Exchange 2007 send failures

WesleyVR used Ask the Experts™
Hi There,

Ever since we migrated to a new ISP we have getting alot of mail failing to send to certain domains. Moslty to South African ( domains with the follwing error:
451.4.4.0 Primary target IP responded with: "421 4.2.1 Unable to connect." Attempted failover to alternate host, but that did no succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.

We were able to send to these users before but since the migration we cannot.

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Are you using DNS to send internet mails or smarthost ?

If DNS, are you able to resolve the mx record and connect to destination smtp server on port 25 ?

If smarthost, are you able to connect to smarthost on port 25 ?


I ma able to resolve the mx record:
nslookup -q=mx

Non-authoritative answer:   MX preference = 10, mail exchanger = mail.gatewayservice      internet address =

i cannot telnet to them on port 25 however:

telnet 25
Connecting To not open connection to the host
, on port 25: Connect failed


yes we are using dns to send
Should you be charging more for IT Services?

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Can you please brief about how you send mails to outside/Internet from your organization. (The mail flow) ?

The server where you run telnet is responsible for sending mails to outside ?

Are you able to send mails to some domains or outgoing mails are completely blocked ?


We have an all in one exchange 2007 server.
We have one internet send connector that uses dns to send mail.

Yes the results I gave you are from the server responsible for outside mail.


yes I am able to send to most domains. There is just a handful of domains that I cannot mail to at all.
If the server your trying to send to uses SPF or DKIM to validate sender identities. You could get that error.  Do you have one of those created in DNS under the forward lookup zone for the mail server?

I would suggest you to get in touch with your ISP to check if they have any issues. I have seen such issues before with ISP.


Yes We do.

This is how our primary domain is setup:
A      mail                   
A      mail1                   
A       @                   
A      www                   
MX         @       10             
TXT       @       v=spf1 mx ~all                   


I have contacted our ISP and they have told me that nothing is wrong on their side.

can you please post few more domains apart from  ?

I just wanna ensure if there is any pattern i can see.


here you go:
Is the PTR record configured to the public IP being used to relay mail.

Sometimes the relay IP is diffrent then mx record IP

to check thruough which IP your exchange is relaying mail send a mail to
it will respond with the IP thru which your exchange is connecting to internet domains.
And after that check check whether y

there are some troubleshooting tips at aol try this
Sorry i did not complete my sentence

And after that check check whether your connecting IP has a PTR record.
Many domain doesnt allow emails from IPs which doesn't have PTR record.

And also enter correct fully qualified domain name in send connector properties under general tab in  "Specify the FQDN this connector will provide in response to HELO or EHLO " field.


looks like im still sending through and old IP

How would I correct this relay to reflect to its correct IP adress?
It has to be configured in your local router or network firewall to route the traffic.


ask your ISP where your domain is registered to create an PTR record for the IP which is used for relaying.


any changes on excahnge? Do I need to configure the send connector?
I have changed the FQDN on it from to
I have PTR records setup with the ISP so it could be a routing issue...
Do you configure router/firewall or there is network team ?

Temporarily if the routing could not be fix ask your ISP( where your domain is registered) to create an PTR record for the relaying IP.


Looks like the issue was with dual IP's on the NIC the old IP is still routing through our old ISP which was causing mail to be rejected as there ar no longer MX's setup on the old address.

Thanks so much for the assistance.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial