Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

TLS Connect failed....I'm not going to try again

Posted on 2008-10-06
8
Medium Priority
?
1,009 Views
Last Modified: 2013-11-16
Hi,

I'm having a strange email issue.  Basically, my company can receive most external emails just fine, but
when emails are sent from one particular external domain, the emails get bounced back to the sender SLOOOWLY.
After several days, the sender will receive an email that says something like this:

TLS Connect failed.  connected to xyz.ab.de.fg
I'm not going to try again; this message has been in the queue too long.

The same emails are delivered properly to gmail accounts.

the MX records appear to be fine and I notice no other issues in the logs of our
firewall or exchange server (we're using Exchange 2003).

We thought this might be a TLS issue, but we are receiving TLS-encrypted emails from other domains, so I'm not sure that's the issue.

I've seen similar questions on experts-exchange, but without satisfactory resolution.

Any ideas as to what/where to test?
I'm not a sysadmin/exchange expert...it's just a job I inherited, so go easy!

Thanks!
0
Comment
Question by:pdanese
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 900 total points
ID: 22657009
Although I am not an expert on exchange; writing this comment as it might help, I think either NDR or reverse DNS lookup can be the cause of the behavior observed.

Thank you.
0
 

Author Comment

by:pdanese
ID: 22658970
Hi, thank you for the response.

I have a few questions, tho...what is NDR?

also, could you elaborate on reverse dns lookup being 'the cause'?

0
 

Author Comment

by:pdanese
ID: 22658997
i just looked up NDR...that seems to be an error when the recipient doesn't exist.

that is not the case here.  the recipients *do* exist and they receive emails from most sources just fine.  but no one in our domain is capable of receiving emails from one specific external domain.

hope that helps clarify the issue.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 32

Expert Comment

by:dpk_wal
ID: 22660590
If you are using a firewall which does NAT for your email server and the MX record and the public IP of the firewall are different; the firewall normally sends all outbound traffic from the server using the puclic IP instead of MX record; in this case the domain which is doing reverse DNS lookup would not accept the emails from your domain. To overcome this problem we configure 1-1 NAT; and this ensures that all outbound traffic from server goes out with the same IP as the MX record IP.

As you clarified NDR is not the issue. If this is ruled out then I am not sure what else is the issue.

Thank you.
0
 
LVL 12

Assisted Solution

by:RobinHuman
RobinHuman earned 450 total points
ID: 22660765
This sounds like a TLS authentication issue on the recipient's side - I suggest that you contact them and advise them of this issue - could be the trust with them no longer exists.
0
 

Author Closing Comment

by:pdanese
ID: 31503372
suggestions didn't fix the problem but I wanted to distribute points to close the question.

Thanks to both for responding!
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22768402
Thank you for the points.
0
 
LVL 12

Expert Comment

by:RobinHuman
ID: 22768794
Thank you
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question