Troubleshooting Mail Flow & Delivery
| Situation |
You are experiencing issues with your mail flow, such as delayed delivery of messages, missing messages, or users unable to deliver or receive messages. Specific situations may include:
|
|---|---|
| Solution |
See below for some basicquestions that you should use as a basic guideline in attempting to determine the cause of an issue. Information below also includes how to:
|
Basic mail flow troubleshooting
Before beginning to troubleshoot, we recommend gathering some basic information about the problem. Taking a few minutes to better understand exactly how the mail flow issue is impacting the organization can narrow down possible causes of the problem, and may reduce troubleshooting time. Some key questions to answer are:
Users
- Are all of the users affected by the problem, or does the problem only impact some users?
- If only some users are affected, then what do those users have in common with one another? Are all of their mailboxes on the same server?
Scope of Impact
- Does the problem occur with all mail flow, or is it limited to a specific type of mail, such as mail coming in from the Internet?
Consistency and Timing
- When did the problem start? Did any other significant events occur around that time, such as a patch being applied, or a piece of hardware failing?
Error messages
- Is Exchange displaying any error messages?
Mail Flow Issues - Messages Not Received
Users not receiving email messages
You have new users who previously received emails without issue but have now stopped receiving emails.
You need to check SMTP Discovery under users and Groups and make sure that user is not marked as Invalid User. If the user has been marked as Invalid, you will need to delete them. See below for instructions on how to do both of these tasks.
How To Check If User Has Been Marked As Invalid
- Navigate to Users and Groups > SMTP Discovery.
- Select Marked Invalid List from the dropdown.
- Type name of the user in question in the search text field.
- If you find the user email that stopped receiving emails, you need to delete that user.
How To Delete User Has Been Marked As Invalid
- Click the checkbox besides the user account.
- Select Select from the dropdown menu.
- Click Removed from Invalid List.
- Click Apply to save changes.
Remember this will not create the user account, you still need to create the user manually.
Please Note: Users will only be automatically added for received messages if Expired Addresses Default to New User is enabled, and only added automatically for outbound if Auto-add New Users Detected via Outbound is enabled (both under the SMTP Discovery settings.) If these options are not used, they will need to be added via the Discovered list within the New User report, or via the SMTP Discovery report under Users & Groups > SMTP Discovery.
SMTP Discovery will be disabled if LDAP or Azure auto sync are enabled.
CISCO Firewall users - SMTP fixup is turned on
- SMTP Fixup does deep packet scanning and can hold messages too long and cause timeouts
- Make sure SMTP Fixup is turned off on your CISCO Firewalls
Emails not being received after setting up an org on Proofpoint Essentials
You have finished migrating or creating a new customer into Proofpoint, but email is not flowing. Senders are seeing lots of rejections from Proofpoint servers.
- New Proofpoint accounts need propagation time up tp 60 minutes.
- Verify all steps for a creation or migration of a new customer have been successfully completed.
Once an account is completely setup on Proofpoint Essentials User Interface according to the getting started guide found here, the Partners/Customers will need to wait up to 60 minutes for the changes to update across Proofpoint Essentials' Network before testing the service. If you need a copy of the Getting Started Guide, please contact Support or your Reseller.
Partners/Customers should ensure they have provided all the required information and the following have been configured. (Any changes made will require up to 60 minutes propagation time)
Additional things to check for:
- Correct SMTP destination IP address(es)/hostname(s) entered
- Firewall lockdown for Proofpoint IP ranges.
- MX records updated.
Emails Are Not Being Delivered From One Particular Domain
If you are not receiving email from a specific domain, it could be due to one of the reasons below. Check here for more information.
- The sender is on one or more of Proofpoint's email block lists.
- Check IP sender IP address in our IPcheck (Normally, sender will see a rejection message with :"Email error 550 email blocked")
- Contact Essentials Support to check if sender domain is being blocked on the domain level
- There is an issue with the senders SMTP server (You will need to request SMTP outbound logs of the sending server)
- Emails might have been detected as spam and should be visible in the user's quarantine.
Email Delivery Delay
You can determine if the delay is occurring Proofpoint by reviewing the logs. Each message provides details on delivery by clicking on the Details button to the right of the log event. The first section provides a timestamp when the message first came to the Proofpoint server. Scroll down to the Delivered section where you will note a second time stamp when the message was handed off to the recipient.
These usually will be just a few seconds to 1 minute after we received the message depending on size.
The one exemption to this is messages with Attachment Defense Sandboxing enabled. In this case, messages with attachments are actively scanned for suspicious activity which delays messages 5 - 10 minutes on average with a maximum delay of 15 minutes.
If your message is received and delivered within these expected time frames it indicates an issue either before the message comes to Proofpoint or after the message is handed off to the receiving domain