asatchwell
asked on
E-mail error when recieving mail from customer
Hi,
We have a customer who is having problems getting an email through to us. We have a Exchange 2003 Server which is running on Server 2003 box both are fully service packed. We run GFI MailEssentials for our Spam filtering to which I have whitelisted the customers domian name and sending mail servers IP address's. We are only having problems with this one new customer who keeps having mail bounced back to them with a 4.4.2 error as per below which is the error message they have sent to us via an alternative email address.
"Message delivery completed to the 212.35.253.xxx host with encryption setting of TLS based opportunistic TLS for recipient "me@mycompany.com". The 212.35.253.xxx destination host returned delivery information of 442 lost connection with "my.emailserver" 212.35.253.xxx while sending mail from anddelivery status delayed."
There mail is being relayed via Websense-Email-Security-Ga
They believe the fault lies with our server but I can't get to the bottom of what is causing this problem.... help please!
Cheers
Andy
We have a customer who is having problems getting an email through to us. We have a Exchange 2003 Server which is running on Server 2003 box both are fully service packed. We run GFI MailEssentials for our Spam filtering to which I have whitelisted the customers domian name and sending mail servers IP address's. We are only having problems with this one new customer who keeps having mail bounced back to them with a 4.4.2 error as per below which is the error message they have sent to us via an alternative email address.
"Message delivery completed to the 212.35.253.xxx host with encryption setting of TLS based opportunistic TLS for recipient "me@mycompany.com". The 212.35.253.xxx destination host returned delivery information of 442 lost connection with "my.emailserver" 212.35.253.xxx while sending mail from anddelivery status delayed."
There mail is being relayed via Websense-Email-Security-Ga
They believe the fault lies with our server but I can't get to the bottom of what is causing this problem.... help please!
Cheers
Andy
ASKER
Yes we have TLS setup but we do not have a routing group connector setup for this domain as they are a new customer. I guess once I have set this up thet will be able to send us mail.
Routing Group Connectors have nothing to do with external email delivery. They are for routing groups, which is Exchange internal only.
On Exchange 2003 TLS is either ON or OFF, it doesn't do opportunist TLS. If you want that you need to upgrade to something more modern. Although this shoudl be done by your websense gateway, and that is where I would be pointing the finger. Either that or something is scanning SMTP traffic which shouldn't be - firewall for example.
Simon.
On Exchange 2003 TLS is either ON or OFF, it doesn't do opportunist TLS. If you want that you need to upgrade to something more modern. Although this shoudl be done by your websense gateway, and that is where I would be pointing the finger. Either that or something is scanning SMTP traffic which shouldn't be - firewall for example.
Simon.
ASKER
Routing groups can be used to deliver mail to external domains using specified IP address's, so they can be used for external mail delivery.
We are not using websene, it is the company trying to deliver mail to us that uses websense, and our firwall is not scanning SMTP traffic. we only have this problem with one company on a mail server setup that has been in place for some time.
TLS is setup and my server and always has been, it has been checked on http://www.checktls.com website. The only slight problem I can see is that there is a certificate mismatch the Cert Hostname DOES NOT VERIFY (starck.sirius-xxxxxxl.xxx
So email is encrypted but the host is not verified.
We are not using websene, it is the company trying to deliver mail to us that uses websense, and our firwall is not scanning SMTP traffic. we only have this problem with one company on a mail server setup that has been in place for some time.
TLS is setup and my server and always has been, it has been checked on http://www.checktls.com website. The only slight problem I can see is that there is a certificate mismatch the Cert Hostname DOES NOT VERIFY (starck.sirius-xxxxxxl.xxx
So email is encrypted but the host is not verified.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK that been the case then how do I setup my 2003 exchange server to except email from a server that insists on TLS for mail between our companies.
We can send them mail no problem I just need to be able to recieve mail from them.
Thanks
Andy
We can send them mail no problem I just need to be able to recieve mail from them.
Thanks
Andy
I have already answered that.
You need an additional SMTP virtual server, with a seperate host name or port and the other side needs to know which it is.
If you upgraded to something more modern then it can all be done on the same host name with the additional steps.
Simon.
You need an additional SMTP virtual server, with a seperate host name or port and the other side needs to know which it is.
If you upgraded to something more modern then it can all be done on the same host name with the additional steps.
Simon.
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for asatchwell's comment #a39524150
for the following reason:
blah
Accepted answer: 0 points for asatchwell's comment #a39524150
for the following reason:
blah
Why do you want this question closed? "Blah" isn't an acceptable reason.
ASKER
I want to close this question because no expert has come up with a solution to my question, company X still can't get email through to us and I'm no closer to a solution and frankly I'm not sure why I pay my subs.
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for asatchwell's comment #a39535715
for the following reason:
Poor with no reference to the question
Accepted answer: 0 points for asatchwell's comment #a39535715
for the following reason:
Poor with no reference to the question
I disagree.
You have posted an error about the remote site trying to opportunist TLS. Exchange 2003 doesn't support opportunist TLS, so you have to use another method if you want to use TLS, which I have also outlined to you.
Simon.
You have posted an error about the remote site trying to opportunist TLS. Exchange 2003 doesn't support opportunist TLS, so you have to use another method if you want to use TLS, which I have also outlined to you.
Simon.
If you did not, you can either:
a. Ask the other side not to send email through their TLS enabled connector
b. Configure your server to accept their TLS connection.