[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5684
  • Last Modified:

Your message wasn't delivered because of security policies 5.7.0 TLS encryption required Exchange 2007

Dear all;

I have the following issue with one of our clients:

The issue happens with one external domain only "network-health.org", when users are trying to send emails to this domain they receive the following NDR:

Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
 
The following organization rejected your message: mxa-000e3401.gslb.pphosted.com.
 
Diagnostic information for administrators:
 
Generating server: mailx.centerlw.org
 
Jennifer.Cascio@network-health.org
mxa-000e3401.gslb.pphosted.com #<mxa-000e3401.gslb.pphosted.com #5.7.0 smtp; 503 5.7.0 TLS encryption required> #SMTP#
 
Original message headers:
 
Return-Path: <cenriquez@CenterLW.org>
Received: from mailx.centerlw.org (localhost.localdomain [127.0.0.1])
        by localhost (Email Security Appliance) with SMTP id 116364386BC_2E02084B
        for <Jennifer.Cascio@network-health.org>; Wed, 22 Jan 2014 19:48:20 +0000 (GMT)
Received: from mail.centerlw.org (clw-mail.centerlw.org [192.168.254.7])
        by mailx.centerlw.org (Sophos Email Appliance) with ESMTP id E49B94385FC_2E02082F
        for <Jennifer.Cascio@network-health.org>; Wed, 22 Jan 2014 19:48:18 +0000 (GMT)
Received: from CLW-MAIL.centerlw.org ([::1]) by CLW-MAIL.centerlw.org ([::1])
 with mapi; Wed, 22 Jan 2014 14:45:42 -0500
From: Carlos Enriquez <cenriquez@CenterLW.org>
To: "Cascio, Jennifer" <Jennifer.Cascio@network-health.org>
Date: Wed, 22 Jan 2014 14:45:40 -0500
Subject: RE: Member getting PCA services
Thread-Topic: Member getting PCA services
Thread-Index: Ac8XpsffH9a/YO7HTXygaN/wleZ+SgAA4sOA
Message-ID: <23FF1E7E9A04A84FB5CE4563808DD9E41FE5A81B6E@CLW-MAIL.centerlw.org>
References: <4FF21B15361C864DBAF26D82CD4ABE640523323168@exchange01.nwhsc.org>
In-Reply-To: <4FF21B15361C864DBAF26D82CD4ABE640523323168@exchange01.nwhsc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain
MIME-Version: 1.0

SMTPDiag results:

C:\SmtpDiag>smtpdiag cmotyka@Centerlw.org jennifer.cascio@network-health.org /V

Searching for Exchange external DNS settings.
Computer name is CLW-MAIL.
VSI 1 has the following external DNS servers:
There are no external DNS servers configured.

Checking SOA for network-health.org.
Checking external DNS servers.
Checking internal DNS servers.

Checking TCP/UDP SOA serial number using DNS server [192.168.254.7].
TCP test succeeded.
UDP test succeeded.
Serial number: 72

Checking TCP/UDP SOA serial number using DNS server [192.168.254.11].
TCP test succeeded.
UDP test succeeded.
Serial number: 72

Checking TCP/UDP SOA serial number using DNS server [127.0.0.1].
TCP test succeeded.
UDP test succeeded.
Serial number: 72
SOA serial number match: Passed.

Checking local domain records.
Starting TCP and UDP DNS queries for the local domain. This test will try to
validate that DNS is set up correctly for inbound mail. This test can fail for
3 reasons.
    1) Local domain is not set up in DNS. Inbound mail cannot be routed to
local mailboxes.
    2) Firewall blocks TCP/UDP DNS queries. This will not affect inbound mail,
but will affect outbound mail.
    3) Internal DNS is unaware of external DNS settings. This is a valid
configuration for certain topologies.
Checking MX records using TCP: Centerlw.org.
  A:     Centerlw.org [192.168.254.2]
  A:     Centerlw.org [192.168.254.11]
  A:     Centerlw.org [192.168.254.7]
  A:     Centerlw.org [192.168.254.3]
Checking MX records using UDP: Centerlw.org.
  A:     Centerlw.org [192.168.254.7]
  A:     Centerlw.org [192.168.254.11]
  A:     Centerlw.org [192.168.254.3]
  A:     Centerlw.org [192.168.254.2]
Both TCP and UDP queries succeeded. Local DNS test passed.

Checking remote domain records.
Starting TCP and UDP DNS queries for the remote domain. This test will try to
validate that DNS is set up correctly for outbound mail. This test can fail for
3 reasons.
    1) Firewall blocks TCP/UDP queries which will block outbound mail. Windows
2000/NT Server requires TCP DNS queries. Windows Server 2003 will use UDP
queries first, then fall back to TCP queries.
    2) Internal DNS does not know how to query external domains. You must
either use an external DNS server or configure DNS server to query external
domains.
    3) Remote domain does not exist. Failure is expected.
Checking MX records using TCP: network-health.org.
  MX:    mailgw01.network-health.org (10)
  MX:    mxa-000e3401.gslb.pphosted.com (2)
  MX:    mxb-000e3401.gslb.pphosted.com (4)
  A:     mailgw01.network-health.org [131.239.33.10]
Checking MX records using UDP: network-health.org.
  MX:    mxa-000e3401.gslb.pphosted.com (2)
  MX:    mxb-000e3401.gslb.pphosted.com (4)
  MX:    mailgw01.network-health.org (10)
Both TCP and UDP queries succeeded. Remote DNS test passed.
  A:     mxa-000e3401.gslb.pphosted.com [67.231.152.23]
  A:     mxb-000e3401.gslb.pphosted.com [67.231.144.68]

Checking MX servers listed for jennifer.cascio@network-health.org.
Connecting to mxa-000e3401.gslb.pphosted.com [67.231.152.23] on port 25.
Received:
220 mx0b-000e3401.pphosted.com ESMTP mfa-m0000605

Sent:
ehlo Centerlw.org

Received:
250-mx0b-000e3401.pphosted.com Hello static-216-214-245-147.isp.broadviewnet.net
 [216.214.245.147] (may be forged), pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250 STARTTLS


Sent:
mail from: <cmotyka@Centerlw.org>

Received:
250 2.1.0 Sender ok

Sent:
rcpt to: <jennifer.cascio@network-health.org>

Received:
250 2.1.5 Recipient ok

Sent:
quit

Received:
221 2.0.0 mx0b-000e3401.pphosted.com Closing connection

Successfully connected to mxa-000e3401.gslb.pphosted.com.
Connecting to mxb-000e3401.gslb.pphosted.com [67.231.144.68] on port 25.
Received:
220 mx0a-000e3401.pphosted.com ESMTP mfa-m0000522

Sent:
ehlo Centerlw.org

Received:
250-mx0a-000e3401.pphosted.com Hello static-216-214-245-147.isp.broadviewnet.net
 [216.214.245.147] (may be forged), pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250 STARTTLS


Sent:
mail from: <cmotyka@Centerlw.org>

Received:
250 2.1.0 Sender ok

Sent:
rcpt to: <jennifer.cascio@network-health.org>

Received:
250 2.1.5 Recipient ok

Sent:
quit

Received:
221 2.0.0 mx0a-000e3401.pphosted.com Closing connection

Successfully connected to mxb-000e3401.gslb.pphosted.com.
Connecting to mailgw01.network-health.org [131.239.33.10] on port 25.
Connecting to the server failed. Error: 10060
Failed to submit mail to mailgw01.network-health.org.

What's more; I can't establish a Telnet connection with mailgw01.network-health.org

Please note that our client are using Postini as a spam filter for incoming emails.

Please help.
0
Kinan Al-Haffar
Asked:
Kinan Al-Haffar
  • 3
1 Solution
 
Kinan Al-HaffarAuthor Commented:
I also checked the PTR record and its fine..
0
 
Ahmed786Commented:
So whenever an external user sends an email to Jennifer.Cascio@network-health.org they get NDR Right ?

sending mails from specific domain to @network-health.org is only causing problem ? or from all the domain ?

So the problem is only when sending mail to Jennifer.Cascio@network-health.org or when sending to any user in the domain @network-health.org ?

Internal mail is working fine for domain @network-health.org ?



Sometimes issue with specific user is because of below settings.

"Message Delivery Restrictions"  Uncheck "require that all senders are authenticated"
0
 
Kinan Al-HaffarAuthor Commented:
The issue was solved by creating a new send connector to that specific domain to bypass the Sophos appliance.
0
 
Kinan Al-HaffarAuthor Commented:
It solved the issue
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now