Exchange 2007 Server Queuing Mail and timing out to a perfectly good recipient

Out new Exchange 2007 server is having some issues with sending mail... we have multiple domains that we are having trouble getting mail out to.. here is the info in the message queue from one of the msgs:

Identity: appliedexch\284\787
Subject: n301 unique CRF sign off
Internet Message ID: <A8B2DC685B43F848BF0EC9A46F5D681D057651@exchange.ourdomain>
From Address:
Status: Ready
Size (KB): 35
Message Source Name: FromLocal
Source IP:
SCL: -1
Date Received: 9/27/2007 4:12:32 PM
Expiration Time: 9/29/2007 4:12:32 PM
Last Error: 421 Timeout reading data
Queue ID: appliedexch\284

And one of the NDRs

Delivery is delayed to these recipients or distribution lists:


Subject: Something - resend with attachment

This message has not yet been delivered. Microsoft Exchange will continue to try delivering the message on your behalf.

Delivery of this message will be attempted until 9/29/2007 2:52:46 PM (GMT-05:00) Eastern Time (US & Canada). Microsoft Exchange will notify you if the message can't be delivered by that time.


Sent by Microsoft Exchange Server 2007

Any ideas here?  
Who is Participating?
I would be looking at the ISP as having routing issues.
Of course there is no point in calling the ISP, they will not admit it. I have been on the phone to ISPs tech support with the fire alarm going off in the background and been told there was nothing wrong.

You have to continue with what I outlined above.
NSLOOKUP on the MX records, confirm they are correct then attempt to connect to the MX records on port 25 using telnet.

That is a delay message. Unfortunately it doesn't tell you anything of use.
You need to look at the server itself and see what the reason is using Queue Viewer. Verify that the server is able to find the MX records for the domain and telnet to the server server listed on the MX records on port 25.

ParadiseITSAuthor Commented:
I verified that the our Exchange server can contact the server vis nslookup.  All seems OK there...   the first cut and paste above is from Queue Viewer and that's all the info it gives.

In most of the domains that are a problem, under "Last Error" I am getting:

451 4.4.0 Primary Target IP Address Responded with: "421 Error: timeout exceeded.  Attempted Failover to alternate host but that did not succeed."


451 4.4.0 Primary Target IP Address Responded with: "421 4.4.2 Connection Dropped. Error: timeout exceeded.  Attempted Failover to alternate host but that did not succeed."

Any ideas?  I'd like to try increasing the time that our SMTP server waits but I can't find that setting in ESM...
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Adjusting timeouts should not be necessary.
Both of those are temporary errors.
Nslookup just proves the DNS lookup. What about the connection to the host?

Exchange looks like it is giving the same error for both problems - even though the SMTP error is slightly different. The second part of the error basically means it is looking for an additional MX record and either there isn't one or it doesn't work either.

ParadiseITSAuthor Commented:
Sounds right on.. the issues seems to have abated on it's own over the weekend... how would I check the host connection?
ParadiseITSAuthor Commented:
I am getting these problems again this morning... any ideas from anyone??  I need to know what might cause this problem when the domains exist and are ready receive our mail.
ParadiseITSAuthor Commented:
Sembee -- funny you should say that I'm on hold with them at the moment.  I've been able to connect to the MX records via NSLOOKUP, haven't tried telnet yet.  Will try that now.

ParadiseITSAuthor Commented:
Telnet to 25 seems to work fine for our clients...  I get a ready message from them
Is there any pattern on the domains that you cannot send to?
Same route on a tracert to their mail server, same ISP etc?

ParadiseITSAuthor Commented:
Well so here is the solution to our problem...

The issue seems that it was a reverse lookup that was being done by some of our clients and our MX record in our ISPs DNS server was pointing to their mail server, not ours.  So when a mail server tried to match names to numbers they could not and they would drop the connection, assuming we were trying to spoof a mail server.

Once DNS was fixed, I also pointed our Exchange server to our Barracuda as a Smart Host to enable it to send mail instead of the Exchange server that way all IPs and name matched.  Now mail is flowing perfectly... what a nightmare this was.
Had similar problem one time. Was getting the similar "451 4.4.0 primary target IP address responded with 421 4.4.2 connection dropped" messages. Worked for several hours on it, and tried a lot of the suggestions listed on this forum. Found out it was our anti-virus software on the server. An update had been pushed out to it the day before, and something with that update was causing the problem. As soon as we paused the anti-virus software service, the e-mail flowed out to the world without problem.
I know this is a bit old but for me the issue was related to some of the domains requiring HELO instead of EHLO --- details are here
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.