Solved

Exchange Error 550 4.4.7 QUEUE.Expired; message expired

Posted on 2011-03-21
10
1,991 Views
Last Modified: 2012-05-11
Scenario:

We are able to send email to all OTHER external domains, with no issue.
"Company A" is one of our clients.  We are unable to send emails to "Company A"
"Company B", another one of our clients, can successfully send email to "Company A"
"Company C", a client of "Company A" is unable to send emails to "Company A"
There are at least 3 known domains that can not send email to "Company A", all other domains work fine.  

When we attempt to send to "Company A", our exchange 2007 server eventually kicks back the following error: #550 4.4.7 QUEUE.Expired; message expired ##

Troubleshooting steps:
Using telnet to connect to the MX address of Company A, on port 25:

My Mail Server & Office ISP (Time Warner) - FAIL
My Office computer & ISP (Time Warner) - FAIL
My Home computer & ISP (AT&T U-Verse) - FAIL
From my phone (Android, on Work Wi-Fi (TW)) - FAIL
From my phone (Android, on Verizon) - SUCCESS
"Company D" (Adams Wells) - SUCCESS
"Company E" (Cincinnati Bell) - SUCCESS

On all of the above, I am able to correctly resolve the DNS of their MX entry.

MXtoolbox.com's diagnostics can successfully connect to "Company A".

I'm running out of ideas on where to look to try an isolate this issue.  As I said, there are other companies who are also unable to send to Company A, so it's not necessarily something wrong on my exchange server.

I've tried to provide as much technical information as possible.

Thank you for your time, and suggestions.
0
Comment
Question by:tholman
  • 6
  • 4
10 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35184319
If you can either post the domain name of company A or email me the info then I can look at their configuration and see if I can find any issues.

I can obscure the details if you post it or you can find my email address in my profile.

Alan
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35184495
Thank you for your email - running some checks now.

Alan
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35184554
Well - I have no idea what sort of system they have receiving their mail but they don't have a standard response to an EHLO command:

220 www.domain.com
ehlo mail.mydomain.co.uk
250 OK
mail from: <me@mydomain.co.uk>
250 OK

The more usual session would go like this:

220 mail.mycustomerdomain.co.uk Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at  Mon, 21 Mar 2011 21:09:52 +0000
ehlo mail.mydomain.co.uk
250-mail.mycustomerdomain.co.uk Hello [87.194.xxx.xxx]
250-TURN
250-SIZE 52428800
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-LINK2STATE
250-XEXCH50
250 OK
mail from: <me@mydomain.co.uk>
250 2.1.0 me@mydomain.co.uk....Sender OK

I would imagine they have something that is restricting the verbs used in the communication flow and this is know to cause mail-flow problems between some mail servers and others.

You might need to setup an SEND Connector for this particular domain and point the connector to your ISP for them to try and deliver the messages.

I feel that the problem is at the recipient end as they are non-standard and may well be shooting themselves in the foot by trying to over-secure their systems in the way they have.

Alan
0
 

Author Comment

by:tholman
ID: 35184580
Alan,

Thank you for your effort and response.

I believe that they have an Exchange server.  I'm not certain what flavor.

Could you provide some advise, or research links for me to follow up with to advise them?

Thanks,
-T
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35184608
If they have an Exchange Server - it is hiding behind something.  Do you know what is receiving their emails because is certainly isn't an Exchange server?

That might give me a clue and might help resolve the issue.

Thanks

Alan
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:tholman
ID: 35184627
I will attempt to obtain that information, and will post it as soon as I have it.

Thanks,
-T
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35184632
Thanks - fingers crossed they let you know.

Alan
0
 

Author Comment

by:tholman
ID: 35190159
Ok, I managed to pry a little bit more information out of their IT department.

They are running Spam Sleuth Enterprise at their edge.  This then passes on to a Mercury Mail server.

He said they are also running PeerBlock 1.1 on their Spam Server.

I have no experience with Spam Sleuth, or PeerBlock, so I'm doing some reading on those now.  

They also told me, that from their end, it seems anyone with this problem uses exchange.  Though I highly doubt all exchange servers have this problem.  

Thanks for the continued assistance,
- T
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 35190253
Well - that doesn't surprise me and guess what I am going to say?

Problem is at their end!!

They need to work with their Anti-Spam provider so that their software can work with an Industry Standard Exchange Server.

The support pages for Spam Sleuth reference Exchange 5.5 and 2000!  Hmmm - looks like a great - up-to-date product!
0
 

Author Comment

by:tholman
ID: 35190772
Indeed.  As I began to prod them with questions regarding their configuration of PeerGuardian (my prime suspect), they informed me they are moving to a hosted email solution this weekend, so the issue should go away.

Thank you for all of your assistance Alan.

- T
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now