no MXs for this domain could be reached at this time

Hi

We are having some issues with our email.

We receive the following error at our external smarthost/anti-spam/security -mail provider comendo:
"421 4.4.0 [internal] no MXs for this domain could be reached at this time [ec5] "
This is for inbound mail.
This only happens for about a 1/3 of the emails.

Been on the support line to comendo and they tell us:
We receive mail and attempt to resend them to your email-server which appear to be very slow in responding. Reboot your mail-server and check the disk capacity.

Rebooted, and checked the disk capacity, which is ok. Also checked the log for errors, could not find any. Our email-server is not using any more resources RAM/CPU than normal.
Our mail server: Exchange 2010, 2008 R2.

Testet with Microsoft RCA inbound SMTP, some attempts is OK, other attempts I receive these two error messages:
(RCA delivers the error messages in my native language, a few parts is translated)


Attempting to send a test e-mail message to username@maildomain.com with MX gw2.security.comendo.com.
  Delivery of test e-mail message failed.
 
 Additional Details
 
The server returned with status code 450 - Mailbox unavailable. The server response was: Unavailable (cl:001) [18/6A-13774-4258E425]
Exception Details:
Message: Mailbox unavailable. The server response was: Unavailable (cl:001) [18/6A-13774-4258E425]
Type: System.Net.Mail.SmtpException
Stack Trace:
 at System.Net.Mail.DataStopCommand.CheckResponse(SmtpStatusCode statusCode, String serverResponse)
 at System.Net.Mail.DataStopCommand.Send(SmtpConnection conn)
 at System.Net.Mail.SmtpClient.Send(MailMessage message)
 at Microsoft.Exchange.Tools.ExRca.Tests.SmtpMessageTest.PerformTestReally()


used time: 1280 ms
 



Attempting to send a test e-mail message to username@maildomain.com with MX gw1.security.comendo.com.
  Delivery of test e-mail message failed.
 
Additional Details
 
The server returned with status code 451 - Error in processing. The server response was: antivirus daemon offline, try again later
Exception Details:
Message: Error in processing. The server response was: antivirus daemon offline, try again later
Type: System.Net.Mail.SmtpException
Stack Trace:
 at System.Net.Mail.DataStopCommand.CheckResponse(SmtpStatusCode statusCode, String serverResponse)
 at System.Net.Mail.DataStopCommand.Send(SmtpConnection conn)
 at System.Net.Mail.SmtpClient.Send(MailMessage message)
 at Microsoft.Exchange.Tools.ExRca.Tests.SmtpMessageTest.PerformTestReally()


used time: 1079 ms.  
 


Could anyone suggest our next step in finding the culprit for this error ?

Regards
Len.
LenblockAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

KimputerCommented:
Can you do a traceroute to gw1.security.comendo.com and gw2.security.comendo.com ? Are those the two servers connecting to your SMTP ?
0
Kash2nd Line EngineerCommented:
have you got any kind of third party who filters your email i.e: GFI, sophos etc. it may be that email address need adding to those or your server address needs adding to safe list.
0
LenblockAuthor Commented:
Hi

We have use 3 MX records which we use:
gw1.security.comendo.com
gw2.security.comendo.com
gw5.security.comendo.com

Traceroute and ping is not allowed to gw1.security.comendo.com and gw2.security.comendo.com, you can traceroute and ping to gw5.security.comendo.com.

Comendo is our third party external who filters our mail.

Also, the problem arose yesterday. Until then, it has worked fine. No issues whatsoever.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

KimputerCommented:
Why is it not allowed ? It's a bit hard to diagnose the problem that way.
I do see gw5 takes a complete other route (gw1 and gw2 route pass hq.comendo.com, gw5 does not). If you have control over your MX records, then try to set gw5 as the lowest number (= highest priority).
0
LenblockAuthor Commented:
I will ask Comendo why it's not allowed.

Will change our MX record to:
PRI  MX Host
40   gw1.security.comendo.com
30   gw2.security.comendo.com
10   gw5.security.comendo.com
0
LenblockAuthor Commented:
The solution has been found

We were not warned that they would add another public IP address to handle email, and hence we could not retrieve email when that IP handled the mail...
Added an exception in our firewall and email is flowing again like it should, thnx for the suggestions:)

Regards
Len
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LenblockAuthor Commented:
Third party email filter fault for not warning us about adding a new public IP
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.