2016-05-17 13:12:32 66.110.xx.xxx OutboundConnectionCommand MAILSVR01 - 25 BDAT 43574+LAST 0 0 4 0 16 SMTP - -
So the solution was to disable BDAT, BINARYMIME and CHUNKING on the local SMTP Server.
Credit/Source Link:
https://adaptivethinking.wordpress.com/2010/12/21/smtp-esmtp-and-the-bdat-baddie/
https://joekiller.com/2007/09/19/bdat-causing-smtp-service-to-drop-email/
In case the link is no longer available here are the steps they outlined.
Telnet to the mail host and issue the
ehlo
command. Check the verbs the server returns. It should haveBINARYMIME
andCHUNKING
listed. After these steps you will not have these.Verify
BINARYMIME
andCHUNKING
are turned on.:telnet localhost 25
Type ehlo
Install IIS6.0 Resource Kit
Open
IIS Metabase Explorer
Navigate to
LM\SmtpSvc\1
Look for
SmtpInboundCommandSupportOptions
Here the default value was
7697601
. I knew that I wanted to disable the BINARYMIME and CHUNKING verbs so using the table here I subtracted2097152
(BINARYMIME) and1048576
(CHUNKING) from7697601
:7697601 - (2097152 + 1048576) = 4551873
Set the
SmtpInboundCommandSupportOptions
value to4551873
Disable BDAT
Navigate to
LM\SmtpSvc
Change value of
SmtpOutboundCommandSupportOptions
from7
to5
Close the
IIS Metabase Explorer
and restarted theIIS Admin Service
(which in turn restarts theSimple Mail Transfer Protocol
(SMTP) service).Repeat the steps to connect to the server via
telnet
and verify they have been removed. If they have not make sure you are in the\1
subdirectory when you make the changes.