• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1207
  • Last Modified:

Cant send mail from our domain to Gmail accounts.

Our domain can't send mail to any Gmail account anymore.
We just get the following error bounces back to us.

mx.google.com #530-5.5.1 Authentication Required. Learn more at 530 5.5.1
http : // mail. google .com /support/bin/ answer.py?answer=14257n7sm3995390ano.17 ##
(added som spaces since im not allowed to post url's yet
I have testet our DNS settings with MXtoolbox.com
I have testet our Sender ID and SPF files.
I can connect to all the gmail mx servers with telnet.

I have restarted the server.

Same error in outlook 2007,2010 or OWA.
This started after a upgrade to SP3.

Can anyone help me??

Thanks in advanced.
0
ITengineer
Asked:
ITengineer
  • 14
  • 8
  • 3
  • +3
1 Solution
 
PapertripCommented:
Are you a Google Apps customer?  It looks like you are trying to relay through Google without using SMTP AUTH.
0
 
ITengineerAuthor Commented:
Hi.
I'm not a Gapps customer.
We are running our own exchange 2007 server.
I am using a self signed cert.
have tried changing it but no luck
0
 
Allen FalconCEO & Pragmatic EvangelistCommented:
Some diagnostic questions:

Is the trouble sending email to all @gmail.com addresses, to domains that use Google Apps, or both?

Are you using anything for outbound spam/virus filtering?

Do you have TLS encryption enabled on your server?

Upgrade to SP3 on the server?

Allen
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
ITengineerAuthor Commented:
HI.
All gmail accounts.. Have not testet to google apps domains.. not shure what domains are gapps.

No outbound filtering.(yet)
TLS is enabled on the server.
The server has sp3 and the latest patches.
0
 
PapertripCommented:
Where did the mx.google.com come from in your example?  There is no A record for mx.google.com.  Can we see the full headers and/or full NDR please.
[root@broken ~]# dig mx.google.com

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6_0.1 <<>> mx.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15455
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;mx.google.com.         IN      A

;; AUTHORITY SECTION:
google.com.           39        IN  SOA ns1.google.com. dns-admin.google.com. 1466372 7200 1800 1209600 300

Open in new window

0
 
PapertripCommented:
Are you trying to relay through Google SMTP?  I had forgotten that mx.google.com is the HELO name of smtp.google.com
0
 
Alan HardistyCommented:
Please post the output from the following EMS command:

get-sendconnector | fl
0
 
ITengineerAuthor Commented:
Alanhardisty:
her is the output:

AddressSpaces                : {SMTP:*;1}
AuthenticationCredential     :
Comment                      :
ConnectedDomains             : {}
ConnectionInactivityTimeOut  : 00:10:00
DNSRoutingEnabled            : True
DomainSecureEnabled          : True
Enabled                      : True
ForceHELO                    : False
Fqdn                         : pat.prediktor.no
HomeMTA                      : Microsoft MTA
HomeMtaServerId              : PAT
Identity                     : internet
IgnoreSTARTTLS               : False
IsScopedConnector            : False
IsSmtpConnector              : True
LinkedReceiveConnector       :
MaxMessageSize               : unlimited
Name                         : internet
Port                         : 25
ProtocolLoggingLevel         : Verbose
RequireTLS                   : False
SmartHostAuthMechanism       : None
SmartHosts                   : {}
SmartHostsString             :
SourceIPAddress              : 0.0.0.0
SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers       : {PAT}
UseExternalDNSServersEnabled : False


Papertrip:
No not trying to relay trough google smtp. Just send mail to them.
0
 
Hendrik WieseCommented:
Have you tried adding google to you white list?
0
 
ITengineerAuthor Commented:
Not shure how that will help. I recive mail from google with no problem.
It's just sending to them that don't work
0
 
ITengineerAuthor Commented:
Patertrip:
Her is the full header
MIME-Version: 1.0
From: <MicrosoftExchange329e71ec88ae4615bbc36ab6ce41109e@prediktor.no>
To: <sveinung.otterstad.christophersen@prediktor.no>
Date: Thu, 27 Oct 2011 10:57:34 +0200
Content-Type: multipart/report; report-type=delivery-status;
	boundary="b58ccf46-adfd-458e-8c48-a73dc88d2a9c"
X-MS-Exchange-Organization-SCL: -1
Content-Language: nb-NO
Message-ID: <56098667-094d-439b-b6a7-5306d72ea3d6>
In-Reply-To: <3F466DDF09A55D46858FC39B22DE56F254FB6325D9@pat.prediktor.no>
References: <3F466DDF09A55D46858FC39B22DE56F254FB6325D9@pat.prediktor.no>
Thread-Topic: test test 
Thread-Index: AcyUhnNcnzKguoYORxieGvE0q1n3XAAAATDM
Subject: Kan ikke leveres: test test 

Open in new window

0
 
Alan HardistyCommented:
Can you deselect Enable Domain Security (Mutual Auth TLS) on the Network Tab of the Send Connector and then restart the Microsoft Exchange Transport Service and then test sending again please.
0
 
ITengineerAuthor Commented:
I did find something strange tho.
When i send mail to gmail accounts i monitored the nettwork traffic on the exchange server and found that its connecting to.
ghs-vip-gx-c114.ghs-ssl.googlehosted.com [72.14.247.114]

I can't fin that address in any of the mx records for gmail on a mx query:

Pref      Hostname      IP Address      TTL            
5      gmail-smtp-in.l.google.com      74.125.47.27      60 min
10      alt1.gmail-smtp-in.l.google.com      74.125.113.27      60 min
20      alt2.gmail-smtp-in.l.google.com      209.85.143.27      60 min
30      alt3.gmail-smtp-in.l.google.com      209.85.229.27      60 min
40      alt4.gmail-smtp-in.l.google.com      74.125.79.27      60 min

could this be the problem?
0
 
Alan HardistyCommented:
Please follow my advice above.
0
 
ITengineerAuthor Commented:
AlanHardistry.. I have tried.. no help.. Im gonna do a server restart this evening. (can't kill mail in the working hours).
0
 
Alan HardistyCommented:
It won't kill it for more than it takes to restart the Transport Service - which is worst case a couple of minutes - but it is your call.
0
 
Rodney BarnhardtServer AdministratorCommented:
Do you have a registered reverse DNS record to a FQDN for your email server? That has been an issue with AOL in the past since they require it. While this is really for bulk senders, here are the guidelines for sending emails to Google.

http://mail.google.com/support/bin/answer.py?answer=81126

0
 
ITengineerAuthor Commented:
alanharisty.. have done a restart of the server.. still not able to send to gmail.

rbarnhardt: If you do a ping-a on 81.166.54.42 you get. pat.prediktor.no

0
 
Alan HardistyCommented:
Please output the result of:

get-sendconnector | fl

again.

Thanks
0
 
ITengineerAuthor Commented:
AddressSpaces                : {SMTP:*;1}
AuthenticationCredential     :
Comment                      :
ConnectedDomains             : {}
ConnectionInactivityTimeOut  : 00:10:00
DNSRoutingEnabled            : True
DomainSecureEnabled          : False
Enabled                      : True
ForceHELO                    : False
Fqdn                         : pat.prediktor.no
HomeMTA                      : Microsoft MTA
HomeMtaServerId              : PAT
Identity                     : internet
IgnoreSTARTTLS               : False
IsScopedConnector            : False
IsSmtpConnector              : True
LinkedReceiveConnector       :
MaxMessageSize               : unlimited
Name                         : internet
Port                         : 25
ProtocolLoggingLevel         : Verbose
RequireTLS                   : False
SmartHostAuthMechanism       : None
SmartHosts                   : {}
SmartHostsString             :
SourceIPAddress              : 0.0.0.0
SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers       : {PAT}
UseExternalDNSServersEnabled : False


0
 
Alan HardistyCommented:
Okay - all looks good from an RFC compliancy issue.  Are you getting same errors from gmail?
0
 
ITengineerAuthor Commented:
yea.. its consistand what ever gmail account im trying to send to. even if i do a reply on a message sendt from Gmail to me..
0
 
ITengineerAuthor Commented:
I checked the transport connectivity logg and fount this:
<,220 mx.google.com ESMTP x3sm51322622anl.6,
>,EHLO pat.prediktor.no,
<,"250-mx.google.com at your service, [81.166.54.42]",
<,250-SIZE 35882577,
<,250-8BITMIME,
<,250-STARTTLS,
<,250 ENHANCEDSTATUSCODES,
>,STARTTLS,
<,220 2.0.0 Ready to start TLS,
*,,Sending certificate
*,"CN=pat.prediktor.no, OU=IT, O=Prediktor AS, L=Gml Fredrikstad, S="""", C=no",Certificate subject
*,"CN=pat.prediktor.no, OU=IT, O=Prediktor AS, L=Gml Fredrikstad, S="""", C=no",Certificate issuer name
*,EE99027914DE9C8746C0EF9B2287989A,Certificate serial number
*,EF54002BF3F33FC8005C6D009530CDD4796B49CB,Certificate thumbprint
*,pat.prediktor.no;PAT;autodiscover.prediktor.no;autodiscover.prediktor.cn;autodiscover.prediktor.com.cn;autodiscover.prediktor.de;autodiscover.prediktor.se;autodiscover.prediktor.fr;autodiscover.netrafter.no,Certificate alternate names
*,,Received certificate
*,DBA02A0700F9E3237D07E7523C959DE67E12543F,Certificate thumbprint
,>,EHLO pat.prediktor.no,
<,"250-mx.google.com at your service, [81.166.54.42]",
,<,250-SIZE 35882577,
<,250-8BITMIME,
<,250-AUTH LOGIN PLAIN XOAUTH,
,<,250 ENHANCEDSTATUSCODES,
,*,2106,sending message
>,MAIL FROM:<sveinung.otterstad.christophersen@prediktor.no> SIZE=13079,
<,530-5.5.1 Authentication Required. Learn more at                              ,
<,530 5.5.1 http://mail.google.com/support/bin/answer.py?answer=14257 x3sm51322622anl.6,
>,QUIT,
<,221 2.0.0 closing connection x3sm51322622anl.6,
,-,,Local

Open in new window

It must be my cert.. but its a self signed one.
and i think that should work..?
0
 
Alan HardistyCommented:
Your SEND Connector is sending a STARTTLS command and shouldn't be (there is no need), and using a self-issued SSL certificate with Exchange 2007 is not in the least bit recommended as it won't be trusted by anyone.

Can you disable your current SEND Connector and create a new one with similar settings - then try sending to gmail.com again please.
0
 
ITengineerAuthor Commented:
I created a new on but i still got the same error.
AddressSpaces                : {SMTP:*;1}
AuthenticationCredential     :
Comment                      :
ConnectedDomains             : {}
ConnectionInactivityTimeOut  : 00:10:00
DNSRoutingEnabled            : True
DomainSecureEnabled          : False
Enabled                      : True
ForceHELO                    : False
Fqdn                         :
HomeMTA                      : Microsoft MTA
HomeMtaServerId              : PAT
Identity                     : Internet2
IgnoreSTARTTLS               : False
IsScopedConnector            : True
IsSmtpConnector              : True
LinkedReceiveConnector       :
MaxMessageSize               : 10MB
Name                         : Internet2
Port                         : 25
ProtocolLoggingLevel         : None
RequireTLS                   : False
SmartHostAuthMechanism       : None
SmartHosts                   : {}
SmartHostsString             :
SourceIPAddress              : 0.0.0.0
SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers       : {PAT}
UseExternalDNSServersEnabled : False

Open in new window

0
 
ITengineerAuthor Commented:
I have solved this my self by circumventing the problem and using a smarthost.
This is no longer a problem.
0
 
Alan HardistyCommented:
That is always the workaround solution.  Doesn't solve the problem, but it does make it work.
0
 
ITengineerAuthor Commented:
I solved this my self. no points awarded. But thanks for the help.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 14
  • 8
  • 3
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now