• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1019
  • Last Modified:

TLS Connect failed....I'm not going to try again

Hi,

I'm having a strange email issue.  Basically, my company can receive most external emails just fine, but
when emails are sent from one particular external domain, the emails get bounced back to the sender SLOOOWLY.
After several days, the sender will receive an email that says something like this:

TLS Connect failed.  connected to xyz.ab.de.fg
I'm not going to try again; this message has been in the queue too long.

The same emails are delivered properly to gmail accounts.

the MX records appear to be fine and I notice no other issues in the logs of our
firewall or exchange server (we're using Exchange 2003).

We thought this might be a TLS issue, but we are receiving TLS-encrypted emails from other domains, so I'm not sure that's the issue.

I've seen similar questions on experts-exchange, but without satisfactory resolution.

Any ideas as to what/where to test?
I'm not a sysadmin/exchange expert...it's just a job I inherited, so go easy!

Thanks!
0
pdanese
Asked:
pdanese
  • 3
  • 3
  • 2
2 Solutions
 
dpk_walCommented:
Although I am not an expert on exchange; writing this comment as it might help, I think either NDR or reverse DNS lookup can be the cause of the behavior observed.

Thank you.
0
 
pdaneseAuthor Commented:
Hi, thank you for the response.

I have a few questions, tho...what is NDR?

also, could you elaborate on reverse dns lookup being 'the cause'?

0
 
pdaneseAuthor Commented:
i just looked up NDR...that seems to be an error when the recipient doesn't exist.

that is not the case here.  the recipients *do* exist and they receive emails from most sources just fine.  but no one in our domain is capable of receiving emails from one specific external domain.

hope that helps clarify the issue.
0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

 
dpk_walCommented:
If you are using a firewall which does NAT for your email server and the MX record and the public IP of the firewall are different; the firewall normally sends all outbound traffic from the server using the puclic IP instead of MX record; in this case the domain which is doing reverse DNS lookup would not accept the emails from your domain. To overcome this problem we configure 1-1 NAT; and this ensures that all outbound traffic from server goes out with the same IP as the MX record IP.

As you clarified NDR is not the issue. If this is ruled out then I am not sure what else is the issue.

Thank you.
0
 
RobinHumanCommented:
This sounds like a TLS authentication issue on the recipient's side - I suggest that you contact them and advise them of this issue - could be the trust with them no longer exists.
0
 
pdaneseAuthor Commented:
suggestions didn't fix the problem but I wanted to distribute points to close the question.

Thanks to both for responding!
0
 
dpk_walCommented:
Thank you for the points.
0
 
RobinHumanCommented:
Thank you
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now