Exchange 07 451 4.4.0 Primary Target IP address responded 421 4.2.1 unable to connect.

SBS 08 Server routes all outbound mail via smarthost to Postini.  Mail delivery stopped today. The Exchange queue has the error 451 4.4.0 Primary Target IP address responded 421 4.2.1 unable to connect.  Confirmed with Postini that there are no issues and other clients using same setup are working fine.

I cannot telnet to port 25 at all from the server to any mail host. Firewall rules allow all outbound and nothing was changed prior to this happening. Rebooted router, firewall and server. If I remove the smarthost, delivery via DNS to recipient servers also fails (due to no outbound on port 25).  Web browsing works fine from server. DNS resolvers all work fine.  Inbound mail is working fine.  I am stumped.  
kjkaminAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
kjkaminConnect With a Mentor Author Commented:
This ended up being the Sonicwall.  We had to completely blow out the config and redo it to resolve the problem.  Very odd.  Some sort of corruption.
0
 
Viral RathodConsultantCommented:
Since you are unable to telent to port 25 ,Have you checked this with ISP ,ISP might have blocked the port 25 ?
0
 
Viral RathodConsultantCommented:
To check if port 25 is open

Go here
http://www.canyouseeme.org/

Check the status of Port 25 .
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 
kjkaminAuthor Commented:
ISP is Time Warner.  Called them and they verified that their modem is functioning properly and NOT blocking any traffic.

Result:

Success: I can see your service on 69.193.x.x on port (25)
Your ISP is not blocking port 25
0
 
Viral RathodConsultantCommented:
Hmm ....You have also checked the firewall and the firewall is also not blocking the port.

When you telnet from outside 25 Port is not listing ?

Can you the following steps

--Restart the Exchnage Transport Service & Disabled the Antivirus software and then check if you are able to telent to 25 port

Letus know the results.
0
 
kjkaminAuthor Commented:
I've already tried both suggestions. Does not resolve.  Tomorrow we try a new firewall to see if that is the problem.
0
 
getzjdCommented:
You can telnet from other machines on the same network outbound to the rest of the world?
0
 
getzjdCommented:
On port 25 that is...
0
 
kjkaminAuthor Commented:
Thanks. I did not try that.  I am unable to telnet to WAN on port 25 from another computer on the LAN. That narrows it down to either the firewall or the ISP.
0
 
getzjdCommented:
If you can get away with killing the internet connection for a few minutes.  Assign your WAN static IP to a laptop, plug it in , confirm internet connectivity  and try the telnet to another mail server again.  This will eliminate the Firewall possibility.   Not sure if I caught what type of firewall you have.  

p.s. with the time warner cable modem, you may have to cycle the power on it after unplugging it from the firewall and  before plugging it in to the laptop.  
0
 
EmeritusAdminCommented:
Having the exact same issue here, but we have a cisco 2800 router going into a ASA 5520 (100MB Time Warner Circuit).  Outbound SMTP fails anywhere it seems, but from my home PC I can get there OK (Comcast).  Was hoping you had the answer :)  I'll be calling them now to see whats up!
0
 
EmeritusAdminCommented:
My problem ended up being our front end exchange server (has multiple IPs on it so it can have multiple SSL certs) decided to start sending mail out a different IP today, not quite sure why.  This made our ASA start blocking it.  I did talk to TW (not sure if the same TW that does cable) and he mentioned they are in a no-change window right now, so nothing has been modified this week in there production, and they have no filtering going on.

Probably not your problem sadly, but good luck in your search!
0
 
getzjdCommented:
That's why I suggested to hook a machine directly up to the ISP bypassing the firewall :-)     We have 7 Sonicwalls at varioius sites and thankfully have not had any corruption like this on them.  This is good to know though going forward.

Glad you got it going!
0
 
digitapCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0
All Courses

From novice to tech pro — start learning today.