Microsoft Exchange Server

Exchange 2010 Slow Delivery / Request Duplication

Exchange 2010 has a new tarpit feature that forces a 5+ second delay between each email sent on a connection. This is designed to help combat spammers, however, it's often necessary for HelpSpot to send a group of emails at once and this feature of Exchange can cause problems. At the very least it slows down email sending causing the request screen to feel slow on updates. More significant issues can be seen if your installation does a lot of notification emails to staff on import as each email will have a 5 second delay between them meaning importing a single email could take a minute or more. In such cases the scheduled tasks which pull in email may end up duplicating some requests as one running of tasks.php is still going (due to the delay) while a second is initiated.

The setting in Exchange can be checked with this command:

Get-ReceiveConnector "connectorname" | select tarpitinterval

The setting can be turned off with:

Set-ReceiveConnector "connectorname" –TarpitInterval 00:00:00

Make sure to run the command for each connector name your installation has.

Acknowledgement Delay

Sometimes Exchange 2010 still has delays in sending multiple messages. Exchange may be making HelpSpot wait until it has received confirmation that a sent email was received by the recipient mail server. This is called "acknowledgement delay".

To eliminate the acknowledgement delay, run the following command:

Set-ReceiveConnector "SMTP Application relay" -MaxAcknowledgementDelay 0

Exchange 2010 Rate Limit Exceeded

The setting in Exchange can be checked with this command:

Set-recieveconnector "Server Name\Client Connector" -Messageratelimit 500

Connection Troubles

  • Pop3/IMAP - Make sure Pop and/or IMAP is enabled on your Exchange server. These options are often off by default.
  • Password - If your POP or IMAP password contains a backslash (ex: \ ) this will break the connection. Remove the backslash from your Exchange password and the connection should work.
  • NOTLS - On Exchange 2007 it is sometimes necessary to choose the NOTLS security option.

Kerberos Error

"Kerberos error: Credentials cache file '/tmp/krb5cc_33' not found (try running kinit)" Note that the number appended to the cache file may be different.

This error can occur if the number of simultaneous connections exceed the limit. The Exchange error log should show the errors. Restarting Exchange usually clears the issue.

Using IMAP or IMAPS instead of POP/POPS within HelpSpot's Email Mailbox configurations can also alleviate this issue if the error is seen.

Routing through IIS

It can sometimes be useful to route email via IIS's built in SMTP relay system. Note, that in some configurations you may want to set this up to forward the email to Exchange from IIS. The basics on setting it up can be found in this article: http://www.geeksengine.com/article/php-microsoft-smtp.html

PHP Bug 33500

There is some evidence that Microsoft Exchange Rollup 7 fixes the issues below. Please upgrade to rollup 7 before trying any of the below procedures.

Items below relate to PHP bug: http://bugs.php.net/bug.php?id=33500 which affects Exchange 2007.

Note, that the first thing to check before doing the below is that your Exchange server is set for

"Plain text logon (Basic authentication) No TLS connection is required for the client to authenticate to the server"

and NOT

"Plain text authentication logon (integrated windows authentication) No TLS connection is required for the client to authenticate to the server"

If you have multiple front end Exchange server be sure all are setup for basic plain text login.

Also be sure you don't have any # in your mailbox passwords.

Authentication Trouble on Exchange 2007 - Kerberos

Under certain configurations in Exchange 2007 having Kerberos setup is required in order to connect to the Exchange server. A customer contributed these steps on how to set that up in a Linux environment.

Step 1:
Edit the krb5.conf file to match your domain environment.

Step 2:
Create a script to check the mail that creates the ticket if it does not exist already then checks the mail. This script should be called via cron instead of tasks.php directly:

/usr/kerberos/bin/klist -c /var/tmp/apache | grep -q krbtgt || echo <mailboxusename> |
/usr/kerberos/bin/kinit -c /var/tmp/apache <mailboxusename>
export KRB5CCNAME=/var/tmp/apache

/usr/bin/php /var/www/html/helpspot/tasks.php

Step 3:
Add another crontab entry that renews the kerberos ticket every hour:

/usr/kerberos/bin/kinit -R -c /var/tmp/apache

Alternative: Recompile PHP with IMAP Adjustment

On Linux based installations recompiling PHP and making an adjustment to the IMAP source is also a possible solution. This method was tested on CentOS 5.1 and is still needed at least up to PHP 5.2.9.

  1. Download the latest IMAP Toolkit release at ftp://ftp.cac.washington.edu/mail/imap.tar.Z
  2. Extract the files, then open up imap-2007/src/osdep/unix/Makefile and go to line 1002. Comment out the following section:
    ckpgss: # Kerberos V (must have gss EXTRAAUTHENTICATOR as well)
            @echo Kerberos V password authentication
            $(LN) ckp_gss.c osdepckp.c
    
  3. Save the file and exit. Change dirs back to the imap-2007 directory and build with the following: 
    make slx SSLINCLUDE=/usr/include/openssl SSLTYPE=nopwd
  4. Once complete, download the latest PHP from php.net. Extract the files, then run configure with the following options (you may need to adjust these options as needed for your setup):
    ./configure --without-kerberos --with-zlib --with-curl=/usr/lib --enable-dba --with-gd --enable-gd-native-ttf --with-jpeg-dir=/usr/lib --with-png-dir=/usr/lib --with-zlib-dir=/usr/lib --with-imap=/PATH-TO/imap-2007 --with-imap-ssl --enable-mbstring --with-mysql=/usr/lib/mysql --with-mysql-sock --with-mysqli --enable-soap --enable-sockets --with-pear --with-mcrypt --with-openssl --with-xml --with-apxs2=/PATH-TO/apxs --enable-memory-limit --enable-track-vars --enable-wddx --enable-ftp --enable-sysvmsg --enable-sysvem --enable-sysvshm --enable-transid --enable-cli --enable-cgi --with-ldap
  5. There may be a bunch of package dependencies (like libmcrypt, libmcrypt-devel, openssl, openssl-devel, httpd-devel, etc.) that I won't go into here. Basically, if configure errs out and complains about a package not being installed, then install it and go from there.
  6. Then run make, make test, and finally sudo make install.
  7. Once it's installed, you'll need to add the following to /etc/httpd/conf/httpd.conf if you don't have it already:
    LoadModule php5_module /usr/lib/httpd/modules/libphp5.so
    AddType application/x-httpd-php .php
    AddType application/x-httpd-php .phtml

  8. Restart Apache and you should be all set.


Knowledge Tags


This page was: Helpful | Not Helpful