"Jeff Cochran" <jeff.nospam@zina.com> wrote in message
news:417a2b89.510790738@msnews.microsoft.com...
> On Tue, 19 Oct 2004 08:10:42 -0600, "m.marien" <mm AT RiverCityCanada
> DOT com> wrote:
>
>>I get the following message in my System Event Log.
>>
>>"Message delivery to the remote domain 'citibank.com' failed for the
>>following reason: The remote server did not respond to a connection
>>attempt."
>>
>>There is nothing in the log files for the time the event happened or for
>>the
>>domain, nor is the domain mentioned in the SMTP logs at all. The message
>>is
>>repeated many times, but the domain changes.
>>
>>This on a Win2000 SMTP server. The server is setup to accept mail for
>>several remote domains which are routed to a smart host for those domains.
>>Otherwise the relay list on the Access tab is empty and the "Allow all
>>computer which successfully authenticate..." is unchecked. There is no
>>outbound mail from this server except for NDRs as far as I know.
>>
>>The domains have a very light mail demand, so there is not a lot of mail
>>routed through here except for SPAM of course. So what's happening here ?
>>Why is this SMTP server trying to contact these domains, or is the message
>>misleading and it's the other way around, they are trying to contact this
>>SMTP server ?
>
> Check your SMTP logs to see what really is happening. My guess is
> you're not sending a bunch of mail to CitiBank, and that you're
> relaying SPAM, but you can tell better by looking at your logs and the
> Badmail folder (or Queue).
>

DOT com> wrote:

>I get the following message in my System Event Log.
>
>"Message delivery to the remote domain 'citibank.com' failed for the
>following reason: The remote server did not respond to a connection
>attempt."
>
>There is nothing in the log files for the time the event happened or for the
>domain, nor is the domain mentioned in the SMTP logs at all. The message is
>repeated many times, but the domain changes.
>
>This on a Win2000 SMTP server. The server is setup to accept mail for
>several remote domains which are routed to a smart host for those domains.
>Otherwise the relay list on the Access tab is empty and the "Allow all
>computer which successfully authenticate..." is unchecked. There is no
>outbound mail from this server except for NDRs as far as I know.
>
>The domains have a very light mail demand, so there is not a lot of mail
>routed through here except for SPAM of course. So what's happening here ?
>Why is this SMTP server trying to contact these domains, or is the message
>misleading and it's the other way around, they are trying to contact this
>SMTP server ?

"m.marien" <mm AT RiverCityCanada DOT com> wrote in message
news:10na8358dmcce9e@corp.supernews.com...
>I get the following message in my System Event Log.
>
> "Message delivery to the remote domain 'citibank.com' failed for the
> following reason: The remote server did not respond to a connection
> attempt."
>
> There is nothing in the log files for the time the event happened or for
> the domain, nor is the domain mentioned in the SMTP logs at all. The
> message is repeated many times, but the domain changes.
>
> This on a Win2000 SMTP server. The server is setup to accept mail for
> several remote domains which are routed to a smart host for those domains.
> Otherwise the relay list on the Access tab is empty and the "Allow all
> computer which successfully authenticate..." is unchecked. There is no
> outbound mail from this server except for NDRs as far as I know.
>
> The domains have a very light mail demand, so there is not a lot of mail
> routed through here except for SPAM of course. So what's happening here ?
> Why is this SMTP server trying to contact these domains, or is the message
> misleading and it's the other way around, they are trying to contact this
> SMTP server ?
>

"m.marien" wrote:

>
> "m.marien" <mm AT RiverCityCanada DOT com> wrote in message
> news:10na8358dmcce9e@corp.supernews.com...
> >I get the following message in my System Event Log.
> >
> > "Message delivery to the remote domain 'citibank.com' failed for the
> > following reason: The remote server did not respond to a connection
> > attempt."
> >
> > There is nothing in the log files for the time the event happened or for
> > the domain, nor is the domain mentioned in the SMTP logs at all. The
> > message is repeated many times, but the domain changes.
> >
> > This on a Win2000 SMTP server. The server is setup to accept mail for
> > several remote domains which are routed to a smart host for those domains.
> > Otherwise the relay list on the Access tab is empty and the "Allow all
> > computer which successfully authenticate..." is unchecked. There is no
> > outbound mail from this server except for NDRs as far as I know.
> >
> > The domains have a very light mail demand, so there is not a lot of mail
> > routed through here except for SPAM of course. So what's happening here ?
> > Why is this SMTP server trying to contact these domains, or is the message
> > misleading and it's the other way around, they are trying to contact this
> > SMTP server ?
> >
>
> Here is an interesting follow up on this problem and possibly an answer. I
> checked one of my other IIS5.0 SMTP servers. I was testing to see if it
> would send a message to an IP address a while back. It has a message
> addressed to mm@[192.168.0.17] stuck in the queue with a date of
> sept.27.2004. There is a log:
>
> 2004-09-27 15:12:48 192.168.0.17 mycomputer.myDomain EHLO -
> +mycomputer.myDomain 250 214 30 172 SMTP -
> 2004-09-27 15:12:48 192.168.0.17 mycomputer.myDomain MAIL -
> +FROM:<murray@myDomain> 250 52 39 0 SMTP -
> 2004-09-27 15:12:48 192.168.0.17 mycomputer.myDomain RCPT -
> +TO:<mm@[192.168.0.17]> 250 30 27 0 SMTP -
> 2004-09-27 15:12:48 192.168.0.17 mycomputer.myDomain DATA -
> +<6.1.1.1.0.20040927091233.01a069b0@darkstar> 250 128 1009 219 SMTP -
> 2004-09-27 15:12:48 192.168.0.17 mycomputer.myDomain QUIT -
> mycomputer.myDomain 240 84 4 0 SMTP -
>
> (I changed the domain name in the log entries for obvious reasons.) There is
> only one log, as I checked the entire log directory for log entries for
> [192.168.0.17]. However, the System Event log is filled with these messages
> regularly every four hours since Sept.27.2004
>
> 10/19/2004 7:51:37 PM smtpsvc Warning None 4000 N/A DARKSTAR Message
> delivery to the remote domain '[192.168.0.17]' failed for the following
> reason: The remote server did not respond to a connection attempt.
>
> The question would be then, how long will the SMTP server keep trying ???
> The expiry time out is set at the default 2 days. The SMTP server has been
> trying since September 27, 2004. It should quit trying already eh !
>
> So the original problem appears to be the same as this. I suspect that the
> messages generating the system events are NDRs. I cleaned out about 3000
> messages (all NDR) from the Badmail folder and emptied the queue a few days
> ago. There were just the three messages left as I reported in another
> message in this thread.
>
> The NDR are generated from the remote domains. The remote SMTP servers
> refuse the messages because the user doesn't exist and the IIS SMTP server
> routing for the remote servers is trying to send a NDR back to the original
> sender. The original sender of course doesn't exist because the message is
> just SPAM.
>
> So there are two problems here. One, as noted above, the SMTP server doesn't
> seem to give up on NDR's after two days. Second, the IIS SMTP doesn't handle
> SPAM for remote domains very well. When the remote domain refuses the
> message, the SMTP server generates a NDR and goes on forever trying to
> deliver it. Not only that, I think the SMTP server is still trying to
> deliver the messages that I deleted from the queue. How does that work ?
>
> So is there a way for the IIS SMTP server to handle the rejected messages
> from remote domains better ?
>
>
>
>
>
>