Solved

#550 4.4.7 QUEUE.Expired; message expired ## for a particular domain.

Posted on 2010-08-22
40
1,713 Views
Last Modified: 2012-08-13
We have Exchange 2007 on Windows 2003. All roles installed on 1 machine.

Some of our e-mails to specific domains are remaining in the queue for long time and then getting expired. I can telnet to the affected domain and I can send a test message. I confirmed with the recipient and he is receiving my message (sent through telnet).

Exchange is configured with a single send connector. Logging level is set to Verbose but no logs generated specific to the affected domain.

Even those e-mails are not hitting the firewall. As if they are not leaving the exchange server.

I tried using external DNS servers on send connector but no luck.

I followed the steps described in the similar posts on Expert-Exchange but no benefit.

Any ideas what else could cause the problem??
0
Comment
Question by:imranrft
  • 20
  • 15
  • 3
40 Comments
 
LVL 3

Expert Comment

by:VBDotNetCoder
Comment Utility
There may be a incompatibility between your server and the target server.
For example : the first command must be EHLO instead of HELO
Can you ask to the target site, what mail server (with version number) they're using?

Also if the target server has an anti-spam software installed, it might have been blocking certain users (not you or the account you used while sending test message via telnet). Can you check that?
0
 

Author Comment

by:imranrft
Comment Utility
First command was EHLO.

The target server is Exchange 2007. They are using Mcafee AntiSpam. I'll check with them about the version.

None of our users (including my account) are able to send e-mail to them. I was able to telnet and sent a message to their server from our server.


0
 
LVL 3

Expert Comment

by:VBDotNetCoder
Comment Utility
Is it possible that their AntiSpam software is blocked your domain? Can you ask this question to their system administrator?

Which MAIL FROM:  address did you use while you were sending the telnet message to the target domain?
was it your email address that has been rejected by the target domain?

In addition... Do you have anti-spam precautions taken on your DNS Server and Exchange server (like SPF record(s), reverse DNS record(s)...). Anti Spam software might have been blocking messages from you if these precautions are not implemented...

If the target domain is keeping the logs of the mail traffic, it may help you (if there is any rejection, any blocking, they'll know and tell you, checking the logs).
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
What is your Reverse DNS setup as?
Is your Reverse DNS set properly (have you asked your ISP to setup Reverse DNS on your Fixed IP Address)?
Does your Send Connector FQDN (Fully Qualified Domain Name) match your Reverse DNS setting?
Does your FQDN on your send connector resolve in DNS to the IP Address that you are sending from?
All of these have to match and resolve to each other or you will have problems sending.
If you want to post your domain name (which I can obscure for you), I can check your settings and offer specific advice to try to resolve your problem, although one or more of the above suggestions is the usual culprit.
0
 

Author Comment

by:imranrft
Comment Utility
During telnet session, in MAIL FROM address, I used the same domain e-mail account which is not able to send e-mail to the target domain.

Our Reverse DNS is setup properly. (I believe so, you can check).

Send connector FQDN is matching reverse DNS.

For your information, our domain is: mydomain.ae
If you can check and suggest something, it will be much appreciated.


Thanks guys.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Do you send out mail via our Barracuda, or just receive it?
If you send via it, that will be your problem as people will see you sending as barracuda.yourdomain.ae, not mail.yourdomain.ae.
0
 

Author Comment

by:imranrft
Comment Utility
We recently implemented Barracuda and currently it is for inbound e-mails only. But our plan is to use it also for outbound later once we solve these QUEUE issues.

Did you find it sending through Barracuda?
0
 

Author Comment

by:imranrft
Comment Utility
I can turn off Barracuda to try.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
I did not find it sending via the Barracuda - only thinking that if you are then that would be an easy solution.
What is your sending IP address? (I will obscure it too).
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Okay - well that checks out in terms of Reverse DNS!
But - please visit www.mxtoolbox.com/blacklists.aspx and pop your sending IP Address in there.  You are listed on UCEPROTECT Level 2 and 3, whcih means your ISP likes spammers and does very little to prevent them.
Essentially, you are probably being blocked because of your ISP and the fact that they have lots of spammers using their IP addresses, not because your IP address s blocked, but because you are surrounded by spammy IP Addresses from your ISP.
Either moan to your ISP, switch ISP or setup a new Send Connector for the domains you have trouble with, add the domains to the address space of the connector and add your ISP's mail server as a SmartHost, that way, most mail will be sent via DNS and the problems domains will be sent via your ISP.
0
 

Author Comment

by:imranrft
Comment Utility
OK. I'll check with my ISP tomorrow and let you know the results.

Any other possible reason for our issue?


Thanks for your help.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
As you are telnetting happily, it could be an auto-signature thats causing it if you have a standard one or a company-wide one.
Try sending a simple "Test" message with Test as the Subject and Body and nothing else.  Does that message get delivered?
Can't think of anything else.
0
 

Author Comment

by:imranrft
Comment Utility
I just tried it but didn't went through.

Can you please check the target domain? It is: marsh.com


Thanks.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Checking....
When you telent, what are you telnetting to?  A Fully Qualified Domain Name or an IP Address?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Oh joy - they are using a cluster:
Your 8 MX records are:

10 mx11.marsh.com. [TTL=10800] IP=205.156.137.71 [TTL=10800] [US]
10 mx12.marsh.com. [TTL=10800] IP=205.156.137.72 [TTL=10800] [US]
10 mx13.marsh.com. [TTL=10800] IP=205.156.137.73 [TTL=10800] [US]
10 mx50.marsh.com. [TTL=10800] IP=168.168.42.23 [TTL=10800] [US]
10 mx51.marsh.com. [TTL=10800] IP=168.168.42.24 [TTL=10800] [US]
10 mx52.marsh.com. [TTL=10800] IP=168.168.42.40 [TTL=10800] [US]
10 mx53.marsh.com. [TTL=10800] IP=168.168.42.41 [TTL=10800] [US]
10 mx10.marsh.com. [TTL=10800] IP=205.156.137.70 [TTL=10800] [US]
You could be hitting one or more servers that is not configured properly.
0
 

Author Comment

by:imranrft
Comment Utility
I did telnet to the FQDN: mx10.marsh.com
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Can you try each one in turn please.  See if one doesn't like you.
Thanks.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
Comment Utility
If you create a new Send Connector and add mx10.marsh.com as the smarthost and marsh.com as the Address space and send a test message, does that go?
0
 

Author Comment

by:imranrft
Comment Utility
OK.

Sent message successfully to each server using telnet.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Do you use autosignatures or add a company-wide disclaimer to your outbound emails?
Do you want to send me a test message so that I can see what in general you are sending? If you do - I am reachable at alan @ it-eye.co.uk (minus the spaces).
0
 

Author Comment

by:imranrft
Comment Utility
OK. Sent a test message to you.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Thanks - duly received.
No disclaimer attached!
Is this the only domain you are having problems with?
0
 

Author Comment

by:imranrft
Comment Utility
I created a new send connector "Marsh.com" and sent an e-mail again. The message is not there in the Queue. (Might be delivered!!!)

I found in Event Viewer:

"Send connector Marsh.com has initiated a new session to 205.156.137.70:25."

But how come it established a session without setting up smart host authentication?

Anyhow, I can't verify with the recipient at this time whether he received or no.


0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
My Anti-Spam software did flag up the following:
SPF policy of domain "yourdomain.ae": The requested A/MX record was not found for "exserver.yourdomain.ae"
Does exserver.yourdomain.ae exist and is it sending out mail from your domain?
If not - you might want to remove it from your SPF record.
0
 

Author Comment

by:imranrft
Comment Utility
There are few other domains:

"sscomp.ae"
"magotteaux.com"
"haskoning.ae"
"laingorouke.ae"
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
You won't need authentication enabled on te send connector as the domain / server has to receive anonymous emails.  You are only helping Exchange to point the mail to the right place.
Do you have any IP Addresses listed in your hosts file for marsh.com?
c:\windows\system32\drivers\etc hosts and lmhosts.sam
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
You may have to setup specific Send Connectors for those domains or setup one using your ISP as the Smarthost and those domains in the Address Space.  This is not unusual.
I don't see any problems at your end - it could just be them not liking you for some reason or a possible DNS issue at your end, although this is unlikely.
0
 

Author Comment

by:imranrft
Comment Utility
Oh I see. The SPF record should be "mail.mydomain.ae" instead of "exserver.mydomain.ae".

I have to check with ISP regarding.

Any issues if we remove SPF record? Or better to correct it?

0
 

Author Comment

by:imranrft
Comment Utility
I added mx10.marsh.com with its IP to the HOSTS file just to rule out any DNS issue.

This entry is still there in HOSTS.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Your SPF is currently as follows:
v=spf1 mx mx:yourdomain.ae ip4:83.xxx.xxx.109 mx:exserver.yourdomain.ae ~all
The wrong SPF can cause you problems - not having one is better than having the wrong one.
I also modified your last post to hide your domain name ; )
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
When did you add the Hosts file entry?
If mx10.marsh.com is down - you are effectively stopping the server from sending to any other mail server.  I would remove the record from the hosts file and leave DNS to resolve it.
Do you have any other IP's in the hosts file or is it empty?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Also - SPF is a DNS record change - not necessarily something you have to call your ISP about unless they manage your domains DNS records.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
Just eating.
0
 

Author Comment

by:imranrft
Comment Utility
OK. I removed the entry from HOSTS. No other entry there.

Our ISP manage our public domains DNS record.

Thank you so much Alan.

I'll check with the recipients tomorrow to verify the messages and let you know.

Regards,
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
No problems - I will be zapping a virus tomorrow that has gotten it's teeth into a PC, but will be inches from my email on my laptop.
0
 
LVL 3

Expert Comment

by:VBDotNetCoder
Comment Utility
Why did you suffer so much? :)

VBDotNetCoder:

"In addition... Do you have anti-spam precautions taken on your DNS Server and Exchange server (like SPF record(s), reverse DNS record(s)...). Anti Spam software might have been blocking messages from you if these precautions are not implemented..."
0
 

Author Closing Comment

by:imranrft
Comment Utility
Issue resolved by creating new send connectors.

Alan! Thank you so much for your help.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
You are welcome - glad the issue is resolved and thanks for the points.

Alan
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now