IIS 7 and Above
SMTP Mails disappearing into thin air
Last post Sep 10, 2019 02:50 AM by Yuk Ding
Sep 04, 2019 02:14 PM|BrianPYpsilon|LINK
I am running the IIS6 SMTP server on the back end of my application to send emails generated by the application to users e.g. forgotten password. This worked for a couple of years but a few weeks ago, the emails stopped being received. They disappeared from
the pickup folder but did not appear in the Queue or BadMail folder. The SMTPSVC1 log doesn't show an error message, just the normal messages for an email being sent, but the emails are never received. They are not in the junk mail folder. How do I diagnose
Sep 05, 2019 05:37 AM|Yuk Ding|LINK
Did you make any change on the SMTP server? Like apply update, install security software or change group policy, firewall setting. If we know what was changed before this issue happened, then we may find the root cause. Besides, most SMTP issues are supported
by Exchange team now. you can also post this issue to exchange forum to check whether they have any idea with this issue.
Sep 05, 2019 10:18 AM|BrianPYpsilon|LINK
Thanks for the reply and the tip about posting on the Exchange forum. The only change that I might have made was applying updates. Foolishly I didn't think to test the email functionality after applying updates. Does this suggest anything?
Sep 06, 2019 03:07 AM|Yuk Ding|LINK
Did you see any error message in event viewer application log regarding SMTP? If there was no error message, maybe you could try to rollback some update to check whether the problem would be fixed. With the KB number, then we might able to find the workaround.
Sep 06, 2019 02:27 PM|BrianPYpsilon|LINK
First of all, I've checked the Update history and it tells me that no updates have been applied since the server was created. I have applied all recent updates and tested again but this has made no difference. I have looked in the event viewer and cannot
find any relevant messages, but the sheer number of event logs means that I haven't checked them all. I looked for any that looked as though they related to SMTP or IIS but couldn't find any messages that looked relevant. The only one that looked suspicious
was in Windows/Security as follows:
An account failed to log on.
Logon Type: 3
Account For Which Logon Failed:
Unknown user name or bad password.
Caller Process ID:
Caller Process Name:
Source Network Address:
Detailed Authentication Information:
Package Name (NTLM only):
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Are there any particular logs I should be looking at?
Many thanks for your help, much appreciated
Sep 09, 2019 08:52 AM|Yuk Ding|LINK
Have you tried to capture network monitor log? It will tell us whether there was any error in transmission level?
Besides,Is there any user dump get generated when you try to reproduce this issue?
Steps to capture dump file:
1.Download Debug diagnostic tool from here:https://www.microsoft.com/en-us/download/details.aspx?id=49924
diagnostic tool Collection
rule"->"Crash"->"A specific process"
process you want to monitor->next
type forFirst chance exception to Full userdump and limit action to 10
next to activate the rule
this issue and monitor whether any dump file was counted
8. If you don't
know how to analyze the dump file, you could try debug diagnostic tool Analysis
If the answer
is helpful, it is appreciated if you could mark it as answer. So other people may know how to troubleshooting this kind of issue.
Sep 09, 2019 01:40 PM|BrianPYpsilon|LINK
Finally got to the bottom of the mystery. It's not an SMTP problem at all. For some reason, my system generated emails are being treated as spam and my email provider seems to be stopping spam before it gets to my email client. Even it I put the sending
address into my contacts, it still never reaches my email client. Both Outlook and iMail behave the same way, so this issue must be with my email provider. I was only able to diagnose the problem when I set up a gmail address and tried sending emails to it.
Gmail helpfully told me that the emails are being treated as spam.
So thank you very much for helping me - I really appreciate it.
Sep 10, 2019 02:50 AM|Yuk Ding|LINK
I'm so glad that you find the root cause. I also learned a lot when I discuss this issue with you.