?
Solved

Your message wasn't delivered because of security policies 5.7.0 TLS encryption required Exchange 2007

Posted on 2014-01-23
4
Medium Priority
?
5,133 Views
Last Modified: 2016-02-25
Dear all;

I have the following issue with one of our clients:

The issue happens with one external domain only "network-health.org", when users are trying to send emails to this domain they receive the following NDR:

Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
 
The following organization rejected your message: mxa-000e3401.gslb.pphosted.com.
 
Diagnostic information for administrators:
 
Generating server: mailx.centerlw.org
 
Jennifer.Cascio@network-health.org
mxa-000e3401.gslb.pphosted.com #<mxa-000e3401.gslb.pphosted.com #5.7.0 smtp; 503 5.7.0 TLS encryption required> #SMTP#
 
Original message headers:
 
Return-Path: <cenriquez@CenterLW.org>
Received: from mailx.centerlw.org (localhost.localdomain [127.0.0.1])
        by localhost (Email Security Appliance) with SMTP id 116364386BC_2E02084B
        for <Jennifer.Cascio@network-health.org>; Wed, 22 Jan 2014 19:48:20 +0000 (GMT)
Received: from mail.centerlw.org (clw-mail.centerlw.org [192.168.254.7])
        by mailx.centerlw.org (Sophos Email Appliance) with ESMTP id E49B94385FC_2E02082F
        for <Jennifer.Cascio@network-health.org>; Wed, 22 Jan 2014 19:48:18 +0000 (GMT)
Received: from CLW-MAIL.centerlw.org ([::1]) by CLW-MAIL.centerlw.org ([::1])
 with mapi; Wed, 22 Jan 2014 14:45:42 -0500
From: Carlos Enriquez <cenriquez@CenterLW.org>
To: "Cascio, Jennifer" <Jennifer.Cascio@network-health.org>
Date: Wed, 22 Jan 2014 14:45:40 -0500
Subject: RE: Member getting PCA services
Thread-Topic: Member getting PCA services
Thread-Index: Ac8XpsffH9a/YO7HTXygaN/wleZ+SgAA4sOA
Message-ID: <23FF1E7E9A04A84FB5CE4563808DD9E41FE5A81B6E@CLW-MAIL.centerlw.org>
References: <4FF21B15361C864DBAF26D82CD4ABE640523323168@exchange01.nwhsc.org>
In-Reply-To: <4FF21B15361C864DBAF26D82CD4ABE640523323168@exchange01.nwhsc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain
MIME-Version: 1.0

SMTPDiag results:

C:\SmtpDiag>smtpdiag cmotyka@Centerlw.org jennifer.cascio@network-health.org /V

Searching for Exchange external DNS settings.
Computer name is CLW-MAIL.
VSI 1 has the following external DNS servers:
There are no external DNS servers configured.

Checking SOA for network-health.org.
Checking external DNS servers.
Checking internal DNS servers.

Checking TCP/UDP SOA serial number using DNS server [192.168.254.7].
TCP test succeeded.
UDP test succeeded.
Serial number: 72

Checking TCP/UDP SOA serial number using DNS server [192.168.254.11].
TCP test succeeded.
UDP test succeeded.
Serial number: 72

Checking TCP/UDP SOA serial number using DNS server [127.0.0.1].
TCP test succeeded.
UDP test succeeded.
Serial number: 72
SOA serial number match: Passed.

Checking local domain records.
Starting TCP and UDP DNS queries for the local domain. This test will try to
validate that DNS is set up correctly for inbound mail. This test can fail for
3 reasons.
    1) Local domain is not set up in DNS. Inbound mail cannot be routed to
local mailboxes.
    2) Firewall blocks TCP/UDP DNS queries. This will not affect inbound mail,
but will affect outbound mail.
    3) Internal DNS is unaware of external DNS settings. This is a valid
configuration for certain topologies.
Checking MX records using TCP: Centerlw.org.
  A:     Centerlw.org [192.168.254.2]
  A:     Centerlw.org [192.168.254.11]
  A:     Centerlw.org [192.168.254.7]
  A:     Centerlw.org [192.168.254.3]
Checking MX records using UDP: Centerlw.org.
  A:     Centerlw.org [192.168.254.7]
  A:     Centerlw.org [192.168.254.11]
  A:     Centerlw.org [192.168.254.3]
  A:     Centerlw.org [192.168.254.2]
Both TCP and UDP queries succeeded. Local DNS test passed.

Checking remote domain records.
Starting TCP and UDP DNS queries for the remote domain. This test will try to
validate that DNS is set up correctly for outbound mail. This test can fail for
3 reasons.
    1) Firewall blocks TCP/UDP queries which will block outbound mail. Windows
2000/NT Server requires TCP DNS queries. Windows Server 2003 will use UDP
queries first, then fall back to TCP queries.
    2) Internal DNS does not know how to query external domains. You must
either use an external DNS server or configure DNS server to query external
domains.
    3) Remote domain does not exist. Failure is expected.
Checking MX records using TCP: network-health.org.
  MX:    mailgw01.network-health.org (10)
  MX:    mxa-000e3401.gslb.pphosted.com (2)
  MX:    mxb-000e3401.gslb.pphosted.com (4)
  A:     mailgw01.network-health.org [131.239.33.10]
Checking MX records using UDP: network-health.org.
  MX:    mxa-000e3401.gslb.pphosted.com (2)
  MX:    mxb-000e3401.gslb.pphosted.com (4)
  MX:    mailgw01.network-health.org (10)
Both TCP and UDP queries succeeded. Remote DNS test passed.
  A:     mxa-000e3401.gslb.pphosted.com [67.231.152.23]
  A:     mxb-000e3401.gslb.pphosted.com [67.231.144.68]

Checking MX servers listed for jennifer.cascio@network-health.org.
Connecting to mxa-000e3401.gslb.pphosted.com [67.231.152.23] on port 25.
Received:
220 mx0b-000e3401.pphosted.com ESMTP mfa-m0000605

Sent:
ehlo Centerlw.org

Received:
250-mx0b-000e3401.pphosted.com Hello static-216-214-245-147.isp.broadviewnet.net
 [216.214.245.147] (may be forged), pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250 STARTTLS


Sent:
mail from: <cmotyka@Centerlw.org>

Received:
250 2.1.0 Sender ok

Sent:
rcpt to: <jennifer.cascio@network-health.org>

Received:
250 2.1.5 Recipient ok

Sent:
quit

Received:
221 2.0.0 mx0b-000e3401.pphosted.com Closing connection

Successfully connected to mxa-000e3401.gslb.pphosted.com.
Connecting to mxb-000e3401.gslb.pphosted.com [67.231.144.68] on port 25.
Received:
220 mx0a-000e3401.pphosted.com ESMTP mfa-m0000522

Sent:
ehlo Centerlw.org

Received:
250-mx0a-000e3401.pphosted.com Hello static-216-214-245-147.isp.broadviewnet.net
 [216.214.245.147] (may be forged), pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250 STARTTLS


Sent:
mail from: <cmotyka@Centerlw.org>

Received:
250 2.1.0 Sender ok

Sent:
rcpt to: <jennifer.cascio@network-health.org>

Received:
250 2.1.5 Recipient ok

Sent:
quit

Received:
221 2.0.0 mx0a-000e3401.pphosted.com Closing connection

Successfully connected to mxb-000e3401.gslb.pphosted.com.
Connecting to mailgw01.network-health.org [131.239.33.10] on port 25.
Connecting to the server failed. Error: 10060
Failed to submit mail to mailgw01.network-health.org.

What's more; I can't establish a Telnet connection with mailgw01.network-health.org

Please note that our client are using Postini as a spam filter for incoming emails.

Please help.
0
Comment
Question by:Kinan Al-Haffar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 

Author Comment

by:Kinan Al-Haffar
ID: 39803331
I also checked the PTR record and its fine..
0
 
LVL 9

Expert Comment

by:Ahmed786
ID: 39803491
So whenever an external user sends an email to Jennifer.Cascio@network-health.org they get NDR Right ?

sending mails from specific domain to @network-health.org is only causing problem ? or from all the domain ?

So the problem is only when sending mail to Jennifer.Cascio@network-health.org or when sending to any user in the domain @network-health.org ?

Internal mail is working fine for domain @network-health.org ?



Sometimes issue with specific user is because of below settings.

"Message Delivery Restrictions"  Uncheck "require that all senders are authenticated"
0
 

Accepted Solution

by:
Kinan Al-Haffar earned 0 total points
ID: 39803545
The issue was solved by creating a new send connector to that specific domain to bypass the Sophos appliance.
0
 

Author Closing Comment

by:Kinan Al-Haffar
ID: 39814542
It solved the issue
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question