Friday, 13 March 2009

SMTP: Advanced Queue Failed to Deliver Message in ESM

We noticed a while ago that emails were suddenly disappearing without trace, no NDR being genereated. The email just seems to disappear.

There are multiple ways to resolve this issue but I'll explain my method which will hopefully point most people in the right direction.

Firstly you need to find out exactly what the issue is, in my case we tracked the message in ESM and found the message was received by the server but then never delivered with the message; "SMTP: Advanced Queue Failed to Deliver Message in ESM"

You should enable message tracking, by right clicking the mail server in ESM and checking the tracking box on the general properties page.

Review the log file to find the exact event id from the exchange server.

An example of my case is as follows:
10:33:38 GMT SERVER2K3 user1@domain2.co.uk 1019
user2@domain1.co.uk
10:33:38 GMT SERVER2K3user1@domain2.co.uk 1025
user2@domain1.co.uk
10:33:44 GMT SERVER2K3 user1@domain2.co.uk 1026
user2@domain1.co.uk


You should use the following link to reference the event ID's

Message tracking event IDs in Exchange Server 2003
http://support.microsoft.com/kb/821905

Event 1026 is most likely caused by the 3rd party Anti Spam software
running on exchange server.

Either the message was detected as spam or there may have been some corruption in the message. McAfee GroupShield installed on the Exchange server can also cause this.

We actually found that by disabling the scanning function in Group shield this resolved the error.

I have also however noticed in the past that GFI can cause this issue to, you should look in the Program files directory under GFI for any emails, you will most likely find them there.

Did I solve your problem? Buy me a virtual beer by clicking on a Google ad :). Thanks!


3 comments:

  1. Brilliant, thanks. This helped me a lot. Lindsay

    ReplyDelete
  2. I also had this exact problem. In my case, it was Sophos PureMessage antispam on my Exchange 2003/Win2003 server that was quarantining the messages (all for good reason). Basically, I had staff connecting via SMTP authenticating with their company e-mail address and AD password. However, as their company address was intentionally not in the whitelist (so we can filter mail spammers masquerading as them), their own outbound mail was getting filtered and so quarantined. So until I work out a better solution, I've had to add our own external domain to the whitelist, but risk the wrath of spammers.

    ReplyDelete
  3. I had encountered a similar problem. It turned out that the firewall was getting in the way. So I had to configure additional exemptions.

    ReplyDelete