Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Exchange Server Error 4.4.7

Posted on 2010-09-17
39
Medium Priority
?
479 Views
Last Modified: 2012-05-10
Hello:  One of my clients starting getting these messages.  As an example: they send me an email one day and it works and the next start a new email to me and it spits out this message:

SBS 2003, and I have run the config wizard on it several times.

This seemed to start after their Qwest DSL modem died and it was replaced by another.  I made sure the server is DMZ'd.

"
From: System Administrator
>Sent: Thursday, September 09, 2010 4:38 PM
>To: XXXXXXX
>Subject: Undeliverable:Email Warning for all Pittock Employees
>
>Your message did not reach some or all of the intended recipients.
>
>      Subject:      Email Warning for all Pittock Employees
>      Sent:      9/9/2010 2:24 PM
>
>The following recipient(s) cannot be reached:
>
>      Josh Woods on 9/9/2010 4:38 PM
>            Could not deliver the message in the time limit specified.
>Please retry or contact your administrator.
>            <pittockmansion.org #4.4.7>
>
>     
Josh Woods
0
Comment
Question by:acmesupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 19
  • 18
39 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33705867
Your problem may be related to the fact that the pittockmansion.org mail server is sending out it's name as pittockmansion.org and not mansion1.pittockmansion.org.  Here is an extract from a domain report on www.dnstuff.com:
WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.

mansion1.pittockmansion.org claims to be host pittockmansion.org [but that host is at 216.251.43.98 (may be cached), not 63.229.140.153]
You can change this on the SMTP Virtual Server, Delivery Tab, Advanced Button.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33705873
Extract from http://support.microsoft.com/kb/284204
Numeric Code: 4.4.7

Possible Cause: The message in the queue has expired. The sending server tried to relay or deliver the message, but the action was not completed before the message expiration time occurred. This NDR may also indicate that a message header limit has been reached on a remote server or that some other protocol timeout occurred during communication with the remote server.
Troubleshooting: This code typically indicates an issue on the receiving server. Verify the validity of the recipient address, and verify that the receiving server is configured to receive messages correctly. You may have to reduce the number of recipients in the header of the message for the host that you are receiving this NDR from. If you resend the message, it is placed in the queue again. If the receiving server is on line, the message is delivered.
 
0
 

Author Comment

by:acmesupport
ID: 33705898
That seems logical.  Under that setting it is "pittockmansion.org".  But when I run the stupid email config wizard it is set to mansion1.pittmansion.org but if I change that to pittockmansion.org the intranet goes down.

J
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 

Author Comment

by:acmesupport
ID: 33705904
What i meant was the "web cert" is set to mansion1.PMS.local.

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33705912
Set it manually.  It should be mansion1.pittockmansion.org.  This macthes your MX record and Reverse DNS setting and it is essential that all 3 of these are matching.
The cert can say what it likes - it si not used for email transmission, although a certificate ending in .local wil mean you have other issues you need to address, such as Activesync not being able to work or RPC over HTTPs.
0
 

Author Comment

by:acmesupport
ID: 33705914
Got it.  Made the change.  Ill update when I know more.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33705932
Please also resolve your issue with Backscatter - where you are sending out NDR messages to spammers:
http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist%3a63.229.140.153
Make sure you enable Recipient Filtering on your server too, otherwise you won't get off the blacklist:
http://www.msexchange.org/tutorials/Sender-Recipient-Filtering.html 
0
 

Author Comment

by:acmesupport
ID: 33720196
Today there are more delayed messages.

XXXXXXXXX@usbakery.com on 9/20/2010 12:14 PM

            Could not deliver the message in the time limit specified.  Please retry or contact your administrator.

            <mansion1.pittockmansion.org #4.4.7>
0
 

Author Comment

by:acmesupport
ID: 33720244
Recipient Filtering is on also.  What is the server doing to get on that black list?
0
 

Author Comment

by:acmesupport
ID: 33720256
Backscatter reports:


This IP IS CURRENTLY LISTED in our Database.
Please note that this listing does not mean you are a spammer, it means your mailsystem is either poorly configured or it is using abusive techniques.
If you don't know what BACKSCATTER or Sender Callouts are, click the links above to get clue how to stop that kind of abuse.


To track down what happened investigate your smtplogs near 06.09.2010 19:34 CEST +/-1 minute.

You will either find that your system tried to send bounces or autoresponders to claimed but in reality faked senders, or your system tried sender verify callouts against our members near that time.

So you should look for outgoing emails that have a NULL SENDER or POSTMASTER in MAIL FROM and which got rejected at remote systems.

Read the rejection texts carefully and it shouldn't be a big deal to figure out what caused or renewed your listing.


History:
19.04.2009 02:34 CEST      listed      
18.09.2009 08:25 CEST      expired      
11.02.2010 02:56 CET      listed      
11.03.2010 03:25 CET      expired      
11.07.2010 18:11 CEST      listed      

A total of 12 Impacts were detected during this listing. Last was 06.09.2010 19:34 CEST +/- 1 minute.
Earliest date this IP can expire is 04.10.2010 19:34 CEST.


huh?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33720844
The good news is that your last listing date / time was on the 6th September - 2 weeks ago.
If you have Recipient Filtering enabled, then you should come off the blacklist on the 4th October automatically.  Until this time, you may have problems sending out mail.
When did you enable Recipient Filtering on your server?
0
 

Author Comment

by:acmesupport
ID: 33720866
It has always been enabled.  Why would we be listed?  I find no errors in the logs as it suggests to have me look.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33720896
Well - the usual reason for being listed is that a spammer is sending emails to your server claiming to come from an email address that they have made up.  When your server receives the message and can't deliver it because the address is not valid, your server rejects it and sends a Non Delivery Report back to the email address it came from, which was made up.  Some of the made up addresses are genuine addresses that are set as traps to catch spam (they have never been advertised) and when an email hits the trap - the IP Address gets flagged as a spammer.
Do you have any Anti-Spam software on your server?
0
 

Author Comment

by:acmesupport
ID: 33721076
No Anti-Spam software.  We have never sent emails out from fake email addresses and such.  Would an Anti-Spam software have prevented this?  Why?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33721114
I am not saying that you have sent out fake emails, only that your server received fake emails and that you didn't have Recipient Filtering enabled (or it was enabled and not working), and then your server sent out NDR messages to Spam Traps.
Anti-Spam software would most probably have helped you and I would recommend you install something on your server.
A very good and exceptionally priced piece of software (which I use personally) is Vamsoft ORF - www.vamsoft.com
You can trial it for 30-days to see how it works for you.  If you decide to trial it and need help setting it up - I am more than happy to help you.
0
 

Author Comment

by:acmesupport
ID: 33721142
Thanks I will try that.  I am concerned that we will not be taken off that list as we have been on there since July.  What else is there to check?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33721161
With Recipient Filtering enabled and something like Vamsoft ORF installed, you should not suffer the same problem.
Don't forget it has been 2 weeks since you were last listed.
If you like - drop me an email to alan @ it-eye.co.uk and I will see what Vamsoft ORF makes of your server / IP Address etc and this may highlight something else amiss.
0
 

Author Comment

by:acmesupport
ID: 33726255
OK, I installed Vamsoft.  I'll see how it goes.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33728875
Don't forget - if you need any help with Vamsoft - feel free to ask.
It is eliminating 93% of mail happily for a customer I visited today and no complaints : )
0
 

Author Comment

by:acmesupport
ID: 33736037
Will do!  How long should I wait to see if it resolves the delay issue?  The 2 weeks left on the blacklisting?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33738705
Ideally - yes.  If you want to drop me an email to the address above, I can see what my Vamsoft makes of your IP / Server / Environment configuration and see if there is abything obvious that I can see that is not already covered above.
0
 

Author Comment

by:acmesupport
ID: 33738821
Just sent you an email.
0
 

Author Comment

by:acmesupport
ID: 33738833
I received this response:


<alan@it-eye.co.uk>:
87.194.160.198 does not like recipient.
Remote host said: 550 5.2.1 Mailbox unavailable. Your IP address 67.18.21.3 is blacklisted using UCEPROTECT-1. Details: IP 67.18.21.3 is UCEPROTECT-Level 1 listed. See http://www.uceprotect.net/rblcheck.php?ipr=67.18.21.3.
Giving up on 87.194.160.198.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33747847
Okay - you are listed on 3 blacklists:
http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist%3a67.18.21.3
SORBS report:
Address: 67.18.21.3 Record Created: Fri Feb 26 15:49:49 2010 GMT Record Updated: Fri Aug 27 11:09:36 2010 GMT Additional Information: [ Updated via: Report 'o Matic ] Received: from gateway05.websitewelcome.com (gateway05.websitewelcome.com [67.18.21.3]) by banshee.isux.com (Postfix) with SMTP id 7462B108A00 for <[email]>; Fri, 27 Aug 2010 11:12:04 +0000 (UTC) Currently active and flagged to be published in DNS If you wish to request a delisting please do so through the Support System. Eligible for self delisting as only one spam occurance is recorded
UCEPROTECT report:
IP-InformationYour IP 67.18.21.3 is part of
AS
21844 THEPLANET-AS - ThePlanet.com Internet Services, Inc.
and the Networks 67.18.0.0/15

Reverse DNS (PTR) exists and claimes to be: gateway05.websitewelcome.com

Forward DNS for gateway05.websitewelcome.com is: 69.56.148.14

WARNING: Forward-DNS does NOT match Reverse-DNS.
DNS is INCONSISTENT.
Please request your Admin or Provider to fix this.

Reverse DNS Report:
Reverse DNS for 67.18.21.3Location: United States [City: Dallas, Texas]

Preparation:
The reverse DNS entry for an IP is found by reversing the IP, adding it to "in-addr.arpa", and looking up the PTR record.
So, the reverse DNS entry for 67.18.21.3 is found by looking up the PTR record for
3.21.18.67.in-addr.arpa.
All DNS requests start by asking the root servers, and they let us know what to do next.
See How Reverse DNS Lookups Work for more information.

How I am searching:
Asking e.root-servers.net for 3.21.18.67.in-addr.arpa PTR record:  
       e.root-servers.net says to go to y.arin.net. (zone: 67.in-addr.arpa.)
Asking y.arin.net. for 3.21.18.67.in-addr.arpa PTR record:  
       y.arin.net [192.42.93.32] says to go to NS1.THEPLANET.COM. (zone: 18.67.in-addr.arpa.)
Asking NS1.THEPLANET.COM. for 3.21.18.67.in-addr.arpa PTR record:  Reports gateway05.websitewelcome.com. [from 207.218.247.135]

Answer:
67.18.21.3 PTR record: gateway05.websitewelcome.com. [TTL 86400s] [A=67.18.21.3, 67.18.22.93, 67.18.39.14, 67.18.44.15, 67.18.52.6, 67.18.55.14, 67.18.59.3, 67.18.103.7, 67.18.124.3, 67.18.125.8, 67.18.144.2, 69.56.148.14, 69.56.195.29, 69.93.35.13, 69.93.154.37, 69.93.164.10, 69.93.179.12, 69.93.243.11, 64.5.38.5, 64.5.50.2, 64.5.52.8, 67.18.1.3, 67.18.10.9, 67.18.14.14, 67.18.15.4, 67.18.16.77]
Are you sending mail out via a Smart Host (3rd party)?
0
 

Author Comment

by:acmesupport
ID: 33748579
Is this from the email I sent you?  I sent that from josh@acmesupport.com not the pittockmansion.org
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33749195
Yes - from the email you sent me - based on the last post you made.
Can you please try to send to me from your pittockmansion.org server - then I can see what the problem from your server might be.
Thanks
Alan
0
 

Author Comment

by:acmesupport
ID: 33749276
Ok, ill send a message from myname@mydomain.org
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33749294
Thanks - looking out for it.
Alan
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33749334
Don't see anything yet - please let me know when it is on the way.
Alan
0
 

Author Comment

by:acmesupport
ID: 33749707
here is what happened.


From: Administrator
Sent: Thursday, September 23, 2010 3:50 PM
To: Bill Norris
Subject: Delivery Status Notification (Delay)

This is an automatically generated Delivery Status Notification.

THIS IS A WARNING MESSAGE ONLY.

YOU DO NOT NEED TO RESEND YOUR MESSAGE.

Delivery to the following recipients has been delayed.

       alan+AEA-it-eye.co.uk
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33749736
Weird!  I saw your email hit my anti-spam software and then nothing arrived in my inbox.
So - your server may be stopping the flow of email before the flow is complete.
What Service Pack is Exchange currently on and have you installed KB950757? :
http://support.microsoft.com/kb/950757/ 
0
 

Author Comment

by:acmesupport
ID: 33751124
Version 6.5 (Build 7226.6 SP1)

So should I upgrade to SP2?
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 33751497
Absolutely - I would definitely upgrade to SP2.
Once upgraded, please try to send me another test message and post here that you have sent one.
Thanks.
0
 

Author Comment

by:acmesupport
ID: 33791033
Good I will. Can you tell me, do I use the normal exchange server sp2 upgrade or is there a special one?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33805406
Sorry - I missed the email notification.
Yes - just download and install the usual SP2 download from:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=535bef85-3096-45f8-aa43-60f1f58b3c40&displaylang=en 
0
 

Author Comment

by:acmesupport
ID: 33808703
Downloaded the SP2, installed and it it fixed!!!!  Thank you so much!!!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 33808742
Excellent - great news.
Thanks for the points
Alan
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question