4.4.1 AND 4.4.2 SMTP Send Errors

When did you set things up?

Some record changes can take up to 24 hours to append

It has been about 10 days or so.

Have you tried using a smarthost?

2010-08-4T17:14:47.573Z,SMTP,08CD1116152857BE,4,192.168.0.95:19857,209.150.204.167:25,<,250-Server10.rmisecurity.net Hello [70.89.160.225],

who is 70.89.160.225 in this conversation?

I think this is your ISP?
http://business.comcast.com/

Authors ISP sorry

No.  I had this all working on a previous server till it died and my backups were of the db only, not the settings.  I suppose I could try that for a bit to see if it would work but ultimately I want to figure out why I am having this problem.  My host name is the same, tbc-exch.thouttbrosinc.com and my IP is the same, 70.89.160.227 and thus I am lost.  I will contact Comcast to see what they say about me using them as a smarthost in the meantime though.

225 is the wan port on my firewall.  Not sure why that would be inserting itself there.  I have one-to-one NAT setup adn 227 is assigned to the Exchange services.

Is 192.168.0.95 the same ip as the old server or a new one?  If new you may need to adjust your firewall address transforms for the new IP  (that would be for outbound connections from your exchange server to show as .227)

Comcast may be preventing you from sending

Dave,
.95 was assigned to the old and now to the new server.  Same with .227 for the external, it was both the old and the new.

Jamie,
I called Comcast and "they said" they were not blocking any traffic.  Of course when setting up the RDNS it also too 4 calls over 2 days before they spelled my URL correctly.

Really strange,

Are you getting any bouncebacks, or is it just delay messages?

We get a delay message after 4 hrs and then a queue expired notice after 2 days (#550 4.4.7 QUEUE.Expired; message expired ##).

I just can't figure out why my server would be responding with the IP of my WAN port rather than its own NAT assigned IP.

Try just using DNS instead of Smarthost to troubleshoot

I think your emails are getting blocked by servers that enforce "HELO Restrictions"
That happens when there is no A, PTR, MX or FQDN record for the IP of a host that is connecting to it.
I could not find any records (obviously) for the wan port of your firewall

Was there some MAC address assoc. with the old server in your firewall config?

Take out the smarthost to test and chase up the people that sort your records out

I think I have my A, PTR, MX and FQDN all setup correctly.  When I run the tools at mxtoolbox.com everything comes back with the correct info.  I just checked my public DNS settings on zoneedit as well as verify that godaddy had the correct DNS servers listed and that is all correct.  I also added an SPF record to zoneedit, just because I've seen that pop up in a few threads but did not expect much as I've never had to have one before.

I definitely did not have any sort of MAC address associations in my firewall.

Have you tried removing the smarthost?

When you do it you will need to restart SMTP

I don't have a smarthost.  Not sure what you mean by "chase up the people that sort your records out".  If you are talking about DNS settings, Comcast hosts our RDNS but for all other DNS records I have an account with Zoneedit and manage that myself.

Thanks Jamie and Dave, I appreciate both of you taking the time to help.  I'll be back in 90 minutes as I have to leave the office but will continue this when I get back.  Thanks again.

Not to worry, will be interesting to find out what the issue is

Yes your records are correct for your smtp server but if responding smtp servers or MTAs are checking info on your WAN IP (because that is what is in the helo responce) what will they see... not much.

Also mxtoolbox diagnostics will only prove that they can send you mail, not the other way around.
I think at this point that your firewall see something different about your new server for some reason... port, mac, i don't know.  Was your old server multi-homed?

I'm not seeing anything in the firewall but obviously it is there somewhere so I will keep looking.  The only references to the .225 IP I can find is in reference to the WAN address.  

The Exchange server is actually running on a virtual OS with only a single virtual adapter but it is hosted on a multi-homed server, if that matters.

So after making the change in the firewall, as per dpk_wal, this is what I get when I try to send an email.  Obviously they still don't go but I don't see the wrong IP anymore but now I don't see any IP at all.
___________________________________________________________________________________
2010-08-25T01:33:35.112Z,SMTP,08CD111615286874,15,192.168.0.95:29651,208.65.145.11:25,-,,Remote
2010-08-25T01:33:35.159Z,SMTP,08CD111615286874,1,192.168.0.95:29677,208.65.145.11:25,+,,
2010-08-25T01:33:35.190Z,SMTP,08CD111615286874,2,192.168.0.95:29677,208.65.145.11:25,<,"220 p02c12m074.mxlogic.net ESMTP mxl_mta-6.7.0-1 [74310940.4702780.00-2003]; Tue, 24 Aug 2010 19:33:35 -0600 (MDT); NO UCE, INBOUND",
2010-08-25T01:33:35.190Z,SMTP,08CD111615286874,3,192.168.0.95:29677,208.65.145.11:25,>,EHLO tbc-exch.thouttbrosinc.com,
2010-08-25T01:33:35.237Z,SMTP,08CD111615286874,4,192.168.0.95:29677,208.65.145.11:25,<,250-p02c12m074.mxlogic.net,
2010-08-25T01:33:35.237Z,SMTP,08CD111615286874,5,192.168.0.95:29677,208.65.145.11:25,<,250-SIZE 0,
2010-08-25T01:33:35.237Z,SMTP,08CD111615286874,6,192.168.0.95:29677,208.65.145.11:25,<,250-STARTTLS,
2010-08-25T01:33:35.237Z,SMTP,08CD111615286874,7,192.168.0.95:29677,208.65.145.11:25,<,250-SUBMITTER,
2010-08-25T01:33:35.237Z,SMTP,08CD111615286874,8,192.168.0.95:29677,208.65.145.11:25,<,250 PIPELINING,
2010-08-25T01:33:35.237Z,SMTP,08CD111615286874,9,192.168.0.95:29677,208.65.145.11:25,*,5323,sending message
2010-08-25T01:33:35.237Z,SMTP,08CD111615286874,10,192.168.0.95:29677,208.65.145.11:25,>,MAIL FROM:<janice@thouttbrosinc.com> SIZE=48161,
2010-08-25T01:33:35.237Z,SMTP,08CD111615286874,11,192.168.0.95:29677,208.65.145.11:25,>,RCPT TO:<dlawrenc@ball.com>,
2010-08-25T01:33:35.268Z,SMTP,08CD111615286874,12,192.168.0.95:29677,208.65.145.11:25,<,250 Sender Ok,

I don't see a post from dpk_wal, what was changed?  What FW are you using if you care to say?

SonicWall 2040 Enhanced OS.  

Actually the post in my thread was from bryon44035v3 who referenced an earlier thread by dpk_wal, sorry for the confusion on that.
https://www.experts-exchange.com/questions/26427090/HELO-Response-Sending-Wrong-IP-Address.html

Here is a recent log entry form the SMTP Send Log:
___________________________________________________________________________________
2010-08-25T15:08:20.134Z,SMTP,08CD1116152874A6,0,,216.32.180.22:25,*,,attempting to connect
2010-08-25T15:08:20.212Z,SMTP,08CD1116152874A6,1,192.168.0.95:40489,216.32.180.22:25,+,,
2010-08-25T15:08:20.275Z,SMTP,08CD1116152874A6,2,192.168.0.95:40489,216.32.180.22:25,<,"220 VA3EHSMHS022.bigfish.com Microsoft ESMTP MAIL Service ready at Wed, 25 Aug 2010 15:08:20 +0000",
2010-08-25T15:08:20.275Z,SMTP,08CD1116152874A6,3,192.168.0.95:40489,216.32.180.22:25,>,EHLO tbc-exch.thouttbrosinc.com,
2010-08-25T15:08:20.337Z,SMTP,08CD1116152874A6,4,192.168.0.95:40489,216.32.180.22:25,<,250-VA3EHSMHS022.bigfish.com Hello [70.89.160.227],
2010-08-25T15:08:20.337Z,SMTP,08CD1116152874A6,5,192.168.0.95:40489,216.32.180.22:25,<,250-SIZE 157286400,
2010-08-25T15:08:20.337Z,SMTP,08CD1116152874A6,6,192.168.0.95:40489,216.32.180.22:25,<,250-PIPELINING,
2010-08-25T15:08:20.337Z,SMTP,08CD1116152874A6,7,192.168.0.95:40489,216.32.180.22:25,<,250-ENHANCEDSTATUSCODES,
2010-08-25T15:08:20.337Z,SMTP,08CD1116152874A6,8,192.168.0.95:40489,216.32.180.22:25,<,250-STARTTLS,
2010-08-25T15:08:20.337Z,SMTP,08CD1116152874A6,9,192.168.0.95:40489,216.32.180.22:25,<,250-AUTH,
2010-08-25T15:08:20.337Z,SMTP,08CD1116152874A6,10,192.168.0.95:40489,216.32.180.22:25,<,250-8BITMIME,
2010-08-25T15:08:20.337Z,SMTP,08CD1116152874A6,11,192.168.0.95:40489,216.32.180.22:25,<,250-BINARYMIME,
2010-08-25T15:08:20.337Z,SMTP,08CD1116152874A6,12,192.168.0.95:40489,216.32.180.22:25,<,250 CHUNKING,
2010-08-25T15:08:20.337Z,SMTP,08CD1116152874A6,13,192.168.0.95:40489,216.32.180.22:25,>,STARTTLS,
2010-08-25T15:08:20.400Z,SMTP,08CD1116152874A6,14,192.168.0.95:40489,216.32.180.22:25,<,220 2.0.0 SMTP server ready,
2010-08-25T15:08:20.400Z,SMTP,08CD1116152874A6,15,192.168.0.95:40489,216.32.180.22:25,*,,Sending certificate
2010-08-25T15:08:20.400Z,SMTP,08CD1116152874A6,16,192.168.0.95:40489,216.32.180.22:25,*,CN=tbc-exch.thouttbrosinc.com,Certificate subject
2010-08-25T15:08:20.400Z,SMTP,08CD1116152874A6,17,192.168.0.95:40489,216.32.180.22:25,*,CN=tbc-exch.thouttbrosinc.com,Certificate issuer name
2010-08-25T15:08:20.400Z,SMTP,08CD1116152874A6,18,192.168.0.95:40489,216.32.180.22:25,*,C03DB4E2349C5CB34AD5CF50FA72DC45,Certificate serial number
2010-08-25T15:08:20.400Z,SMTP,08CD1116152874A6,19,192.168.0.95:40489,216.32.180.22:25,*,D3A4AD300E5A09E532CEB9936781ED74CEA4368A,Certificate thumbprint
2010-08-25T15:08:20.400Z,SMTP,08CD1116152874A6,20,192.168.0.95:40489,216.32.180.22:25,*,tbc-exch.thouttbrosinc.com;email.thouttbrosinc.com;autodiscover.thouttbrosinc.com;thouttbrosinc.com,Certificate alternate names
-----------------------------------------------------------------------------------------------------------------------------

As you can see the correct IP is now being issued and yet the email is still not flowing.  One thing I noticed is that the certificate gets issued, an acknowledgment of sorts and then nothing.  Could there be something with my certificate that is causing a problem?  Sorry, I'm grasping at this point.

pls check your postmaster mailbox

I just setup a postmaster mailbox this morning but so far there is nothing in it.

In addition to the firewall not being setup right I also discovered that I was using the wrong SSL cert.  Both are now fixed and yet the problem continues.  Here is a section of the queue after fixing the SSL.  It says it is sending but the message just sits in the queue.

___________________________________________________________________________________
2010-08-26T00:43:30.069Z,SMTP,08CD111615288A8F,0,,65.54.188.72:25,*,,attempting to connect
2010-08-26T00:43:30.131Z,SMTP,08CD111615288A8F,1,192.168.0.95:53323,65.54.188.72:25,+,,
2010-08-26T00:43:30.194Z,SMTP,08CD111615288A8F,2,192.168.0.95:53323,65.54.188.72:25,<,"220 bay0-mc1-f8.Bay0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.msn.com/Anti-spam/. Violations will result in use of equipment located in California and other states. Wed, 25 Aug 2010 17:43:30 -0700 ",
2010-08-26T00:43:30.194Z,SMTP,08CD111615288A8F,3,192.168.0.95:53323,65.54.188.72:25,>,EHLO tbc-exch.thouttbrosinc.com,
2010-08-26T00:43:30.256Z,SMTP,08CD111615288A8F,4,192.168.0.95:53323,65.54.188.72:25,<,250-bay0-mc1-f8.Bay0.hotmail.com (3.11.0.113) Hello [70.89.160.227],
2010-08-26T00:43:30.256Z,SMTP,08CD111615288A8F,5,192.168.0.95:53323,65.54.188.72:25,<,250-SIZE 29696000,
2010-08-26T00:43:30.256Z,SMTP,08CD111615288A8F,6,192.168.0.95:53323,65.54.188.72:25,<,250-PIPELINING,
2010-08-26T00:43:30.256Z,SMTP,08CD111615288A8F,7,192.168.0.95:53323,65.54.188.72:25,<,250-8bitmime,
2010-08-26T00:43:30.256Z,SMTP,08CD111615288A8F,8,192.168.0.95:53323,65.54.188.72:25,<,250-BINARYMIME,
2010-08-26T00:43:30.256Z,SMTP,08CD111615288A8F,9,192.168.0.95:53323,65.54.188.72:25,<,250-CHUNKING,
2010-08-26T00:43:30.256Z,SMTP,08CD111615288A8F,10,192.168.0.95:53323,65.54.188.72:25,<,250-AUTH LOGIN,
2010-08-26T00:43:30.256Z,SMTP,08CD111615288A8F,11,192.168.0.95:53323,65.54.188.72:25,<,250-AUTH=LOGIN,
2010-08-26T00:43:30.256Z,SMTP,08CD111615288A8F,12,192.168.0.95:53323,65.54.188.72:25,<,250 OK,
2010-08-26T00:43:30.256Z,SMTP,08CD111615288A8F,13,192.168.0.95:53323,65.54.188.72:25,*,6391,sending message
2010-08-26T00:43:30.256Z,SMTP,08CD111615288A8F,14,192.168.0.95:53323,65.54.188.72:25,>,MAIL FROM:<jeff@thouttbrosinc.com> SIZE=2190,
2010-08-26T00:43:30.256Z,SMTP,08CD111615288A8F,15,192.168.0.95:53323,65.54.188.72:25,>,RCPT TO:<jbulick@hotmail.com>,
2010-08-26T00:43:30.319Z,SMTP,08CD111615288A8F,16,192.168.0.95:53323,65.54.188.72:25,<,250 jeff@thouttbrosinc.com....Sender OK,
2010-08-26T00:44:28.444Z,SMTP,08CD111615288A8F,17,192.168.0.95:53323,65.54.188.72:25,-,,Remote

Hmm, no bounce... something picked it up from yesterday.
Re-sent check now.

I was just able to obtain a receive log from one of the domains that we are not able to send email to.  I am including the pertinant part of each log so things can be matched up in the hopes that somebody might see something.  The one thing I do see is a time out on the receive log.  Could all of my emails really be timing out?  I have the default values on my exchange server for timeouts so perhaps I need to bump them up some?


SEND
-------------------------------------------------------------------------------------------------------------------------------
2010-08-26T13:23:28.963Z,SMTP,08CD111615288D13,0,,209.150.204.167:25,*,,attempting to connect
2010-08-26T13:23:29.025Z,SMTP,08CD111615288D13,1,192.168.0.95:56087,209.150.204.167:25,+,,
2010-08-26T13:23:29.103Z,SMTP,08CD111615288D13,2,192.168.0.95:56087,209.150.204.167:25,<,"220 Server10.rmisecurity.net Microsoft ESMTP MAIL Service ready at Thu, 26 Aug 2010 07:23:28 -0600",
2010-08-26T13:23:29.103Z,SMTP,08CD111615288D13,3,192.168.0.95:56087,209.150.204.167:25,>,EHLO tbc-exch.thouttbrosinc.com,
2010-08-26T13:23:29.181Z,SMTP,08CD111615288D13,4,192.168.0.95:56087,209.150.204.167:25,<,250-Server10.rmisecurity.net Hello [70.89.160.227],
2010-08-26T13:23:29.181Z,SMTP,08CD111615288D13,5,192.168.0.95:56087,209.150.204.167:25,<,250-SIZE,
2010-08-26T13:23:29.181Z,SMTP,08CD111615288D13,6,192.168.0.95:56087,209.150.204.167:25,<,250-PIPELINING,
2010-08-26T13:23:29.181Z,SMTP,08CD111615288D13,7,192.168.0.95:56087,209.150.204.167:25,<,250-DSN,
2010-08-26T13:23:29.181Z,SMTP,08CD111615288D13,8,192.168.0.95:56087,209.150.204.167:25,<,250-ENHANCEDSTATUSCODES,
2010-08-26T13:23:29.181Z,SMTP,08CD111615288D13,9,192.168.0.95:56087,209.150.204.167:25,<,250-STARTTLS,
2010-08-26T13:23:29.181Z,SMTP,08CD111615288D13,10,192.168.0.95:56087,209.150.204.167:25,<,250-X-ANONYMOUSTLS,
2010-08-26T13:23:29.181Z,SMTP,08CD111615288D13,11,192.168.0.95:56087,209.150.204.167:25,<,250-AUTH NTLM,
2010-08-26T13:23:29.181Z,SMTP,08CD111615288D13,12,192.168.0.95:56087,209.150.204.167:25,<,250-X-EXPS GSSAPI NTLM,
2010-08-26T13:23:29.181Z,SMTP,08CD111615288D13,13,192.168.0.95:56087,209.150.204.167:25,<,250-8BITMIME,
2010-08-26T13:23:29.181Z,SMTP,08CD111615288D13,14,192.168.0.95:56087,209.150.204.167:25,<,250-BINARYMIME,
2010-08-26T13:23:29.181Z,SMTP,08CD111615288D13,15,192.168.0.95:56087,209.150.204.167:25,<,250-CHUNKING,
2010-08-26T13:23:29.181Z,SMTP,08CD111615288D13,16,192.168.0.95:56087,209.150.204.167:25,<,250-XEXCH50,
2010-08-26T13:23:29.181Z,SMTP,08CD111615288D13,17,192.168.0.95:56087,209.150.204.167:25,<,250-XRDST,
2010-08-26T13:23:29.181Z,SMTP,08CD111615288D13,18,192.168.0.95:56087,209.150.204.167:25,<,250 XSHADOW,
2010-08-26T13:23:29.181Z,SMTP,08CD111615288D13,19,192.168.0.95:56087,209.150.204.167:25,>,STARTTLS,
2010-08-26T13:23:29.244Z,SMTP,08CD111615288D13,20,192.168.0.95:56087,209.150.204.167:25,<,220 2.0.0 SMTP server ready,
2010-08-26T13:23:29.244Z,SMTP,08CD111615288D13,21,192.168.0.95:56087,209.150.204.167:25,*,,Sending certificate
2010-08-26T13:23:29.244Z,SMTP,08CD111615288D13,22,192.168.0.95:56087,209.150.204.167:25,*,"CN=thouttbrosinc.com, OU=Domain Control Validated, O=thouttbrosinc.com",Certificate subject
2010-08-26T13:23:29.244Z,SMTP,08CD111615288D13,23,192.168.0.95:56087,209.150.204.167:25,*,"SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O=""GoDaddy.com, Inc."", L=Scottsdale, S=Arizona, C=US",Certificate issuer name
2010-08-26T13:23:29.244Z,SMTP,08CD111615288D13,24,192.168.0.95:56087,209.150.204.167:25,*,27A0B080E94416,Certificate serial number
2010-08-26T13:23:29.244Z,SMTP,08CD111615288D13,25,192.168.0.95:56087,209.150.204.167:25,*,2DCAFCB00B11199E58BCBBFAEFC4760A27080D87,Certificate thumbprint
2010-08-26T13:23:29.244Z,SMTP,08CD111615288D13,26,192.168.0.95:56087,209.150.204.167:25,*,thouttbrosinc.com;www.thouttbrosinc.com;tbc-exch.thouttbrosinc.com;autodiscover.thouttbrosinc.com;email.thouttbrosinc.com,Certificate alternate names


RECEIVE
-------------------------------------------------------------------------------------------------------------------------------


2010-08-26T00:04:14.442Z,SERVER10\Default SERVER10,08CD124BDD55BB66,27,10.100.200.251:25,70.89.160.227:60113,-,,Local
2010-08-26T00:04:14.590Z,SERVER10\Default SERVER10,08CD124BDD55BB71,0,10.100.200.251:25,70.89.160.227:60227,+,,
2010-08-26T00:04:14.590Z,SERVER10\Default SERVER10,08CD124BDD55BB71,1,10.100.200.251:25,70.89.160.227:60227,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2010-08-26T00:04:14.591Z,SERVER10\Default SERVER10,08CD124BDD55BB71,2,10.100.200.251:25,70.89.160.227:60227,>,"220 Server10.rmisecurity.net Microsoft ESMTP MAIL Service ready at Wed, 25 Aug 2010 18:04:14 -0600",
2010-08-26T00:04:14.661Z,SERVER10\Default SERVER10,08CD124BDD55BB71,3,10.100.200.251:25,70.89.160.227:60227,<,EHLO tbc-exch.thouttbrosinc.com,
2010-08-26T00:04:14.661Z,SERVER10\Default SERVER10,08CD124BDD55BB71,4,10.100.200.251:25,70.89.160.227:60227,>,250-Server10.rmisecurity.net Hello [70.89.160.227],
2010-08-26T00:04:14.661Z,SERVER10\Default SERVER10,08CD124BDD55BB71,5,10.100.200.251:25,70.89.160.227:60227,>,250-SIZE,
2010-08-26T00:04:14.661Z,SERVER10\Default SERVER10,08CD124BDD55BB71,6,10.100.200.251:25,70.89.160.227:60227,>,250-PIPELINING,
2010-08-26T00:04:14.661Z,SERVER10\Default SERVER10,08CD124BDD55BB71,7,10.100.200.251:25,70.89.160.227:60227,>,250-DSN,
2010-08-26T00:04:14.661Z,SERVER10\Default SERVER10,08CD124BDD55BB71,8,10.100.200.251:25,70.89.160.227:60227,>,250-ENHANCEDSTATUSCODES,
2010-08-26T00:04:14.661Z,SERVER10\Default SERVER10,08CD124BDD55BB71,9,10.100.200.251:25,70.89.160.227:60227,>,250-STARTTLS,
2010-08-26T00:04:14.661Z,SERVER10\Default SERVER10,08CD124BDD55BB71,10,10.100.200.251:25,70.89.160.227:60227,>,250-X-ANONYMOUSTLS,
2010-08-26T00:04:14.661Z,SERVER10\Default SERVER10,08CD124BDD55BB71,11,10.100.200.251:25,70.89.160.227:60227,>,250-AUTH NTLM,
2010-08-26T00:04:14.661Z,SERVER10\Default SERVER10,08CD124BDD55BB71,12,10.100.200.251:25,70.89.160.227:60227,>,250-X-EXPS GSSAPI NTLM,
2010-08-26T00:04:14.661Z,SERVER10\Default SERVER10,08CD124BDD55BB71,13,10.100.200.251:25,70.89.160.227:60227,>,250-8BITMIME,
2010-08-26T00:04:14.661Z,SERVER10\Default SERVER10,08CD124BDD55BB71,14,10.100.200.251:25,70.89.160.227:60227,>,250-BINARYMIME,
2010-08-26T00:04:14.661Z,SERVER10\Default SERVER10,08CD124BDD55BB71,15,10.100.200.251:25,70.89.160.227:60227,>,250-CHUNKING,
2010-08-26T00:04:14.661Z,SERVER10\Default SERVER10,08CD124BDD55BB71,16,10.100.200.251:25,70.89.160.227:60227,>,250-XEXCH50,
2010-08-26T00:04:14.662Z,SERVER10\Default SERVER10,08CD124BDD55BB71,17,10.100.200.251:25,70.89.160.227:60227,>,250-XRDST,
2010-08-26T00:04:14.662Z,SERVER10\Default SERVER10,08CD124BDD55BB71,18,10.100.200.251:25,70.89.160.227:60227,>,250 XSHADOW,
2010-08-26T00:04:14.741Z,SERVER10\Default SERVER10,08CD124BDD55BB71,19,10.100.200.251:25,70.89.160.227:60227,<,MAIL FROM:<jeff@thouttbrosinc.com> SIZE=3510,
2010-08-26T00:04:14.741Z,SERVER10\Default SERVER10,08CD124BDD55BB71,20,10.100.200.251:25,70.89.160.227:60227,*,08CD124BDD55BB71;2010-08-26T00:04:14.590Z;1,receiving message
2010-08-26T00:04:14.741Z,SERVER10\Default SERVER10,08CD124BDD55BB71,21,10.100.200.251:25,70.89.160.227:60227,>,250 2.1.0 Sender OK,
2010-08-26T00:09:15.615Z,SERVER10\Default SERVER10,08CD124BDD55BB71,22,10.100.200.251:25,70.89.160.227:60227,>,451 4.7.0 Timeout waiting for client input,
2010-08-26T00:09:15.615Z,SERVER10\Default SERVER10,08CD124BDD55BB71,23,10.100.200.251:25,70.89.160.227:60227,-,,Local

msg replied to but still in queue.

Similar here

Aug 26 10:01:26 mta postfix/smtpd[7192]: connect from tbc-exch.thouttbrosinc.com[70.89.160.227]
Aug 26 10:06:26 mta postfix/smtpd[7192]: SSL_accept error from tbc-exch.thouttbrosinc.com[70.89.160.227]: -1
Aug 26 10:06:26 mta postfix/smtpd[7192]: lost connection after STARTTLS from tbc-exch.thouttbrosinc.com[70.89.160.227]
Aug 26 10:06:26 mta postfix/smtpd[7192]: disconnect from tbc-exch.thouttbrosinc.com[70.89.160.227]
Aug 26 10:06:26 mta postfix/smtpd[7192]: connect from tbc-exch.thouttbrosinc.com[70.89.160.227]
Aug 26 10:11:26 mta postfix/anvil[7194]: statistics: max connection rate 1/60s for (smtp:70.89.160.227) at Aug 26 10:01:26
Aug 26 10:11:26 mta postfix/anvil[7194]: statistics: max connection count 1 for (smtp:70.89.160.227) at Aug 26 10:01:26
Aug 26 10:11:26 mta postfix/anvil[7194]: statistics: max cache size 2 at Aug 26 10:01:34
Aug 26 10:11:27 mta postfix/smtpd[7192]: timeout after MAIL from tbc-exch.thouttbrosinc.com[70.89.160.227]
Aug 26 10:11:27 mta postfix/smtpd[7192]: disconnect from tbc-exch.thouttbrosinc.com[70.89.160.227]
Aug 26 10:12:27 mta postfix/smtpd[7192]: connect from tbc-exch.thouttbrosinc.com[70.89.160.227]
Aug 26 10:17:27 mta postfix/smtpd[7192]: SSL_accept error from tbc-exch.thouttbrosinc.com[70.89.160.227]: -1
Aug 26 10:17:27 mta postfix/smtpd[7192]: lost connection after STARTTLS from tbc-exch.thouttbrosinc.com[70.89.160.227]
Aug 26 10:17:27 mta postfix/smtpd[7192]: disconnect from tbc-exch.thouttbrosinc.com[70.89.160.227]
Aug 26 10:17:27 mta postfix/smtpd[7192]: connect from tbc-exch.thouttbrosinc.com[70.89.160.227]

Looks like it still 'may' be cert issue
Does anything here help: http://technet.microsoft.com/en-us/library/bb510129(EXCHG.80).aspx

Unfortunately I don't see anything there that is the issue.  I have removed all my certs from the server, requested a new CSR from Exchange, re-keyed my cert in Godaddy and then went through the install, enable process in Exchange.  I compared the lookups as per that document and I don't see any differences in the fqdn.  I sent a new test email to hotmail and the msg is still in queue and the SMTP send log entry looks the same as before.

Not sure if this matters or if perhaps they are two different functions but I am  able to log into owa and FF and IE say the cert is valid.  Again, could be different so don't know if that matters or not.

Ok, so I turned it off on the send connector but not on the receive connectors and guess what...I got my test email.  I guess my next question would be why and what are the risks?

Looks like TLS is now set properly.  Thank you so much Dave, I really appreciate it.

Looks like TLS is now set properly.  Thank you so much Dave, I really appreciate it.

Dave is supposed to be getting 100 pts for one of his answers and 400 for another, not sure why the Alert says 0 pts.

Glad that's been sorted, well done Dave!