Inbound delays from Message Labs

View Only

Back to discussions

Expand all | Collapse all

Inbound delays from Message Labs

1. Inbound delays from Message Labs

Recommend

Migration User

Posted Jun 14, 2016 08:06 AM

We are seeing delays on inbound email from clients that use the messagelabs service. The last one was over 4 days.

Any ideas?

Anonymised header:

Received: from edge.ourdomain.com (xxxx.xxx.xxx.xxx) by InternalServer.Local

(xxx.xxx.xxx.xxx) with Microsoft SMTP Server (TLS) id 14.3.279.2; Mon, 13 Jun

2016 20:32:41 +0100

Received: from mail1.bemta3.messagelabs.com (195.245.230.164) by

edge.ourdomain.com (xxx.xxx.xxx.xxx) with Microsoft SMTP Server (TLS) id

14.3.279.2; Mon, 13 Jun 2016 20:32:37 +0100

Return-Path: <user@address>

Received: from [85.158.137.83] by server-4.bemta-3.messagelabs.com id

B7/4D-31933-8CD99575; Thu, 09 Jun 2016 16:48:08 +0000

X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrKLsWRWlGSWpSXmKPExsVyU6aHU/fI3Mh

wg4kP9CwmNrxmt7g3cwKbxZGD79ksOu4+ZnNg8djU+YMxgDGKNTMvKb8igTXj/pSTjAUr2lUq

jvY1MzcwPjqs2MXIxSEksJlR4uSctcxdjJxAzh5GibWHE0FsNgFdicajs5lAikQEVjJKvOo/w

AqSYBZQlTh3dj6YLSygLbFz9gW2LkYOoCIdid//aiDqPzFJ/PjxiQ2khkVAReLA9i+MIDavgK

vEmcYXbBCb77FLXLuwBqyIU8BLYtWUK2BDGQVkJb40rmaGWCYucevJfCYQW0JAROLhxdNsELa

oxMvH/1ghbAOJrUv3sUDY8hKPeiZB1VtL/HtwF+wDZoE2Ronzk1+xQ1whKHFy5hOWCYyis5Ds

mIWsbhaSOoiibIlp25pZIWw9iRtTp7BB2NoSyxa+ZoawdSVm/DvEgikODJlvXVD1ihK3r05lh

Vi2mFGi++I5dpiia5M2McEUTel+CBefufMGC0z8+NGrTHDN9+8gFM178YcZm+aJm7bAbZ578R

ojhA3UPHldFEzN8/5VbNj0Tnh6jxUmvmFPPzvE4iWMEr8WbQVKcIAVve4Mw6b3+IrLcPcsfHG

aCa731M79zDC95/qTFjCqrWLUKE4tKkst0jU010sqykzPKMlNzMzRNTQw1stNLS5OTE/NSUwq

1kvOz93ECEz+DECwg/Hlac9DjJIcTEqivII9keFCfEn5KZUZicUZ8UWlOanFhxhlODiUJHgPz

AbKCRalpqdWpGXmAPMQTFqCg0dJhPfOHKA0b3FBYm5xZjpE6hSjopQ470qQhABIIqM0D64Nlv

suMcpKCfMyAh0ixFOQWpSbWYIq/4pRnINRSZjXA2Q7T2ZeCdz0V0CLmYAWLz8SDrK4JBEhJdX

A6LX8t6/gp8M+99us3bX9fEI5CxNVt9UdK1iVEG0hEtQX0dVb/DHxQEZwpXj1t3VMUikbnyW0

6CrmhtkmieybK1Da1Hls9tOgBXfUmFI23bi565Gd9pHjq+pFpdJKhRne5C6IMDD7oPOq8Ye4w

QGe/BgdhsWK05co/xaRsV3yfRNjxyl72y9KLMUZiYZazEXFiQA5F9sgeAQAAA==

X-Env-Sender: user@address

X-Msg-Ref: server-12.tower-140.messagelabs.com!1465490883!35923509!2

X-Originating-IP: [217.28.140.x]

X-StarScan-Received:

X-StarScan-Version: 8.46; banners=address.com,-,-

X-VirusChecked: Checked

Received: (qmail 8987 invoked from network); 9 Jun 2016 16:48:04 -0000

Received: from smtp.hs20.net (HELO outlook.hs20.net) (217.28.140.9) by

server-12.tower-140.messagelabs.com with AES256-SHA encrypted SMTP; 9 Jun

2016 16:48:04 -0000

Received: from THHSTE15D1BE6.hs20.net (192.168.251.27) by

THHSTE15D3BE2.hs20.net (192.168.251.52) with Microsoft SMTP Server (TLS) id

15.0.1178.4; Thu, 9 Jun 2016 17:48:02 +0100

Hop	Delay	From	By	With	Time (UTC)
1	*	THHSTE15D1BE6.hs20.net	THHSTE15D1BE6.hs20.net	mapi	6/9/2016 4:48:01 PM
2	1 Second	THHSTE15D1BE6.hs20.net 192.168.251.27	THHSTE15D3BE2.hs20.net 192.168.251.52	Microsoft SMTP Server (TLS)	6/9/2016 4:48:02 PM
3	2 seconds	smtp.hs20.net 217.28.140.9	server-12.tower-140.messagelabs.com	AES256-SHA encrypted SMTP	6/9/2016 4:48:04 PM
4	0 seconds	network			6/9/2016 4:48:04 PM
5	4 seconds	85.158.137.83	server-4.bemta-3.messagelabs.com		6/9/2016 4:48:08 PM
6	4 days	mail1.bemta3.messagelabs.com 195.245.230.164	edge.ourdomain.com xxx.xxx.xxx.xxx	Microsoft SMTP Server (TLS)	6/13/2016 7:32:37 PM

2. RE: Inbound delays from Message Labs

0 Recommend
TomVie
Posted Jun 15, 2016 02:13 AM

Reply Reply Privately
Hi Pete,

Quite interesting, can any other connects from IPs 195.245.230.0/24 prior 6/13/2016 7:32:37 PM be seen in the logs?

On the other hand

- hs20.net must have had some spam/virus issues in the past (can be seen in historic rbls)

- HELO outlook.hs20.net ... the fqdn is not registered in dns -> any checks on your side?

Regards

Thomas

3. RE: Inbound delays from Message Labs

Recommend

Migration User

Posted Jun 15, 2016 05:22 AM

Hi Tomas

I've logs showing a bunch of inbound via messagelabs from the email address of the client (see below). There's a couple of odd entries that i'm looking into.

Yes, the fqdn's a mess and no spf records so my servers are not going to be overly favorable to this domain.

Timestamp	ClientIp	ClientHostname	SourceContext	Source	EventId	MessageId
01/06/2016 12:46	195.245.231.131	mail2.bemta5.messagelabs.com	08D37944421D4BCB;2016-06-01T11:46:53.276Z;0	SMTP	RECEIVE	<cfe929f34b2a4e2592fdb6a84ec4af3e@THHSTE15D1BE6.hs20.net>
06/06/2016 10:20	195.245.230.172	mail1.bemta3.messagelabs.com	08D37944421E4D7C;2016-06-06T09:20:08.106Z;0	SMTP	RECEIVE	1465204774546.5336@address.com
06/06/2016 14:46	195.245.231.140	mail1.bemta5.messagelabs.com	08D37944421E6D50;2016-06-06T13:46:26.481Z;0	SMTP	RECEIVE	1465220783752.37895@address.com
06/06/2016 17:37	193.109.254.107	mail1.bemta14.messagelabs.com	08D37944421E7AF6;2016-06-06T16:37:22.950Z;0	SMTP	RECEIVE	1465231031813.81861@address.com
07/06/2016 17:39	195.245.230.176	mail1.bemta3.messagelabs.com	08D37944421EAB88;2016-06-07T16:39:58.044Z;0	SMTP	RECEIVE	<4491fac0895b46668b702b3dc7a70105@THHSTE15D1BE6.hs20.net>
08/06/2016 15:36	195.245.231.141	mail1.bemta5.messagelabs.com	08D37944421ED36D;2016-06-08T14:36:53.388Z;0	SMTP	RECEIVE	<359da5877c4742549d4d0221b906b326@THHSTE15D1BE6.hs20.net>
08/06/2016 20:43	195.245.230.163	mail1.bemta3.messagelabs.com	08D37944421EDC7F;2016-06-08T19:43:09.278Z;0	SMTP	RECEIVE	<730bec702555427990a5242267a2421d@THHSTE15D1BE6.hs20.net>
09/06/2016 00:15	195.245.230.169	mail1.bemta3.messagelabs.com	08D37944421EDE98;2016-06-08T23:15:44.919Z;0	SMTP	RECEIVE	<9fc2ceafe25942fda8856b98aeb9aea2@THHSTE15D1BE6.hs20.net>
09/06/2016 02:43	195.245.230.172	mail1.bemta3.messagelabs.com	08D37944421EDFF5;2016-06-09T01:43:21.028Z;0	SMTP	RECEIVE	<458a76ed42524497bf30d46c8d92a46e@THHSTE15D1BE6.hs20.net>
09/06/2016 11:01	195.245.230.165	mail1.bemta3.messagelabs.com	08D37944421EF231;2016-06-09T10:00:59.981Z;0	SMTP	RECEIVE	<1c5b183b920c49c89e5866fd478409c3@THHSTE15D1BE6.hs20.net>
13/06/2016 13:21	195.245.231.148	mail1.bemta5.messagelabs.com	08D37944421FAEB1;2016-06-13T12:21:07.543Z;0	SMTP	RECEIVE	<25685c40f05e432181a062240f1567c9@THHSTE15D1BE6.hs20.net>
13/06/2016 14:15	195.245.231.142	mail1.bemta5.messagelabs.com	08D37944421FB0C9;2016-06-13T13:15:35.543Z;0	SMTP	RECEIVE	<2e8faecfd32945e9be4c05c5177837de@THHSTE15D1BE6.hs20.net>
13/06/2016 14:22	193.109.254.105	mail1.bemta14.messagelabs.com	08D37944421FB177;2016-06-13T13:22:23.528Z;0	SMTP	RECEIVE	<dc2ec5fc8b704f599b2804cb267cd41c@THHSTE15D1BE6.hs20.net>
13/06/2016 14:37	195.245.231.138	mail1.bemta5.messagelabs.com	08D37944421FB1F6;2016-06-13T13:37:49.153Z;0	SMTP	RECEIVE	<c4b400523b344d749a9e5c8d52d0b750@THHSTE15D1BE6.hs20.net>

4. RE: Inbound delays from Message Labs

0 Recommend
TomVie
Posted Jun 15, 2016 06:25 AM

Reply Reply Privately
Hi,

Have you tried to capture these connection using tcpdump?

Probably you'll see that tls handshake is failing - but just a thought.

Could be something like eg outlook.com not accepting client certificate offerings in smg delivery (in that case disable "Offer TLS client certificate").

Have you checked your certificate (cert chain, valid date, etc)?

Thomas

Messaging Gateway

Inbound delays from Message Labs

Migration UserJun 14, 2016 08:06 AM

TomVieJun 15, 2016 02:13 AM

Migration UserJun 15, 2016 05:22 AM

TomVieJun 15, 2016 06:25 AM

1. Inbound delays from Message Labs

2. RE: Inbound delays from Message Labs

3. RE: Inbound delays from Message Labs

4. RE: Inbound delays from Message Labs