Avatar of dwebgirl
dwebgirl
 asked on

Not able to email another domain

Hello,

We started having problems emailing to an external domain.  This started happening about a month ago.  Prior to that we didn't have any problems emailing to the same domain.   We are not having any problem sending to other domains.  First we get a 'delay' notification back with SMTP 4.4.7, then we get a return notification of failure.  I can connect to the other domain through Telnet but it's not accepting other commands.  But I do get this weird response back with 220.  I also see the same thing when I look at the email in Exchange System Manager in Tracking.  I've attached a file that shows this message.  One thing I haven't been able to do because the user deleted them is look at the message header on the returned 'failure' email.

They white listed us in their Barracuda.  That didn't clear things up.  I'm not seeing anything on my end that would indicate an issue.  I've looked through the message logs and don't find anything unusual there.  They've talked to their ISP who is telling them that they're not seeing our email - not sure how reliable this information is since it's second hand.

I'm stumped, please help..... Thanks!
Exchange-System-Manager---Tracki.gif
Email ProtocolsExchangeMicrosoft Legacy OS

Avatar of undefined
Last Comment
MegaNuk3

8/22/2022 - Mon
dwebgirl

ASKER
Also, get the following results when run SMTP test on Mxtoolbox.  Not sure if this helps or not?

 Not an open relay.
 0 seconds - Good on Connection time
 0.218 seconds - Good on Transaction time
 OK - 000.000.000.000 resolves to
 Warning - Reverse DNS does not match SMTP Banner

Session Transcript:
HELO please-read-policy.mxtoolbox.com
250 SERVER01.domain.priv Hello [64.20.227.133] [62 ms]
MAIL FROM: <supertool@mxtoolbox.com>
250 2.1.0 supertool@mxtoolbox.com....Sender OK [47 ms]
RCPT TO: <test@example.com>
550 5.7.1 Unable to relay for test@example.com [47 ms]
QUIT
221 2.0.0 SERVER01.domain.priv Service closing transmission channel [62 ms]
 
dwebgirl

ASKER
Ok, here's another update.  I can Telnet and connect into the domain's mail server and get a 250 response back to HELO command but it does not respond back to MAIL FROM: command.  Just times out and loses connection.  


Thanks!
MegaNuk3

is MXTOOLBOX.com listing you on any blacklists?
When you did the telnet did you do it from your internet facing Exchange server or from another box?
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
dwebgirl

ASKER
Ok, this may be related to a Cisco Pix Firewall and Mailguard.  Will know further in a day or two.
MegaNuk3

What happens if you try telnet and use EHLO instead of HELO?
dwebgirl

ASKER
With EHLO - I get 500 5.5.3 unrecognized command.  With HELO I get a response 250 back.   It's after I enter the MAIL FROM: comand that it just sits there and times out.

I've been waiting to hear back from the recipient's end as to what I asked them to look into.  We're getting a lot of the symptoms that are discussed in this article:  http://technet.microsoft.com/en-us/library/dd277550(EXCHG.80,printer).aspx.  This is what I asked them to look into.  I did get a call back and they told me the tech guys don't want to do the recommended solution.

Any ideas?


⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
dwebgirl

ASKER
To answer your other questions  - Also, we're not listed on any major blacklists according to MXToolBox and other look-up sites.  Same telnet responses whether done from Exchange Server or a client PC.
MegaNuk3

Try SMTPDiag

SMTPDIAG "sender address" "recipient address" [-d target DNS] [/v]

http://www.microsoft.com/downloads/details.aspx?FamilyID=BC1881C7-925D-4A29-BD42-71E8563C80A9&displayLang=en
MegaNuk3

Are they behind a Cisco PIX firewall? they should definitely turn the Mailguard feature off then... Otherwise they could end up getting duplicate messages...
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
dwebgirl

ASKER
I had run SMTPdiag before but not able to run with -d target DNS.  Perhaps I'm not entering the correct syntax.

The message I get with /v is "Checking MX servers listed connecting to ....... Error: Expected '220' server is not accepting connections.  Failed to submit mail"

Yes they are behind a Cisco Pix.  I am scheduled to talk to the company's tech consultant tomorrow.  But, when talking with the company person yesterday, he told me that the tech consultant advised him against making the change to accept email from just one company.  He said something about it opens them up to bad things and they shouldn't have to do that for one company.  What I don't understand is why all of a sudden it stopped working.  We used to be able to send email to them without any problem.  This happened a week or so after being blacklisted.  We got off that but then we still couldn't send them email.  I asked them to whitelist us and they supposedly did on their Barracuda.
MegaNuk3

I don't know much about PIX firewalls, but maybe they can add a "safe" rule for your domain or a route from your external IP address into them so MailGuard doesn't touch it...

dwebgirl

ASKER
I don't know about Cisco PIX firewalls as well.  Does it make sense what they're saying?  I can ask about adding a "safe" rule tomorrow when I talk with them.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
ASKER CERTIFIED SOLUTION
MegaNuk3

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
dwebgirl

ASKER
Would all the other Tab settings stay the same as the original SMTP connector except the SMTP Connector Name and what you mentioned above?
MegaNuk3

Yep, but you would need to check the cost of the "*" one though and make this one cheaper otherwise messages for this dodgy domain will just go out the "*" one
dwebgirl

ASKER
That worked!  I'm glad it did, but somehow I feel that this is just a bandaid?  That really the issue was on their end.

Thanks for all your help and sticking with me through resolution.


All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
MegaNuk3

Yep, hopefully that company will get lots of calls from every other company they deal with that has Exchange and they will have to turn MailGuard off.

Or hopefully they will receive/send loads of duplicate mails caused by Mailguard...