Solved

Email stuck in Exchange 2010 queue

Posted on 2010-11-23
13
792 Views
Last Modified: 2012-05-10
I have an Exchange 2010 SP1 w/Update Rollup 1 installed.  Everything seems to be working fine, but i have one message stuck in the queue.  The error is 451 Could not complete recipient verify callout  

I tried to google this, but didn't find any real helpful info.  I've not seen this one before.  Is this a config problem on my end and, if so, how do i fix it?  All other outbound messages are going out to other domains without issue or delay.  Normally, i wouldn't worry about a single message, but this one is being sent from our organization's President and he will want to know why his email is delayed/not delivered...

Thanks,
Johnny Holston
0
Comment
Question by:jdholston
  • 7
  • 6
13 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34196640
It sounds like you are not configured correctly and the destination server is rejecting your mail server as a result.

You need to make sure you have Reverse DNS setup on your Fixed IP Address and that Reverse DNS Name needs to resolve back in DNS to the same IP Address.

You need to make sure your FQDN on your send connector matches your Reverse DNS name and resolves back to itself.  If your FQDN ends .local - it will fail some tests on some servers as .local is not internet routable and thus does not resolve in DNS.

You also need to make sure you are not blacklisted on any IP Blacklist sites and you can check on http://www.mxtoolbox.com/blacklists.aspx

If you would like me to do some checking for you - please post just your domain name and sending IP address (which I will hide to protect your identity).

Alan
0
 

Author Comment

by:jdholston
ID: 34197692
Alan,

Thanks for the response.  We do have Reverse DNS and DNS settings are setup.  I did neglect to mention that we were using a smarthost on our send connector pointing to Postini.  We just changed the configuration last night to use DNS MX lookup instead as per Postini recommendation.  On the send connector i have the Use the External DNS Lookup settings on the transport server checked on the Network tab.  Then on the Properties of the HT server, i have checked the Use these DNS servers and added the Postini DNS servers assigned to our system.  I assumed that since our emails are being relayed through Postini, that i didn't need to list the FQDN on the send connector.  Is this a wrong assumption?  

Thanks,
Johnny
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34198102
If you relay your mail to Postini - they will probably just accept mail from your IP address and won't worry about your FQDN.

Now you are sending out mail directly - you will need a properly named FQDN and if this is not correct - it will fail to some domains.

Do you want to try and send me a test message to alan @ it-eye.co.uk and I will see what our Anti-Spam software makes of you!

Alan
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:jdholston
ID: 34198833
Will do.  It will come from jdholston@kennedy-center.org...
0
 

Author Comment

by:jdholston
ID: 34198908
I sent an email to that address and it initially was held up with a 451 message to try again in a few minutes.  After a couple of refreshes, the message was sent out and i got your auto reply...

Not sure what you mean by your second paragraph.  We are not sending out directly.  We are sending out through Postini based on the header information of emails that i send to my hotmail account.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34200617
You will get a delay on our mail server as we use Vamsoft ORF and have Greylisting enabled - so you will get an initial rejection, but should get a happy connection the second time around.

Checking things now - back shortly.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34200712
Okay - Your FQDN matches your Reverse DNS and also resolves back to the IP Address that you are sending from.  All looks to be in order.

Checking your sending IP address on www.mxtoolbox.com/blacklists.aspx return a listing on Backscatterer.org which tells me that you are sending out Non Delivery Reports to spammers.  This can be resolved by enabling Recipient Filtering on your server by running the following command:

Set-RecipientFilterConfig -Enabled $true

Then once you have issued that command - visit http://www.backscatterer.org/?target=test and test your IP - which should result in a hit.  They will auto de-list you after 4 weeks of not receiving Backscatter - so you can only automatically get de-listed on the 16th December unless you want to be removed earlier by paying €70!
0
 

Author Comment

by:jdholston
ID: 34205756
When i put my IP on the mxtoolbox site, everything came back green/OK including Backscatter.org.  I went to their site and put in my IP and it says that we are not currently listed.  I haven't run the Set-RecipientFilterConfig command yet.  What IP did you use?

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34205836
I used the IP address listed on my mail server from the email you sent me!
0
 

Author Comment

by:jdholston
ID: 34206067
I ran the command on my HT server and the response back was "The command completed successfully but no setting of 'RecipientFilterConfig' have been modified."  which i guess means that it was already set...

I checked the queues last night when i got home and found that there was a second message to the same address which also had the same error message.  I checked back about 10 minutes later and the queue in question was gone.  I don't know if that means that the messages were finally sent or returned.  Correct me if I'm wrong, but if there were two messages in that queue that were sent 6 hours apart and the first one was finally rejected, wouldn't the second one still be in the queue until the timeout period expired on that one?  If that is the case, then I would assume that the messages were sent and not rejected.  Maybe they did something on the recipient end??
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 34209513
It sounds like your emails have left your server now happily.

>> if there were two messages in that queue that were sent 6 hours apart and the first one was finally rejected, wouldn't the second one still be in the queue until the timeout period expired on that one <<

Yes - if one was sent 6 hours later and they are both gone - that says to me that the messages have left not been returned undeliverable as the second message would sit for another 6 hours until timeout.

It is possible that something at the receiving end changed.  One of those weird ones you probably will never know the answer to.

If nothing changed you end and the mail is now flowing - then the assumption can only be that something changed externally to your server.
0
 

Author Closing Comment

by:jdholston
ID: 34209589
Thanks, Alan, for all your assistance and patience...
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34209595
You are most welcome.

Thanks for the points.  Hope the mail keeps flowing happily.

Alan
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question