Weird Untangle / Exchange Issue - Incoming emails stop until servers are rebooted

[Pilotpak]

Hi,

We have been running Untangle / Exchange (Win Server 2008) for several years. Over the past 3 weeks, a weird issue has surfaced.

All works perfectly for around (but not exactly) 24 hours. Then incoming emails from external sources stop. We can receive internal emails and can send emails both internally and externally. Untangle seems fine, plenty of system resources, and all web pages display fine.

Now, here's the weird bit. If we restart Untangle server by itself it does not solve the issue. If we restart the Exchange server by itself it also does not solve the issue. But if we restart both at the same time, it always starts the flow of incoming emails to our users (20 users). All will be fine for the next 24 or so hours, then we'll have to reboot both again.

I didn't see anything obvious in the Exchange event logs. Any idea where I should start looking ?

Apologies, I just tried to upload our topology diagram but the forum isn't allowing me to upload images. BTW, I know it's not recommended, but our Active Directory / DHCP server also runs our exchange, but this has not been an issue in the past.

Thanks in advance

[jcoehoorn]

Sounds like an ARP issue, IP conflict, or similar. Do you run a separate DMZ for your servers? What does the routing look like between your network and the Exchange server and Untangle and the exchange server? When mail is stuck, can the exchange server ping the Untangle server, and vice versa? How does the external vs internal DNS map for you exchange server?

[dwasserman]

Try to take a NDR from some mail not received.

[sky-knight]

I agree with JCoehoorn, it sounds like something on your network is trying to spoof either the MAC or the IP address of the Exchange server.

[Pilotpak]

Excellent. Thanks for the suggestions. I'm going onsite now to look at the ideas, so I'll update the post soon.

[dmorris]

I doubt its any of the above.

Regardless you'll need to stop rebooting and stop troubleshooting. Rebooting is going to make this issue harder to find and its not going to fix anything.
When it fails what happens. Can you connect to your mail server? Is traffic flowing? Is email being scanned? Whats in the logs?
You'll need to determine where the SMTP process is failing.

You have many tools to do so including the packet tests, tcpdump, reports, logs on the exchange server.
Luckily you can test yourself by sending mail from externally and get those logs too.

Hopefully that will allow you to narrow down the issue further.

[Pilotpak]

Hi, Thanks for this. Probably a little early to claim success, but I think the problem may be solved. I ran an SMTP Diag test from MX-Toolbox and found our reverse DNS lookup was failing. Our ISP updated the PTR record to match the DNS and emails started flowing without any reboot. ISP says that they won't forward email when the reverse test fails. I assuming that the port 25 traffic I was seeing in the Untangle Port Forward log was simply the Greeting / Helo messages.

I still can't work out why the server reboots got mail flowing for a short time.