Windows Server 2008 R2 Standard
Microsoft Exchange Server 2010
SonicWALL TZ 215 w/Anti-Spam service
Message sent from sender in February 2014 to three recipients within organization fails.
Message sent from same sender in March 2014 succeeds to two, but fails to one.
--------------------------
RECV LOG FROM 2-27-2014:
2014-02-27T20:48:59.865Z,MAILSERVER\Default MAILSERVER,08D0FDCD3A50E782,24,192.168.0.15:25,192.168.0.15:35652,<,RSET,
2014-02-27T20:48:59.865Z,MAILSERVER\Default MAILSERVER,08D0FDCD3A50E782,25,192.168.0.15:25,192.168.0.15:35652,*,Tarpit for '0.00:00:05',
2014-02-27T20:49:00.553Z,MAILSERVER\Default MAILSERVER,08D0FDCD3A50E783,24,192.168.0.15:25,192.168.0.15:35653,<,RSET,
2014-02-27T20:49:00.553Z,MAILSERVER\Default MAILSERVER,08D0FDCD3A50E783,25,192.168.0.15:25,192.168.0.15:35653,*,Tarpit for '0.00:00:05',
2014-02-27T20:49:01.381Z,MAILSERVER\Default MAILSERVER,08D0FDCD3A50E784,24,192.168.0.15:25,192.168.0.15:35654,<,RSET,
2014-02-27T20:49:01.381Z,MAILSERVER\Default MAILSERVER,08D0FDCD3A50E784,25,192.168.0.15:25,192.168.0.15:35654,*,Tarpit for '0.00:00:05',
2014-02-27T20:49:04.882Z,MAILSERVER\Default MAILSERVER,08D0FDCD3A50E782,26,192.168.0.15:25,192.168.0.15:35652,>,250 2.0.0 Resetting,
2014-02-27T20:49:05.007Z,MAILSERVER\Default MAILSERVER,08D0FDCD3A50E782,27,192.168.0.15:25,192.168.0.15:35652,<,QUIT,
2014-02-27T20:49:05.007Z,MAILSERVER\Default MAILSERVER,08D0FDCD3A50E782,28,192.168.0.15:25,192.168.0.15:35652,>,221 2.0.0 Service closing transmission channel,
2014-02-27T20:49:05.007Z,MAILSERVER\Default MAILSERVER,08D0FDCD3A50E782,29,192.168.0.15:25,192.168.0.15:35652,-,,Local
2014-02-27T20:49:05.569Z,MAILSERVER\Default MAILSERVER,08D0FDCD3A50E783,26,192.168.0.15:25,192.168.0.15:35653,>,250 2.0.0 Resetting,
2014-02-27T20:49:05.694Z,MAILSERVER\Default MAILSERVER,08D0FDCD3A50E783,27,192.168.0.15:25,192.168.0.15:35653,<,QUIT,
2014-02-27T20:49:05.694Z,MAILSERVER\Default MAILSERVER,08D0FDCD3A50E783,28,192.168.0.15:25,192.168.0.15:35653,>,221 2.0.0 Service closing transmission channel,
2014-02-27T20:49:05.694Z,MAILSERVER\Default MAILSERVER,08D0FDCD3A50E783,29,192.168.0.15:25,192.168.0.15:35653,-,,Local
2014-02-27T20:49:06.398Z,MAILSERVER\Default MAILSERVER,08D0FDCD3A50E784,26,192.168.0.15:25,192.168.0.15:35654,>,250 2.0.0 Resetting,
2014-02-27T20:49:06.523Z,MAILSERVER\Default MAILSERVER,08D0FDCD3A50E784,27,192.168.0.15:25,192.168.0.15:35654,<,QUIT,
2014-02-27T20:49:06.523Z,MAILSERVER\Default MAILSERVER,08D0FDCD3A50E784,28,192.168.0.15:25,192.168.0.15:35654,>,221 2.0.0 Service closing transmission channel,
2014-02-27T20:49:06.523Z,MAILSERVER\Default MAILSERVER,08D0FDCD3A50E784,29,192.168.0.15:25,192.168.0.15:35654,-,,Local
RECV LOG FROM 3-37-2014:
2014-03-27T18:35:35.750Z,MAILSERVER\Default MAILSERVER,08D113C62E9CD1EF,23,192.168.0.15:25,192.168.0.15:23888,>,250 2.1.5 Recipient OK,2014-03-27T18:35:38.454Z,MAILSERVER\Default MAILSERVER,08D113C62E9CD1EF,24,192.168.0.15:25,192.168.0.15:23888,<,DATA,
2014-03-27T18:35:38.454Z,MAILSERVER\Default MAILSERVER,08D113C62E9CD1EF,25,192.168.0.15:25,192.168.0.15:23888,>,354 Start mail input; end with <CRLF>.<CRLF>,
2014-03-27T18:35:38.876Z,MAILSERVER\Default MAILSERVER,08D113C62E9CD1EF,26,192.168.0.15:25,192.168.0.15:23888,*,Tarpit for '0.00:00:00.906' due to 'DelayedAck',Delivered
2014-03-27T18:35:38.876Z,MAILSERVER\Default MAILSERVER,08D113C62E9CD1EF,27,192.168.0.15:25,192.168.0.15:23888,>,250 2.6.0 <!&!AAAAAAAAAAAYAAAAAAAAADRdPUXWG8tBlxuGi5vcqd/CgAAAEAAAAHXvgxKX6aBOp+SJnW5mKiYBAAAAAA==@EMAILADDRESS.com> [InternalId=3847] Queued mail for delivery,
2014-03-27T18:35:39.033Z,MAILSERVER\Default MAILSERVER,08D113C62E9CD1EF,28,192.168.0.15:25,192.168.0.15:23888,<,QUIT,
2014-03-27T18:35:39.033Z,MAILSERVER\Default MAILSERVER,08D113C62E9CD1EF,29,192.168.0.15:25,192.168.0.15:23888,>,221 2.0.0 Service closing transmission channel,
2014-03-27T18:35:39.033Z,MAILSERVER\Default MAILSERVER,08D113C62E9CD1EF,30,192.168.0.15:25,192.168.0.15:23888,-,,Local
2014-03-27T18:35:41.080Z,MAILSERVER\Default MAILSERVER,08D113C62E9CD1EE,24,192.168.0.15:25,192.168.0.15:23887,<,DATA,
2014-03-27T18:35:41.080Z,MAILSERVER\Default MAILSERVER,08D113C62E9CD1EE,25,192.168.0.15:25,192.168.0.15:23887,>,354 Start mail input; end with <CRLF>.<CRLF>,
2014-03-27T18:35:41.440Z,MAILSERVER\Default MAILSERVER,08D113C62E9CD1EE,26,192.168.0.15:25,192.168.0.15:23887,*,Tarpit for '0.00:00:00.468' due to 'DelayedAck',Delivered
2014-03-27T18:35:41.440Z,MAILSERVER\Default MAILSERVER,08D113C62E9CD1EE,27,192.168.0.15:25,192.168.0.15:23887,>,250 2.6.0 <!&!AAAAAAAAAAAYAAAAAAAAADRdPUXWG8tBlxuGi5vcqd/CgAAAEAAAAHXvgxKX6aBOp+SJnW5mKiYBAAAAAA==@EMAILADDRESS.com> [InternalId=3848] Queued mail for delivery,
2014-03-27T18:35:41.580Z,MAILSERVER\Default MAILSERVER,08D113C62E9CD1EE,28,192.168.0.15:25,192.168.0.15:23887,<,QUIT,
2014-03-27T18:35:41.580Z,MAILSERVER\Default MAILSERVER,08D113C62E9CD1EE,29,192.168.0.15:25,192.168.0.15:23887,>,221 2.0.0 Service closing transmission channel,
2014-03-27T18:35:41.580Z,MAILSERVER\Default MAILSERVER,08D113C62E9CD1EE,30,192.168.0.15:25,192.168.0.15:23887,-,,Local
2014-03-27T18:35:43.128Z,MAILSERVER\Default MAILSERVER,08D113C62E9CD1ED,24,192.168.0.15:25,192.168.0.15:23886,<,RSET,
2014-03-27T18:35:43.128Z,MAILSERVER\Default MAILSERVER,08D113C62E9CD1ED,25,192.168.0.15:25,192.168.0.15:23886,*,Tarpit for '0.00:00:05',
2014-03-27T18:35:48.130Z,MAILSERVER\Default MAILSERVER,08D113C62E9CD1ED,26,192.168.0.15:25,192.168.0.15:23886,>,250 2.0.0 Resetting,
2014-03-27T18:35:48.286Z,MAILSERVER\Default MAILSERVER,08D113C62E9CD1ED,27,192.168.0.15:25,192.168.0.15:23886,<,QUIT,
2014-03-27T18:35:48.286Z,MAILSERVER\Default MAILSERVER,08D113C62E9CD1ED,28,192.168.0.15:25,192.168.0.15:23886,>,221 2.0.0 Service closing transmission channel,
2014-03-27T18:35:48.286Z,MAILSERVER\Default MAILSERVER,08D113C62E9CD1ED,29,192.168.0.15:25,192.168.0.15:23886,-,,Local
...as you can see the email to the three recipients on 2/27/2014 never receives a 'DATA' command. The message immediately receives 'RSET' and then the tarpit information. The SonicWALL Anti-Spam service has
no indication that the message was identified as Junk or Spam. Users received no indication of the email message in their JUNK EMAIL SUMMARY.
...on 3/27/2014 the message is successful in reaching two of the recipients. Only one of the recipients delivery is given the 'RSET' command.
I am getting ready to contact SonicWALL support to see if they have any indication of a similar issue occurring in configurations similar to ours. I wanted to provide this scenario because I haven't been able to find any information related to the 'RSET' command and associated mail delivery failures.