imranrft
asked on
#550 4.4.7 QUEUE.Expired; message expired ## for a particular domain.
We have Exchange 2007 on Windows 2003. All roles installed on 1 machine.
Some of our e-mails to specific domains are remaining in the queue for long time and then getting expired. I can telnet to the affected domain and I can send a test message. I confirmed with the recipient and he is receiving my message (sent through telnet).
Exchange is configured with a single send connector. Logging level is set to Verbose but no logs generated specific to the affected domain.
Even those e-mails are not hitting the firewall. As if they are not leaving the exchange server.
I tried using external DNS servers on send connector but no luck.
I followed the steps described in the similar posts on Expert-Exchange but no benefit.
Any ideas what else could cause the problem??
Some of our e-mails to specific domains are remaining in the queue for long time and then getting expired. I can telnet to the affected domain and I can send a test message. I confirmed with the recipient and he is receiving my message (sent through telnet).
Exchange is configured with a single send connector. Logging level is set to Verbose but no logs generated specific to the affected domain.
Even those e-mails are not hitting the firewall. As if they are not leaving the exchange server.
I tried using external DNS servers on send connector but no luck.
I followed the steps described in the similar posts on Expert-Exchange but no benefit.
Any ideas what else could cause the problem??
ASKER
First command was EHLO.
The target server is Exchange 2007. They are using Mcafee AntiSpam. I'll check with them about the version.
None of our users (including my account) are able to send e-mail to them. I was able to telnet and sent a message to their server from our server.
The target server is Exchange 2007. They are using Mcafee AntiSpam. I'll check with them about the version.
None of our users (including my account) are able to send e-mail to them. I was able to telnet and sent a message to their server from our server.
Is it possible that their AntiSpam software is blocked your domain? Can you ask this question to their system administrator?
Which MAIL FROM: address did you use while you were sending the telnet message to the target domain?
was it your email address that has been rejected by the target domain?
In addition... Do you have anti-spam precautions taken on your DNS Server and Exchange server (like SPF record(s), reverse DNS record(s)...). Anti Spam software might have been blocking messages from you if these precautions are not implemented...
If the target domain is keeping the logs of the mail traffic, it may help you (if there is any rejection, any blocking, they'll know and tell you, checking the logs).
Which MAIL FROM: address did you use while you were sending the telnet message to the target domain?
was it your email address that has been rejected by the target domain?
In addition... Do you have anti-spam precautions taken on your DNS Server and Exchange server (like SPF record(s), reverse DNS record(s)...). Anti Spam software might have been blocking messages from you if these precautions are not implemented...
If the target domain is keeping the logs of the mail traffic, it may help you (if there is any rejection, any blocking, they'll know and tell you, checking the logs).
What is your Reverse DNS setup as?
Is your Reverse DNS set properly (have you asked your ISP to setup Reverse DNS on your Fixed IP Address)?
Does your Send Connector FQDN (Fully Qualified Domain Name) match your Reverse DNS setting?
Does your FQDN on your send connector resolve in DNS to the IP Address that you are sending from?
All of these have to match and resolve to each other or you will have problems sending.
If you want to post your domain name (which I can obscure for you), I can check your settings and offer specific advice to try to resolve your problem, although one or more of the above suggestions is the usual culprit.
Is your Reverse DNS set properly (have you asked your ISP to setup Reverse DNS on your Fixed IP Address)?
Does your Send Connector FQDN (Fully Qualified Domain Name) match your Reverse DNS setting?
Does your FQDN on your send connector resolve in DNS to the IP Address that you are sending from?
All of these have to match and resolve to each other or you will have problems sending.
If you want to post your domain name (which I can obscure for you), I can check your settings and offer specific advice to try to resolve your problem, although one or more of the above suggestions is the usual culprit.
ASKER
During telnet session, in MAIL FROM address, I used the same domain e-mail account which is not able to send e-mail to the target domain.
Our Reverse DNS is setup properly. (I believe so, you can check).
Send connector FQDN is matching reverse DNS.
For your information, our domain is: mydomain.ae
If you can check and suggest something, it will be much appreciated.
Thanks guys.
Our Reverse DNS is setup properly. (I believe so, you can check).
Send connector FQDN is matching reverse DNS.
For your information, our domain is: mydomain.ae
If you can check and suggest something, it will be much appreciated.
Thanks guys.
Do you send out mail via our Barracuda, or just receive it?
If you send via it, that will be your problem as people will see you sending as barracuda.yourdomain.ae, not mail.yourdomain.ae.
If you send via it, that will be your problem as people will see you sending as barracuda.yourdomain.ae, not mail.yourdomain.ae.
ASKER
We recently implemented Barracuda and currently it is for inbound e-mails only. But our plan is to use it also for outbound later once we solve these QUEUE issues.
Did you find it sending through Barracuda?
Did you find it sending through Barracuda?
ASKER
I can turn off Barracuda to try.
I did not find it sending via the Barracuda - only thinking that if you are then that would be an easy solution.
What is your sending IP address? (I will obscure it too).
What is your sending IP address? (I will obscure it too).
Okay - well that checks out in terms of Reverse DNS!
But - please visit www.mxtoolbox.com/blacklists.aspx and pop your sending IP Address in there. You are listed on UCEPROTECT Level 2 and 3, whcih means your ISP likes spammers and does very little to prevent them.
Essentially, you are probably being blocked because of your ISP and the fact that they have lots of spammers using their IP addresses, not because your IP address s blocked, but because you are surrounded by spammy IP Addresses from your ISP.
Either moan to your ISP, switch ISP or setup a new Send Connector for the domains you have trouble with, add the domains to the address space of the connector and add your ISP's mail server as a SmartHost, that way, most mail will be sent via DNS and the problems domains will be sent via your ISP.
But - please visit www.mxtoolbox.com/blacklists.aspx and pop your sending IP Address in there. You are listed on UCEPROTECT Level 2 and 3, whcih means your ISP likes spammers and does very little to prevent them.
Essentially, you are probably being blocked because of your ISP and the fact that they have lots of spammers using their IP addresses, not because your IP address s blocked, but because you are surrounded by spammy IP Addresses from your ISP.
Either moan to your ISP, switch ISP or setup a new Send Connector for the domains you have trouble with, add the domains to the address space of the connector and add your ISP's mail server as a SmartHost, that way, most mail will be sent via DNS and the problems domains will be sent via your ISP.
ASKER
OK. I'll check with my ISP tomorrow and let you know the results.
Any other possible reason for our issue?
Thanks for your help.
Any other possible reason for our issue?
Thanks for your help.
As you are telnetting happily, it could be an auto-signature thats causing it if you have a standard one or a company-wide one.
Try sending a simple "Test" message with Test as the Subject and Body and nothing else. Does that message get delivered?
Can't think of anything else.
Try sending a simple "Test" message with Test as the Subject and Body and nothing else. Does that message get delivered?
Can't think of anything else.
ASKER
I just tried it but didn't went through.
Can you please check the target domain? It is: marsh.com
Thanks.
Can you please check the target domain? It is: marsh.com
Thanks.
Checking....
When you telent, what are you telnetting to? A Fully Qualified Domain Name or an IP Address?
When you telent, what are you telnetting to? A Fully Qualified Domain Name or an IP Address?
Oh joy - they are using a cluster:
Your 8 MX records are:
10 mx11.marsh.com. [TTL=10800] IP=205.156.137.71 [TTL=10800] [US]
10 mx12.marsh.com. [TTL=10800] IP=205.156.137.72 [TTL=10800] [US]
10 mx13.marsh.com. [TTL=10800] IP=205.156.137.73 [TTL=10800] [US]
10 mx50.marsh.com. [TTL=10800] IP=168.168.42.23 [TTL=10800] [US]
10 mx51.marsh.com. [TTL=10800] IP=168.168.42.24 [TTL=10800] [US]
10 mx52.marsh.com. [TTL=10800] IP=168.168.42.40 [TTL=10800] [US]
10 mx53.marsh.com. [TTL=10800] IP=168.168.42.41 [TTL=10800] [US]
10 mx10.marsh.com. [TTL=10800] IP=205.156.137.70 [TTL=10800] [US]
You could be hitting one or more servers that is not configured properly.
Your 8 MX records are:
10 mx11.marsh.com. [TTL=10800] IP=205.156.137.71 [TTL=10800] [US]
10 mx12.marsh.com. [TTL=10800] IP=205.156.137.72 [TTL=10800] [US]
10 mx13.marsh.com. [TTL=10800] IP=205.156.137.73 [TTL=10800] [US]
10 mx50.marsh.com. [TTL=10800] IP=168.168.42.23 [TTL=10800] [US]
10 mx51.marsh.com. [TTL=10800] IP=168.168.42.24 [TTL=10800] [US]
10 mx52.marsh.com. [TTL=10800] IP=168.168.42.40 [TTL=10800] [US]
10 mx53.marsh.com. [TTL=10800] IP=168.168.42.41 [TTL=10800] [US]
10 mx10.marsh.com. [TTL=10800] IP=205.156.137.70 [TTL=10800] [US]
You could be hitting one or more servers that is not configured properly.
ASKER
I did telnet to the FQDN: mx10.marsh.com
Can you try each one in turn please. See if one doesn't like you.
Thanks.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK.
Sent message successfully to each server using telnet.
Sent message successfully to each server using telnet.
Do you use autosignatures or add a company-wide disclaimer to your outbound emails?
Do you want to send me a test message so that I can see what in general you are sending? If you do - I am reachable at alan @ it-eye.co.uk (minus the spaces).
Do you want to send me a test message so that I can see what in general you are sending? If you do - I am reachable at alan @ it-eye.co.uk (minus the spaces).
ASKER
OK. Sent a test message to you.
Thanks - duly received.
No disclaimer attached!
Is this the only domain you are having problems with?
No disclaimer attached!
Is this the only domain you are having problems with?
ASKER
I created a new send connector "Marsh.com" and sent an e-mail again. The message is not there in the Queue. (Might be delivered!!!)
I found in Event Viewer:
"Send connector Marsh.com has initiated a new session to 205.156.137.70:25."
But how come it established a session without setting up smart host authentication?
Anyhow, I can't verify with the recipient at this time whether he received or no.
I found in Event Viewer:
"Send connector Marsh.com has initiated a new session to 205.156.137.70:25."
But how come it established a session without setting up smart host authentication?
Anyhow, I can't verify with the recipient at this time whether he received or no.
My Anti-Spam software did flag up the following:
SPF policy of domain "yourdomain.ae": The requested A/MX record was not found for "exserver.yourdomain.ae"
Does exserver.yourdomain.ae exist and is it sending out mail from your domain?
If not - you might want to remove it from your SPF record.
SPF policy of domain "yourdomain.ae": The requested A/MX record was not found for "exserver.yourdomain.ae"
Does exserver.yourdomain.ae exist and is it sending out mail from your domain?
If not - you might want to remove it from your SPF record.
ASKER
There are few other domains:
"sscomp.ae"
"magotteaux.com"
"haskoning.ae"
"laingorouke.ae"
"sscomp.ae"
"magotteaux.com"
"haskoning.ae"
"laingorouke.ae"
You won't need authentication enabled on te send connector as the domain / server has to receive anonymous emails. You are only helping Exchange to point the mail to the right place.
Do you have any IP Addresses listed in your hosts file for marsh.com?
c:\windows\system32\driver
Do you have any IP Addresses listed in your hosts file for marsh.com?
c:\windows\system32\driver
You may have to setup specific Send Connectors for those domains or setup one using your ISP as the Smarthost and those domains in the Address Space. This is not unusual.
I don't see any problems at your end - it could just be them not liking you for some reason or a possible DNS issue at your end, although this is unlikely.
I don't see any problems at your end - it could just be them not liking you for some reason or a possible DNS issue at your end, although this is unlikely.
ASKER
Oh I see. The SPF record should be "mail.mydomain.ae" instead of "exserver.mydomain.ae".
I have to check with ISP regarding.
Any issues if we remove SPF record? Or better to correct it?
I have to check with ISP regarding.
Any issues if we remove SPF record? Or better to correct it?
ASKER
I added mx10.marsh.com with its IP to the HOSTS file just to rule out any DNS issue.
This entry is still there in HOSTS.
This entry is still there in HOSTS.
Your SPF is currently as follows:
v=spf1 mx mx:yourdomain.ae ip4:83.xxx.xxx.109 mx:exserver.yourdomain.ae ~all
The wrong SPF can cause you problems - not having one is better than having the wrong one.
I also modified your last post to hide your domain name ; )
v=spf1 mx mx:yourdomain.ae ip4:83.xxx.xxx.109 mx:exserver.yourdomain.ae ~all
The wrong SPF can cause you problems - not having one is better than having the wrong one.
I also modified your last post to hide your domain name ; )
When did you add the Hosts file entry?
If mx10.marsh.com is down - you are effectively stopping the server from sending to any other mail server. I would remove the record from the hosts file and leave DNS to resolve it.
Do you have any other IP's in the hosts file or is it empty?
If mx10.marsh.com is down - you are effectively stopping the server from sending to any other mail server. I would remove the record from the hosts file and leave DNS to resolve it.
Do you have any other IP's in the hosts file or is it empty?
Also - SPF is a DNS record change - not necessarily something you have to call your ISP about unless they manage your domains DNS records.
Just eating.
ASKER
OK. I removed the entry from HOSTS. No other entry there.
Our ISP manage our public domains DNS record.
Thank you so much Alan.
I'll check with the recipients tomorrow to verify the messages and let you know.
Regards,
Our ISP manage our public domains DNS record.
Thank you so much Alan.
I'll check with the recipients tomorrow to verify the messages and let you know.
Regards,
No problems - I will be zapping a virus tomorrow that has gotten it's teeth into a PC, but will be inches from my email on my laptop.
Why did you suffer so much? :)
VBDotNetCoder:
"In addition... Do you have anti-spam precautions taken on your DNS Server and Exchange server (like SPF record(s), reverse DNS record(s)...). Anti Spam software might have been blocking messages from you if these precautions are not implemented..."
VBDotNetCoder:
"In addition... Do you have anti-spam precautions taken on your DNS Server and Exchange server (like SPF record(s), reverse DNS record(s)...). Anti Spam software might have been blocking messages from you if these precautions are not implemented..."
ASKER
Issue resolved by creating new send connectors.
Alan! Thank you so much for your help.
Alan! Thank you so much for your help.
You are welcome - glad the issue is resolved and thanks for the points.
Alan
Alan
For example : the first command must be EHLO instead of HELO
Can you ask to the target site, what mail server (with version number) they're using?
Also if the target server has an anti-spam software installed, it might have been blocking certain users (not you or the account you used while sending test message via telnet). Can you check that?