StarfishTech
asked on
421.4.2.1 - Unable to Connect Error
Hello, we have a client running exchange 2007 on an SBS 2008 server. This morning they changed ISP's. We have configured our firewall to use the new IP, netowork information. We are able to receive email, access OWA externally, access VPN and browse the internet fine. However, when we attempt to send mail, the mail queues up with the following error:
451.4.4.0 Primary target IP address responded with "421.4.2.1. Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts or delivery failed to all alternate hosts."
We've already checked with the ISP and they tell us that there are no firewalls on their new modem. We've also verified our firewall - although the outgoing poilcy for email is still there and doesn't need to be changed. Also the MX records are correct and we don't have an SPF record. What could be causing this?
451.4.4.0 Primary target IP address responded with "421.4.2.1. Unable to connect." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts or delivery failed to all alternate hosts."
We've already checked with the ISP and they tell us that there are no firewalls on their new modem. We've also verified our firewall - although the outgoing poilcy for email is still there and doesn't need to be changed. Also the MX records are correct and we don't have an SPF record. What could be causing this?
Can you configure a SPF record? Also, make sure you have the correct reverse name for the outgoing IP.
ASKER
OK, in other words make sure there is a reverse PTR record? We created one but we aren't sure if it has completely replicated. Would an spf record fix the issue even if the PTR record isn't replicated?
No, but many email servers/gatways check for both configurations. It`s important to keep them updated.
There`s no way to speed up the DNS replication. Once started, you should wait.
There`s no way to speed up the DNS replication. Once started, you should wait.
ASKER
OK, well I've done a look on the IP and the domain and it looks like it resolves correctly now. However, we still aren't able to send to lots of domains. I already checked the IP for blacklists - nothing there. I also looked at the header from one domain that we can send to - it seems to look correct. I'm really at a loss as to what is going on here. I guess I will give it more time but I really don't think the PTR record is the problem at this point.
try to check your DNS configuration properly ,forward/lookup reverse lookup .
check the forwarders tab.==>DNS property
delete PTR , create a new one again
is there any recorn in Even Viewer
check the forwarders tab.==>DNS property
delete PTR , create a new one again
is there any recorn in Even Viewer
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
ASKER