nutekconsultants
asked on
#550 4.4.7 QUEUE.Expired; message expired ##
Hi, we have an Exchange 2010 Server that is sending/receiving internal and external emails just fine
Except to 1 external domain.
we get bouncebacks...
*****************
Delivery has failed to these recipients or groups:
Jim Bob (jim.bob@external.com)
The server has tried to deliver this message, without success, and has stopped trying. Please try sending this message again. If the problem continues, contact your helpdesk.
Diagnostic information for administrators:
Generating server: InternalServer.com
jim.bob@external.com
#550 4.4.7 QUEUE.Expired; message expired ##
Original message headers:
Received: from InternalServer.com ([fe80::e19d:ee9a:2363:3cf
InternalServer.com ([fe80::e19d:ee9a:2363:3cf
14.01.0289.001; Wed, 2 Nov 2011 16:58:22 -0400
From: Dave Smith <dave@InternalServer.com>
To: jim.bob@external.com
Subject: test
Thread-Topic: test
Thread-Index: AcyZoidHFxxKXRpLTXea61OF3L
Date: Wed, 2 Nov 2011 20:58:22 +0000
Message-ID: <11BAC54D274E62499BAEFF85D
Accept-Language: en-CA, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.240.211.233]
Content-Type: multipart/alternative;
boundary="_000_11BAC54D274
MIME-Version: 1.0
**************************
I have tried doing a test from the Exchange Server 2010 itself
telnet to the external recepient via telnet will not connect
when typing in there domain name on nslookup, it results back with 2 servers
mail.external.com 25
smtp.external.com 25
but I cannot connect to it via the telnet command
Except to 1 external domain.
we get bouncebacks...
*****************
Delivery has failed to these recipients or groups:
Jim Bob (jim.bob@external.com)
The server has tried to deliver this message, without success, and has stopped trying. Please try sending this message again. If the problem continues, contact your helpdesk.
Diagnostic information for administrators:
Generating server: InternalServer.com
jim.bob@external.com
#550 4.4.7 QUEUE.Expired; message expired ##
Original message headers:
Received: from InternalServer.com ([fe80::e19d:ee9a:2363:3cf
InternalServer.com ([fe80::e19d:ee9a:2363:3cf
14.01.0289.001; Wed, 2 Nov 2011 16:58:22 -0400
From: Dave Smith <dave@InternalServer.com>
To: jim.bob@external.com
Subject: test
Thread-Topic: test
Thread-Index: AcyZoidHFxxKXRpLTXea61OF3L
Date: Wed, 2 Nov 2011 20:58:22 +0000
Message-ID: <11BAC54D274E62499BAEFF85D
Accept-Language: en-CA, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.240.211.233]
Content-Type: multipart/alternative;
boundary="_000_11BAC54D274
MIME-Version: 1.0
**************************
I have tried doing a test from the Exchange Server 2010 itself
telnet to the external recepient via telnet will not connect
when typing in there domain name on nslookup, it results back with 2 servers
mail.external.com 25
smtp.external.com 25
but I cannot connect to it via the telnet command
Papertrip
What are the actual hostnames of the recipient's MX records so we can check if there is an issue on their end?
ASKER
if you go to mxtoolbox and search for fhc-chc.com as the domain...
ASKER
10 mail.fhc-chc.com 76.75.136.253
10 smtp.fhc-chc.com 76.75.136.252
10 smtp.fhc-chc.com 76.75.136.252
So they have 2 MX records with the same weight, but one of them does not respond. I would imagine this is your "problem".
[root@broken ~]# dig mx fhc-chc.com +short
10 mail.fhc-chc.com.
10 smtp.fhc-chc.com.[root@broken ~]# telnet mail.fhc-chc.com 25
Trying 76.75.136.253...
telnet: connect to address 76.75.136.253: Connection timed out
[root@broken ~]# telnet smtp.fhc-chc.com 25
Trying 76.75.136.252...
Connected to smtp.fhc-chc.com.
Escape character is '^]'.
^]
telnet> Connection closed.ASKER
so what needs to be done?
it seems like only our email domain can't send to theres
they can send to us
they keep saying our network/servers are screwy...but we are saying NO...its your issue
it seems like only our email domain can't send to theres
they can send to us
they keep saying our network/servers are screwy...but we are saying NO...its your issue
It is definitely a problem on their side. They need to either remove mail.fhc-chc.com from their MX records, turn on the mailserver at mail.fhc-chc.com (it's not responding), or at the very least change the priority of mail.fhc-chc.com to something higher than smtp.fhc-chc.com so that servers will try to send to that MX first.
ASKER
hmm ok... great thanks for the prompt replies
I very much appreciate it
question - do you think there IT guys did this setup to prevent hackers or security holes?
in my experiences any mail server should be able to connect through telnet mail.mailserver.com 25
we also noticed this and sent this to them not sure if this is of any significance
We’re still having issues with email to fhc-chc.com being undeliverable. We had a similar problem some time ago where people were having trouble sending email to our company domain. The problem is with your dns records - your PTR record does not match your mail server name. Your ptr record for your mail server IP is ptr.ssha.ca but your mail server name is mail.fhc-chc.com. Many mail servers will try to perform a reverse DNS lookup on your mail server before delivery but because of your configuration it will fail and the message will be returned as undeliverable. To fix this issue you need to submit a ptr change request to vendor of ptr.ssha.ca to have your ptr record changed to mail.fhc-chc.com.
I very much appreciate it
question - do you think there IT guys did this setup to prevent hackers or security holes?
in my experiences any mail server should be able to connect through telnet mail.mailserver.com 25
we also noticed this and sent this to them not sure if this is of any significance
We’re still having issues with email to fhc-chc.com being undeliverable. We had a similar problem some time ago where people were having trouble sending email to our company domain. The problem is with your dns records - your PTR record does not match your mail server name. Your ptr record for your mail server IP is ptr.ssha.ca but your mail server name is mail.fhc-chc.com. Many mail servers will try to perform a reverse DNS lookup on your mail server before delivery but because of your configuration it will fail and the message will be returned as undeliverable. To fix this issue you need to submit a ptr change request to vendor of ptr.ssha.ca to have your ptr record changed to mail.fhc-chc.com.
question - do you think there IT guys did this setup to prevent hackers or security holes?There are some things you can do with MX records to try and honeypot spammers and things like that, but if that is the case they are doing it wrong.
Your sending server should still be trying to hit the other MX record, so aside from their problem you could have one as well. Make sure your mail server sees both of their MX records, check logs to see if your server attempted to send to both MX's.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Im just checking my server log to ensure my Exchange 2010 server sees both his MX records
how and where do I check to see if my server attempted to send to both there MX records?
I just sent them a test email from my Outlook client, I went to Exchange management console and in queue viewer but there it does not show any details of which MX it tries to send to.
only shows the recipient email addres... I must be in the wrong area...
how and where do I check to see if my server attempted to send to both there MX records?
I just sent them a test email from my Outlook client, I went to Exchange management console and in queue viewer but there it does not show any details of which MX it tries to send to.
only shows the recipient email addres... I must be in the wrong area...
ASKER
I have not been able to identify if my mail server can see those MX records
where and how can I do this?
queue viewer does not show this in detail
where and how can I do this?
queue viewer does not show this in detail
You have to ask them to add your email domain address to their allowed list.