Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5324
  • Last Modified:

Exchange smart host send connector connexion timed out 421 4.4.1

Hi Experts,

We encounter a strange issue on a SBS 2011 with Exchange 2010 SP3 server. We send emails through our ISP smar host. Everything worked great since a long time and a day this error appeared:

541 4.4.0 Primary target IP address responded with: "421 4.4.1 Connection timed out." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.

We contacted the ISP and after some tests, they claim that the problem couldn't be from their side.

I then tried to create a brand new send connector with this smart host with DNS name and then with IP address with the same result. I created a NAT rule on our USG 100 to give the right IP from our pool to the server which had the gateway one and tested it successfully. The mails are coming from the right IP and the reverse DNS is OK too.

I tried successfully  to send mail with telnet from our Exchange server through the ISP smart host server. The mail came with the good source IP and host name too.

What can I do now please?

Thank you in advance for your precious help, best regards,
0
jet-info
Asked:
jet-info
  • 5
  • 3
  • 2
  • +2
2 Solutions
 
Simon Butler (Sembee)ConsultantCommented:
ISP tech support lie and their primary task is to find something to blame the problem on that isn't their network, or to utter the magic words "we don't support that".

As long as you work on that basis, then your sanity will be fine.

Can you telnet in to port 25 of their server from your server? From another machine? If not, then something is wrong with their setup.
Can you telnet in to port 25 of another mail server? If so, then that definitely points to a problem with their server.

Simon.
0
 
Gareth GudgerCommented:
I agree with Simon. The number of times I have called an ISP, they claim nothing is wrong, you persist, they go on hold "to check" and then it magically starts working is uncanny.

But back on topic. Normally when you get this error the problem is with the smart host. As Simon said, try to Telnet to it.

I am curious about the bigger picture here. You mentioned you have configured your mail server to always send out on the same IP and you have a reverse DNS configured for this IP. Any particular reason you are using the smart host and not just sending direct to DNS in the Send Connector?
0
 
MdlinnettCommented:
I had this exact issue earlier this week and the issue was down to a problem the ISP were having.

Did you confirm with the ISP support team that the smarthost name / IP address are correct?

Speak with the ISP support team and ask them to escalate the call, if nothing has changed your end then it can only be something their end...
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
jet-infoAuthor Commented:
Thank you for your answers,
I was sick, so excuse me for the delay...

When I test our customers Mail Server with MXToolBox, I receive no more error. The new NAT rule seems to have corrected the previous open relay error, which was a possible open relay configuration error because of quick connection lost, MXTB had not the necessary time to try to relay...

I can send mails with telnet from the customer's site and ours. We are both customers of the same ISP, which authorize only his customers (IP Range) to use this smart host.

I can send telnet mails from the customers server through another of ours customers mail server. So what can I do in more please?

Thank you in advance for your help !
0
 
Simon Butler (Sembee)ConsultantCommented:
If you are both on the same ISP then that points to the smart host being the cause and you have to bring the ISP in on the issue. If you are send email to other sites without a problem it is somewhere within the ISP network.

Simon.
0
 
jet-infoAuthor Commented:
I tested to switch back to the ISP smart host this morning  and it worked for about 3 hours. Then it stopped working with the exactly same "Connection timed out" error. I wrote to the ISP and wait for their answer.
I looked up in the send log (C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpSend) and found all successfully connexions but no error message. It just stopped writing in the log when the error occured. In which log file can I find it please?

Thanks in advance for your help, best regards,
0
 
jet-infoAuthor Commented:
New try, same result. I activated the smart host send connector ans disabled the other one for one hour in accordance with the ISP. We sent approximately 20 mails. The timed out connection error occurred three times. If we suspend and resume in the queue viewer, mails were sent for a while and the error occurred again...
The ISP can see only successful connections. In our Exchange smtpsend log, we can see only successful connections too. In which log could we see the timed out connection please ?
Nothing in the Windows eventvwr logs too...

Thank you in advance for your help !
0
 
Simon Butler (Sembee)ConsultantCommented:
I would start pointing the finger at the firewall.
Although I would also be considering stripping anything that could be scanning SMTP traffic off the server - so AV software, anti-spam etc.

Simon.
0
 
jet-infoAuthor Commented:
Here is the ISP response :

The technicians who are responsible for our outgoing mail have verified your logfile with our SMTP servers.

From 12:04:46 CEST we only see the "CONNECT", but no transmission dates (or data??). The sending "EHLO mail.customer.com" (from "2014-06-02T10: 04:46.729 Z, mail.isp.com smart host, 08D13C876463D1DB, 20,192.168.99.99:33253,99.188.19.57:25,> EHLO mail.customer.com, ") does not happen here.

We can not find any problems on our side. Since there are no such problems with our other customers.
0
 
Gareth GudgerCommented:
What about dropping the smart host? As long as you have all the right PTR and SPF records in there, you shouldn't need to use your ISP as a smart host.
0
 
nociSoftware EngineerCommented:
Well does your ISP limit the number of addressees on a mail? it may be that they say 5 is a limit. if you have 6 in total To: + CC: + BCC: it can be rejected with 421...
0
 
jet-infoAuthor Commented:
Sorry for the delay, we are sticking on the backup send connector for the moment. We'll test it again when we have more time. We'll post a new answer later.

Thank you for your help !
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now