Solved

Email stuck in Exchange 2010 queue

Posted on 2010-11-23
13
761 Views
Last Modified: 2012-05-10
I have an Exchange 2010 SP1 w/Update Rollup 1 installed.  Everything seems to be working fine, but i have one message stuck in the queue.  The error is 451 Could not complete recipient verify callout  

I tried to google this, but didn't find any real helpful info.  I've not seen this one before.  Is this a config problem on my end and, if so, how do i fix it?  All other outbound messages are going out to other domains without issue or delay.  Normally, i wouldn't worry about a single message, but this one is being sent from our organization's President and he will want to know why his email is delayed/not delivered...

Thanks,
Johnny Holston
0
Comment
Question by:jdholston
  • 7
  • 6
13 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34196640
It sounds like you are not configured correctly and the destination server is rejecting your mail server as a result.

You need to make sure you have Reverse DNS setup on your Fixed IP Address and that Reverse DNS Name needs to resolve back in DNS to the same IP Address.

You need to make sure your FQDN on your send connector matches your Reverse DNS name and resolves back to itself.  If your FQDN ends .local - it will fail some tests on some servers as .local is not internet routable and thus does not resolve in DNS.

You also need to make sure you are not blacklisted on any IP Blacklist sites and you can check on http://www.mxtoolbox.com/blacklists.aspx

If you would like me to do some checking for you - please post just your domain name and sending IP address (which I will hide to protect your identity).

Alan
0
 

Author Comment

by:jdholston
ID: 34197692
Alan,

Thanks for the response.  We do have Reverse DNS and DNS settings are setup.  I did neglect to mention that we were using a smarthost on our send connector pointing to Postini.  We just changed the configuration last night to use DNS MX lookup instead as per Postini recommendation.  On the send connector i have the Use the External DNS Lookup settings on the transport server checked on the Network tab.  Then on the Properties of the HT server, i have checked the Use these DNS servers and added the Postini DNS servers assigned to our system.  I assumed that since our emails are being relayed through Postini, that i didn't need to list the FQDN on the send connector.  Is this a wrong assumption?  

Thanks,
Johnny
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34198102
If you relay your mail to Postini - they will probably just accept mail from your IP address and won't worry about your FQDN.

Now you are sending out mail directly - you will need a properly named FQDN and if this is not correct - it will fail to some domains.

Do you want to try and send me a test message to alan @ it-eye.co.uk and I will see what our Anti-Spam software makes of you!

Alan
0
 

Author Comment

by:jdholston
ID: 34198833
Will do.  It will come from jdholston@kennedy-center.org...
0
 

Author Comment

by:jdholston
ID: 34198908
I sent an email to that address and it initially was held up with a 451 message to try again in a few minutes.  After a couple of refreshes, the message was sent out and i got your auto reply...

Not sure what you mean by your second paragraph.  We are not sending out directly.  We are sending out through Postini based on the header information of emails that i send to my hotmail account.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34200617
You will get a delay on our mail server as we use Vamsoft ORF and have Greylisting enabled - so you will get an initial rejection, but should get a happy connection the second time around.

Checking things now - back shortly.
0
Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34200712
Okay - Your FQDN matches your Reverse DNS and also resolves back to the IP Address that you are sending from.  All looks to be in order.

Checking your sending IP address on www.mxtoolbox.com/blacklists.aspx return a listing on Backscatterer.org which tells me that you are sending out Non Delivery Reports to spammers.  This can be resolved by enabling Recipient Filtering on your server by running the following command:

Set-RecipientFilterConfig -Enabled $true

Then once you have issued that command - visit http://www.backscatterer.org/?target=test and test your IP - which should result in a hit.  They will auto de-list you after 4 weeks of not receiving Backscatter - so you can only automatically get de-listed on the 16th December unless you want to be removed earlier by paying €70!
0
 

Author Comment

by:jdholston
ID: 34205756
When i put my IP on the mxtoolbox site, everything came back green/OK including Backscatter.org.  I went to their site and put in my IP and it says that we are not currently listed.  I haven't run the Set-RecipientFilterConfig command yet.  What IP did you use?

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34205836
I used the IP address listed on my mail server from the email you sent me!
0
 

Author Comment

by:jdholston
ID: 34206067
I ran the command on my HT server and the response back was "The command completed successfully but no setting of 'RecipientFilterConfig' have been modified."  which i guess means that it was already set...

I checked the queues last night when i got home and found that there was a second message to the same address which also had the same error message.  I checked back about 10 minutes later and the queue in question was gone.  I don't know if that means that the messages were finally sent or returned.  Correct me if I'm wrong, but if there were two messages in that queue that were sent 6 hours apart and the first one was finally rejected, wouldn't the second one still be in the queue until the timeout period expired on that one?  If that is the case, then I would assume that the messages were sent and not rejected.  Maybe they did something on the recipient end??
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 34209513
It sounds like your emails have left your server now happily.

>> if there were two messages in that queue that were sent 6 hours apart and the first one was finally rejected, wouldn't the second one still be in the queue until the timeout period expired on that one <<

Yes - if one was sent 6 hours later and they are both gone - that says to me that the messages have left not been returned undeliverable as the second message would sit for another 6 hours until timeout.

It is possible that something at the receiving end changed.  One of those weird ones you probably will never know the answer to.

If nothing changed you end and the mail is now flowing - then the assumption can only be that something changed externally to your server.
0
 

Author Closing Comment

by:jdholston
ID: 34209589
Thanks, Alan, for all your assistance and patience...
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34209595
You are most welcome.

Thanks for the points.  Hope the mail keeps flowing happily.

Alan
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Resolve DNS query failed errors for Exchange
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now