Recently I was working with a client and we experienced some strange mail flow issues. These issues included old transport rules on Exchange 2010 as well as delayed and VERY slow emails from on-premises mailboxes to mailboxes in Exchange Online. First, the setup:
- Multiple Exchange 2016 servers
- Multiple Exchange 2010 Servers – Internet mail in and out
- MFA on Exchange 2010
Some troubleshooting steps that we took were as follows:
- DNS Resolution – Check basic name resolution
- Proxy rule check (web proxy servers were in use)
- SMTPDiag tests – Using the SMTPDiag tool (if you can find it anymore)
- Message Tracking (Exchange on-premises) / Message Traces (Office 365)
- Message Header review – once an email was delivered to a migrated mailbox in Exchange Online.
- SPF Records – the current one had 10+ lookups, which was also causing other issues
In the end, it was revealed that there was a LONG delay between the Exchange 2016 servers and the receiving servers in Exchange Online. The client was able to confirm the servers were excluded from any proxies for outbound traffic. SMTPDiag and SMTP Queues both showed refused connections. The IP Address provided for the SMTP destination was strange [possibly an OpenDNS server?]. A WhoIs lookup revealed that it belonged to OpenDNS and not Microsoft.
In the end, we dug deeper into DNS server configurations and found that there were Forwarders in place. These forwarders were pointed to servers other than Google, or their ISPs servers. We then removed these entries, cleared the DNS servers cached and tried again. ** Side Note ** We checked the changes with SMTPDiag and NSLookup **
Like magic, SMTP outbound was no longer delayed and the deliveries were made quickly. So when it comes to mail flow, there are a lot of possibilities for obstruction. One more place you can look is if your firewall / Router has a mail filtering program, this could also cause issues. Hope this helps someone.
