Solved

Exchange mail delivery issue

Posted on 2014-02-18
9
287 Views
Last Modified: 2014-02-23
I have a strange error within Exchange...

Users cannot send to a number of different domains (that we've been able to send to for years) and the messages are just sitting in the queue on Exchange

The "last error" text shows
451 4.4.0 Primary target IP address responded with "421 please try later" attempted failover.....

I have checked our domain against blacklists and come up with nothing, though several have reported that our

Forward DNS does not match Reverse DNS - is this a problem?

I have also tried to telnet into the problem domains on port 25 and the connection gets immediately dropped with error "421 please try later"

I'm supposed to be on holiday tonight, any help gratefully received !!
0
Comment
Question by:dangermouse1977
  • 5
  • 3
9 Comments
 
LVL 24

Expert Comment

by:-MAS
ID: 39866995
Please mention the version of exchange
0
 

Author Comment

by:dangermouse1977
ID: 39867010
Sorry, running Exchange server 2010
0
 

Author Comment

by:dangermouse1977
ID: 39867019
I've run the test connectivity tool within exchange and it's passed everything except

Error performing sender ID validation

That error seems to be something called "parsing the SPF record"
SPF record evaluation resulted in sender ID failure, the SPF record could not be parsed.

Checking the SPF record with an online tool, it seems to refer to the old mx record IP address from before we transferred our e-mail to our in house exchange server
0
 
LVL 24

Expert Comment

by:-MAS
ID: 39867110
Please make sure your MX records are correct using the URLs below

https://testconnectivity.microsoft.com/
http://www.mxtoolbox.com
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 

Author Comment

by:dangermouse1977
ID: 39867172
OK, the first one reports a sender ID validation failure due to SPF record mismatch -

the second seems to have a number of issues but i'm not quite sure whether they are relevent.... the domain concerned is adc-international.com if you want to check for yourself, you can use o.error@adc-international.com for the e-mail address
0
 
LVL 24

Expert Comment

by:-MAS
ID: 39867227
On the "Default receive" connector please specify your external FQDN to avoid this warning.

Warning - Reverse DNS does not match SMTP Banner

check this
http://community.mxtoolbox.com/blog/what-does-the-warning-reverse-dns-does-not-match-smtp-banner-mean-smtp-diagnostic-tool/
0
 

Author Comment

by:dangermouse1977
ID: 39868444
OK,

Please forgive me for asking stupid questions but I see a potential for this to go very wrong if I make the wrong change...

So, I have opened Exchange System Manager and navigated to

server configuration / hub transport

Under "receive connectors" at the lower half of the middle of the screen I have 3 entries...
client <servername> default <servername> and "local network"

If I right click and select properties, I see an option on the "general" tab that says "specify an FQDN this connector will provide.... etc etc

on the "client <servername> tab this is set to "mail.adc-international.com" but on the default <servername> and "local network" tabs this is set to the internal network address of our mail server <servername.adc-int.com>

Should I change these 2 entries to "mail.adc-international.com" or am I barking up the wrong tree completely!
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 39870527
Don't waste your time changing the Receive Connector banner. It is a change to satisfy a very stupid test, it will have NOTHING to do with your email flow.

http://blog.sembee.co.uk/post/Exchange-200720102013-Outbound-SMTP-Banner-Testing.aspx

Leave the connector as per the default, it will be fine.

The error message you are getting is usually caused by greylisting. Do all of the domains that you are using show the identical error? If so, that would be unusual unless they are all on the same host.

Exchange 2010 should cope with greylisting fine, with the messages going out shortly afterwards. However I have seen problems caused by third party tools stopping this from happening.

Simon.
0
 

Author Closing Comment

by:dangermouse1977
ID: 39881605
I think this must have been the issue as I changed nothing and within 24hrs mail flow was back to normal.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
how to add IIS SMTP to handle application/Scanner relays into office 365.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now