We had problems today with our Exchange 2003 Server in that a large number of messages were not being delivered. Looking in the Exchange queues, the messages were variously reported as having statuses like 'The connection was dropped by the remote host'. I turned on detailed logging, and noticed that all the troublesome messages were using the BDAT SMTP verb instead of the DATA verb. This was further confirmed by reviewing packet captures using Ethereal.
I have not been able to determine why this is occurring, and whether this has always been happening or just started happening recently. However, I tried a quick work-around (found on the Net). I turned off the extended verbs in the SMTP connector (under Routing Groups) by checking the Send HELO instead of EHLO option on the advanced tab.
One possible theory gleaned from Usenet revolves around the Symantec Anti-Virus software that was installed on the Exchange server. A technical note from Symantec expressly warns against installing the Internet E-Mail Auto-Protect feature on an SMTP server of any kind. Sure enough, our server had the auto-protect feature installed, and active. I de-activated it for good measure, but perhaps I ought to uninstall it completely (a major operation on a production email server). I'll watch it and see if de-activating it is enough.
Another Usenet message referred to scenarios exactly like what I was seeing. They suddenly started getting timeout errors and such where none had appeared before. Apparently, they talked about the problem to their ISP and the ISP made unspecified changes that fixed the problem. I don't know whether to take these messages seriously or whether they were just using the ISP story as a convenient way to wrap up a long interactive discussion after finding a simple mistake was causing the problem.
Incidentally, using the Microsoft IIS logging format was more useful than the W3C Extended option because the former could be more readily loaded into Excel. Furthermore, it took me a while to figure out how to get the extra fields (i.e. useful fields) configured in the latter by configuring the properties after selecting the logging type. The IIS format automatically includes all of the extra fields. Just don't keep a log file open in Excel for an extended period -- it seems to block all logging and possibly even the queue servicing.
