Email fails to specific domain with '421 4.2.1 Unable to connect'

Posted on 2013-11-14
Medium Priority
Last Modified: 2013-11-19
We have a simple Exchange 2010 single server setup. Everything has been running fine for years. We have one domain that we are attempting to send an email to that fails. All other emails are flowing fine. The error in the queue is:

451 4.4.0 Primary target IP address responded with: '421 4.2.1 Unable to connect' Attempred failover to alternate host, but did not succeed. Either there are no alternate host, or delivery failed to alternate hosts.

The last successful message to this domain was about 8 weeks ago. I can do an nslookup on the MX records and see them there. I have done an mxtoolbox.com backlist check on my domain and that is coming back fine.


Question by:GlennCameron
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39649846
The usual thing is to 'telnet' to their mailserver and see if it responds.  Or if there is a contact email address, you could try to send them an email thru Yahoo or Gmail to see if they're still there.

Author Comment

ID: 39649881
I cannot telnet to the mail server. I get 'Connecting to xxxx' then 'Connect failed'.
FYI the domain is a US state government department so they're still there :-)
Their IT is saying that's its an issue on our server.


Assisted Solution

lindento earned 400 total points
ID: 39649906

check that your DNS is resolving the MX records correctly, easy check for this is do an mxtoolbox.com mx check.

If you try to telnet their listed mx on port 25 and can't reach it,
you need to rule out firewall on your end blocking access to their IP.
Also try telnetting to that mailserver from outside your company network(effectifly testing if firewalls are limiting you)

Best Regards
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.


Author Comment

ID: 39649919
I have done the mxtoolbox.com mx check and they appear to be correct. Was going to try the telnet from home tonight.


Author Comment

ID: 39652198
I cannot telnet to the server either inside my corporate network or at home. Two completely different ISPs and of course no firewall at home.
LVL 83

Accepted Solution

Dave Baldwin earned 1600 total points
ID: 39652331
Sounds to me like that server is not working or available anymore.  The fact that it is still listed in DNS does not mean that it is available.  You would have to find an alternate method of contacting them to find out what is happening.

Author Closing Comment

ID: 39661148
The destination company finally admitted that they were blocking the traffic.
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39661187
Interesting.  Did they say why?

Author Comment

ID: 39661195
Spam attack from somewhere in China so they have put a lot more restrictions in place. You would of thought that they could have told us that when we first raised the issue!

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have encountered the following problem while installing and configuring a Microsoft Search Server (actually it was a MSSO Express 2008, but I think it is applicable to other versions as well). Since I did not find an answer and I found an original…
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question