Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Email send fails to a few domains

Posted on 2014-03-26
12
Medium Priority
?
367 Views
Last Modified: 2014-03-28
Hi,

we have a problem with one exchange server (SBS2011)

Everything works fine, but the server cannot send emails to some domains.

- The domains have - according to them - whitelisted us in their antispam
- The domains apparently don't see anything in their logs about our server trying to send
- reverse-lookup has been added to our server, but no help

Error:
 The server has tried to deliver this message, without success, and has stopped trying.
#550 4.4.7 QUEUE.Expired; message expired ##


Any ideas?
0
Comment
Question by:JarkkoJii
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +3
12 Comments
 
LVL 1

Assisted Solution

by:Yorickos
Yorickos earned 375 total points
ID: 39955715
I think the problem might be your DNS where it cant resolve the external address.
Try to add an external DNS server in the tab "External DNS lookups" from the Exchange server console and add 8.8.8.8
0
 
LVL 36

Expert Comment

by:Kimputer
ID: 39955744
Check DNS settings (compare with public records, like google DNS 8.8.8.8). Probably MX records don't match?
0
 

Author Comment

by:JarkkoJii
ID: 39955801
sorry, forgot to say: already using 8.8.8.8 and own ISP's DNS for lookup.
name resolve works fine.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 9

Expert Comment

by:Lee Ingalls
ID: 39955843
Are the messages making it to your firewall?
Do the messages happen to have large attachments? Delivery could be timing out before message is fully scanned.
0
 

Author Comment

by:JarkkoJii
ID: 39955848
They go through the FW. Attachment or not, they don't go through to the recipient.
0
 
LVL 9

Expert Comment

by:Lee Ingalls
ID: 39955910
If they are making it through your FW then it appears the issue is on the recipients end.
Please reference the following:

 http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_27437432.html

See Papertrips's comments...
There are some things you can do with MX records to try and honeypot spammers and things like that, but if that is the case they are doing it wrong.

Your sending server should still be trying to hit the other MX record, so aside from their problem you could have one as well.  Make sure your mail server sees both of their MX records, check logs to see if your server attempted to send to both MX's.
0
 
LVL 36

Expert Comment

by:Kimputer
ID: 39955941
Install Wireshark to track the whole email conversation (probably you will see the error at the end of the conversation). If nothing comes up, the connection was never made. Then do a traceroute why you can't connect to that IP.
0
 
LVL 14

Expert Comment

by:Andy M
ID: 39955971
Have you tried a telnet session from your email server to their primary MX server - if this connects does it allow you to send an email through that method? Sometimes Telnet will help see any errors reported from the other server.

This will help to do this: http://www.wikihow.com/Send-Email-Using-Telnet

You could also enable verbose logging on your send connector and send an email - this should also show you mroe information on what happened to the email.

If the email is confirmed as sent from your server but not recieved at their side it could be an error during transit - possible third party system in between for filtering/anti-spam?
0
 
LVL 12

Expert Comment

by:Md. Mojahid
ID: 39958416
you can check few thinks to prove that.

1) Telnet to remote domain 25

mail from : sender@yourdomin.com

rcpt to:Affected@remotedomin.com

Check whether you are able to drop a mail or not. If not then checked what it says.

2)  Check your firewall, whether that mails is hit or not. If yes then problem with remote domain.

3) You can also check the Protocol log for send log on the server and check whether exchange is trying to dilivered that mails to remote domain or not.

All this steps will help you to prove that it is not your domain which is causing problem.
0
 

Author Comment

by:JarkkoJii
ID: 39960954
Seems like the email is not even trying to leave the server: set logging to SMTP out and .. nothing, when sending to those few domains. Other domains work fine.

On the other hand, telnetting and trying to manually send email gave a 550 error (user not found), but it's a multi-tenant-hosted server, judging by the name, and this might cause something?
0
 
LVL 36

Accepted Solution

by:
Kimputer earned 375 total points
ID: 39961030
Nothing in SMTP log usually means DNS problems. That's because if it was anything else, it would still log the start of the conversation (HELO/EHLO) and even the SMTP exact error.
When a DNS error is happening, your server tries to connect to an IP that's not accepting email or it doesn't even exist, and that's why you won't see anything in your log files.
I still suggest you try to investigate the DNS problem further, by using Wireshark on the mail server on port 53 (DNS responses can be easily read in Wireshark) and check if that's really the server it should connect to.
0
 

Author Comment

by:JarkkoJii
ID: 39961171
Seems like a DNS-query problem after all.

Customer gave a wrong email-server to test against:
It was their old one, and that resolved & replied just fine. And was logically named and configured, also. Only they have started to use a greylisting server a month ago, and that one did not... so all testing was done against wrong server. Why bother with NSLookup, when you get "reliable" info from the customer....

I'll wait for a confirmation from customer, but I think it's done.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
This video discusses moving either the default database or any database to a new volume.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question