IIS 6 SMTP unable to relay messages to Exchange Online

Question

Our company uses Office 365 and our email is hosted on Exchange online; however, we have several applications which are unable to send messages directly to Exchange Online due to various reasons (mainly lack of support for authenticated SMTP with TLS); thus, we set up several internal mail relays using IIS's SMTP component, as suggested here; each of them uses a different sender address and needs to authenticate against Exchange Online using a different user account, thus we need a SMTP relay for each application; this is why we have several of them, each one running on the server which hosts the application it needs to relay messages for. All those SMTP relays are configured in the exact same way, only the user accounts differs.

Most of these SMTP relays run on Windows Server 2008 R2 or Windows Server 2012 systems; however, one of those applications needs to run on a Windows Server 2003 system, and thus its SMTP relay, which is hosted on the same system, runs on IIS 6.

Everything used to work fine until some days ago; then, SMTP relay stopped working only on the Windows Server 2003 system, while it kept working fine on all the other systems; the SMTP logs show a very strange behavior: it looks like something gets stuck after an AUTH command is issued, and then the remote server drops the connection due to a timeout:

2015-03-07 17:44:27 157.56.251.50 OutboundConnectionResponse SMTPSVC1 <OurServerName> - 0 - - 220+AMXPR07CA0050.outlook.office365.com+Microsoft+ESMTP+MAIL+Service+ready+at+Sat,+7+Mar+2015+17:44:38++0000 0 0 108 0 16 SMTP - - - -
2015-03-07 17:44:27 157.56.251.50 OutboundConnectionCommand SMTPSVC1 <OurServerName> - 0 EHLO - <OurServerName> 0 0 4 0 32 SMTP - - - -
2015-03-07 17:44:27 157.56.251.50 OutboundConnectionResponse SMTPSVC1 <OurServerName> - 0 - - 250-AMXPR07CA0050.outlook.office365.com+Hello+[<OurPublicIPAddress>] 0 0 60 0 63 SMTP - - - -
2015-03-07 17:44:27 157.56.251.50 OutboundConnectionCommand SMTPSVC1 <OurServerName> - 0 STARTTLS - - 0 0 8 0 63 SMTP - - - -
2015-03-07 17:44:27 157.56.251.50 OutboundConnectionResponse SMTPSVC1 <OurServerName> - 0 - - 220+2.0.0+SMTP+server+ready 0 0 27 0 94 SMTP - - - -
2015-03-07 17:44:30 157.56.251.50 OutboundConnectionCommand SMTPSVC1 <OurServerName> - 0 EHLO - <OurServerName> 0 0 4 0 2829 SMTP - - - -
2015-03-07 17:44:30 157.56.251.50 OutboundConnectionResponse SMTPSVC1 <OurServerName> - 0 - - 250-AMXPR07CA0050.outlook.office365.com+Hello+[<OurPublicIPAddress>] 0 0 60 0 2860 SMTP - - - -
2015-03-07 17:44:30 157.56.251.50 OutboundConnectionCommand SMTPSVC1 <OurServerName> - 0 AUTH - - 0 0 4 0 2860 SMTP - - - -
2015-03-07 17:49:31 157.56.251.50 OutboundConnectionResponse SMTPSVC1 <OurServerName> - 0 - - 451+4.7.0+Timeout+waiting+for+client+input 0 0 42 0 303875 SMTP - - - -
2015-03-07 17:49:31 132.245.226.242 OutboundConnectionResponse SMTPSVC1 <OurServerName> - 0 - - 220+DB4PR06CA0004.outlook.office365.com+Microsoft+ESMTP+MAIL+Service+ready+at+Sat,+7+Mar+2015+17:49:43++0000 0 0 108 0 62 SMTP - - - -
2015-03-07 17:49:31 132.245.226.242 OutboundConnectionCommand SMTPSVC1 <OurServerName> - 0 EHLO - <OurServerName> 0 0 4 0 62 SMTP - - - -
2015-03-07 17:49:31 132.245.226.242 OutboundConnectionResponse SMTPSVC1 <OurServerName> - 0 - - 250-DB4PR06CA0004.outlook.office365.com+Hello+[<OurPublicIPAddress>] 0 0 60 0 109 SMTP - - - -
2015-03-07 17:49:31 132.245.226.242 OutboundConnectionCommand SMTPSVC1 <OurServerName> - 0 STARTTLS - - 0 0 8 0 109 SMTP - - - -
2015-03-07 17:49:31 132.245.226.242 OutboundConnectionResponse SMTPSVC1 <OurServerName> - 0 - - 220+2.0.0+SMTP+server+ready 0 0 27 0 156 SMTP - - - -
2015-03-07 17:49:34 132.245.226.242 OutboundConnectionCommand SMTPSVC1 <OurServerName> - 0 EHLO - <OurServerName> 0 0 4 0 2609 SMTP - - - -
2015-03-07 17:49:34 132.245.226.242 OutboundConnectionResponse SMTPSVC1 <OurServerName> - 0 - - 250-DB4PR06CA0004.outlook.office365.com+Hello+[<OurPublicIPAddress>] 0 0 60 0 2656 SMTP - - - -
2015-03-07 17:49:34 132.245.226.242 OutboundConnectionCommand SMTPSVC1 <OurServerName> - 0 AUTH - - 0 0 4 0 2656 SMTP - - - -
2015-03-07 17:54:34 132.245.226.242 OutboundConnectionResponse SMTPSVC1 <OurServerName> - 0 - - 451+4.7.0+Timeout+waiting+for+client+input 0 0 42 0 303015 SMTP - - - -
2015-03-07 17:54:34 157.56.254.178 OutboundConnectionResponse SMTPSVC1 <OurServerName> - 0 - - 220+DBXPR05CA0038.outlook.office365.com+Microsoft+ESMTP+MAIL+Service+ready+at+Sat,+7+Mar+2015+17:54:46++0000 0 0 108 0 47 SMTP - - - -
2015-03-07 17:54:34 157.56.254.178 OutboundConnectionCommand SMTPSVC1 <OurServerName> - 0 EHLO - <OurServerName> 0 0 4 0 47 SMTP - - - -
2015-03-07 17:54:34 157.56.254.178 OutboundConnectionResponse SMTPSVC1 <OurServerName> - 0 - - 250-DBXPR05CA0038.outlook.office365.com+Hello+[<OurPublicIPAddress>] 0 0 60 0 94 SMTP - - - -
2015-03-07 17:54:34 157.56.254.178 OutboundConnectionCommand SMTPSVC1 <OurServerName> - 0 STARTTLS - - 0 0 8 0 94 SMTP - - - -
2015-03-07 17:54:34 157.56.254.178 OutboundConnectionResponse SMTPSVC1 <OurServerName> - 0 - - 220+2.0.0+SMTP+server+ready 0 0 27 0 140 SMTP - - - -
2015-03-07 17:54:37 157.56.254.178 OutboundConnectionCommand SMTPSVC1 <OurServerName> - 0 EHLO - <OurServerName> 0 0 4 0 2640 SMTP - - - -
2015-03-07 17:54:37 157.56.254.178 OutboundConnectionResponse SMTPSVC1 <OurServerName> - 0 - - 250-DBXPR05CA0038.outlook.office365.com+Hello+[<OurPublicIPAddress>] 0 0 60 0 2672 SMTP - - - -
2015-03-07 17:54:37 157.56.254.178 OutboundConnectionCommand SMTPSVC1 <OurServerName> - 0 AUTH - - 0 0 4 0 2672 SMTP - - - -
2015-03-07 17:59:37 157.56.254.178 OutboundConnectionResponse SMTPSVC1 <OurServerName> - 0 - - 451+4.7.0+Timeout+waiting+for+client+input 0 0 42 0 303703 SMTP - - - -

This only happens on the SMTP relay running on IIS 6 on Windows Server 2003; everything is fine on all the other SMTP relays running on Windows Server 2008 R2 or Windows Server 2012 systems.

Suspecting some problem in that specific server (which is already well known for having several ones), we built a new Windows Server 2003 machine in order to move the application to it; however, the new server exhibits the exact same behavior: the outbound SMTP conversation stops with the same error after the AUTH command is issued.

Out of curiosity, we tried configuring the same account in Outlook Express on the server; it works fine, and it can send emails using authenticated SMTP with TLS to Exchange Online; the problem only seems to affect IIS's SMTP component, and it doesn't seem to be related to the network, the O.S., or anything else.

What can be causing such an error, and how can we fix it?

(We know we shouldn't be using Windows Server 2003 anymore; however, the application is only able to run there, and it has to keep working until it can be replaced. We also know we could move the SMTP relay to another server running a more recent O.S., but it would be nice to find why SMTP relay is failing only on IIS 6.)

Answer 1

Make sure the password of the account used to connect to Office 365 is still valid and it's password was not reset or expired.

MS subscribes to multiple blacklists, and if you IP is on here it will reject the connection attempts from that IP. You can not bypass this either, you have to get the IP removed, or use a different IP to send mail.

And of course - make sure it was not local firewall, policy, or an update to your A/V that is causing your problem. You can do this by just making sure you CAN send messages from this server to one of your other working relay boxes. If never makes it off the box, you know the problem is local.

Answer 2

We never were able to make this work again, although it previously used to work fine; we ended up moving the SMTP relay to another (virtual) server, running Windows Server 2008 R2; that worked flawlessy.

My guess: something in Exchange Online doesn't work correctly (anymore) with the SMTP component in IIS 6. With Windows Server 2003 gone completely out of support, the only option is to replace it.