Exchange 2010 can't send mail
Hello all
Our organization uses exchange 2010 mail server. Our mail server work well but can't send mail to one domain. Other domains are no problem. Domain is ccb.com. Mail entered queue and occurred following error:
451.4.4.0 Primary target IP address responded with: "421 internal can't stack B channel SSL filter [1]."Attempted failover to alternate host, but that did not succeed.
Either there are no alternate hosts, or delivery failed to all alternate hosts.
Our organization uses "Watchguard" firewall and is it depend that problem?
Our organization uses exchange 2010 mail server. Our mail server work well but can't send mail to one domain. Other domains are no problem. Domain is ccb.com. Mail entered queue and occurred following error:
451.4.4.0 Primary target IP address responded with: "421 internal can't stack B channel SSL filter [1]."Attempted failover to alternate host, but that did not succeed.
Either there are no alternate hosts, or delivery failed to all alternate hosts.
Our organization uses "Watchguard" firewall and is it depend that problem?
ASKER
I added domain to Transport Rule and restarted exchange services. But error occurred.
Can you do a manual emulation of the smtp protocol by telneting to port 25 of the remote server?
That is not an Exchange error, that is a problem with the remote side, possibly trying to communicate with yours.
Does the Watchguard do anything with email? Are you using it as a smart host?
Try putting the remote domain through some of the tests at MXtoolbox and see if the error is coming back for others. If it is then it is their problem, not yours.
Simon.
Does the Watchguard do anything with email? Are you using it as a smart host?
Try putting the remote domain through some of the tests at MXtoolbox and see if the error is coming back for others. If it is then it is their problem, not yours.
Simon.
ASKER
Yes. Telnet is working.
ASKER
Thanks Simon.
We don't use smart host. We tested remote domain by mxtoolbox and that domain is no errors. Watchguard can transfer other mail.
We don't use smart host. We tested remote domain by mxtoolbox and that domain is no errors. Watchguard can transfer other mail.
When you say that telnet works, are you doing it from your mail server ?
Have you atually tried to emulate the protocol as far as sending a mail?
ie telnet to the remote mail server (mx record from nslookup) on port 25
helo yourmaildomain
mail from: <any.user@yourdomain.com>
rcpt to: <any.user@ccb.com>
data
blah blah blah
.
quit
If this doesn't work either, then the problem is not on your exchange side. You might get a more informative error message too.
Have you atually tried to emulate the protocol as far as sending a mail?
ie telnet to the remote mail server (mx record from nslookup) on port 25
helo yourmaildomain
mail from: <any.user@yourdomain.com>
rcpt to: <any.user@ccb.com>
data
blah blah blah
.
quit
If this doesn't work either, then the problem is not on your exchange side. You might get a more informative error message too.
ASKER
Thanks trappa01.
I tried below command from my exchange mail server.
1.
New cmd opened.
===========
>nslookup
Default Server: dc1.savingsbank.mn
Address: 192.168.20.1
> set q=mx
> ccb.com
Server: dc1.savingsbank.mn
Address: 192.168.20.1
DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:
ccb.com MX preference = 5, mail exchanger = mail-in3.ccb.com
ccb.com MX preference = 5, mail exchanger = mail-in4.ccb.com
ccb.com MX preference = 5, mail exchanger = mail-in1.ccb.com
ccb.com MX preference = 5, mail exchanger = mail-in2.ccb.com
mail-in3.ccb.com internet address = 124.127.253.193
mail-in4.ccb.com internet address = 124.127.253.194
mail-in1.ccb.com internet address = 114.247.32.65
mail-in2.ccb.com internet address = 114.247.32.66
=============
2.
New cmd opened. Then below command.
============
telnet mail-in3.ccb.com 25
220 CCB ESMTP Service ready
ehlo mail.statebank.mn
250-Requested mail action okay, completed
250-SIZE 10000000
250-AUTH PLAIN LOGIN
250-8BITMIME
250-STARTTLS
250 OK
mail from:<bat@statebank.mn>
250 Requested mail action okay, completed
rcpt to:<nm@ccb.com>
250 Requested mail action okay, completed
data
354 Start mail input; end with <CRLF>.<CRLF>
;This is test message
.
250 Requested mail action okay, completed
quit
221 Service closing transmission channel
Connection to host lost.
============
But mail can't send from my outlook and owa web.
I tried below command from my exchange mail server.
1.
New cmd opened.
===========
>nslookup
Default Server: dc1.savingsbank.mn
Address: 192.168.20.1
> set q=mx
> ccb.com
Server: dc1.savingsbank.mn
Address: 192.168.20.1
DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:
ccb.com MX preference = 5, mail exchanger = mail-in3.ccb.com
ccb.com MX preference = 5, mail exchanger = mail-in4.ccb.com
ccb.com MX preference = 5, mail exchanger = mail-in1.ccb.com
ccb.com MX preference = 5, mail exchanger = mail-in2.ccb.com
mail-in3.ccb.com internet address = 124.127.253.193
mail-in4.ccb.com internet address = 124.127.253.194
mail-in1.ccb.com internet address = 114.247.32.65
mail-in2.ccb.com internet address = 114.247.32.66
=============
2.
New cmd opened. Then below command.
============
telnet mail-in3.ccb.com 25
220 CCB ESMTP Service ready
ehlo mail.statebank.mn
250-Requested mail action okay, completed
250-SIZE 10000000
250-AUTH PLAIN LOGIN
250-8BITMIME
250-STARTTLS
250 OK
mail from:<bat@statebank.mn>
250 Requested mail action okay, completed
rcpt to:<nm@ccb.com>
250 Requested mail action okay, completed
data
354 Start mail input; end with <CRLF>.<CRLF>
;This is test message
.
250 Requested mail action okay, completed
quit
221 Service closing transmission channel
Connection to host lost.
============
But mail can't send from my outlook and owa web.
My first impression was the same as Simon's but I'm less convinced now. Is the routing via the watchgard configured in exchange or does all traffic go via that firewall (essentially I'm trying to figure out the difference between a manual send and a send via the Exchange server)?
Presumably, the sender address is always @statebank.mn ?
Presumably, the sender address is always @statebank.mn ?
ASKER
Exchange is routed by watchguard. Sender address is @statebank.mn. I tried send mail from my exchange server to @ccb.com. But below error in queues.
451.4.4.0 Primary target IP address responded with: "421 internal can't stack B channel SSL filter [1]."Attempted failover to alternate host, but that did not succeed.
Either there are no alternate hosts, or delivery failed to all alternate hosts.
But command prompt is below message.
220 CCB ESMTP Service ready
ehlo mail.statebank.mn
250-Requested mail action okay, completed
250-SIZE 10000000
250-AUTH PLAIN LOGIN
250-8BITMIME
250-STARTTLS
250 OK
mail from:<bat@statebank.mn>
250 Requested mail action okay, completed
rcpt to:<nm@ccb.com>
250 Requested mail action okay, completed
data
354 Start mail input; end with <CRLF>.<CRLF>
;This is test message
.
250 Requested mail action okay, completed
quit
221 Service closing transmission channel
What do i do?
451.4.4.0 Primary target IP address responded with: "421 internal can't stack B channel SSL filter [1]."Attempted failover to alternate host, but that did not succeed.
Either there are no alternate hosts, or delivery failed to all alternate hosts.
But command prompt is below message.
220 CCB ESMTP Service ready
ehlo mail.statebank.mn
250-Requested mail action okay, completed
250-SIZE 10000000
250-AUTH PLAIN LOGIN
250-8BITMIME
250-STARTTLS
250 OK
mail from:<bat@statebank.mn>
250 Requested mail action okay, completed
rcpt to:<nm@ccb.com>
250 Requested mail action okay, completed
data
354 Start mail input; end with <CRLF>.<CRLF>
;This is test message
.
250 Requested mail action okay, completed
quit
221 Service closing transmission channel
What do i do?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://sysadminguides.com/index.php/applications/exchange/4-whitelist-domain-in-exchange-2010.html