Link to home
Start Free TrialLog in
Avatar of amanzoor
amanzoorFlag for Canada

asked on

Exchange2010 SP3 UR7 Queue Viewer many messages type DnsConnectorDelivery 451.4.4.0 primary target ip address responded 421 4.2.1 unable to connect

Hi there,
Running Exchange2010 SP3 UR7, have many messages sitting in the queue of type DnsConnectorDelivery 451 4.4.0 primary target ip address responded 421 4.2.1 unable to connect.  

The general and recepient tab of one of the message please note mydomain=my real domain name:

Identity: EXCHANGE3\402697\1840962
Subject: Undeliverable: Re: You have a $50 CVS reward waiting for you
Internet Message ID: <94350b71-ee7c-4938-989e-37491365d670@mydomain.com>
From Address: <>
Status: Ready
Size (KB): 6
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 12/2/2014 11:12:51 AM
Expiration Time: 12/4/2014 11:12:51 AM
Last Error: 400 4.4.7 Message delayed
Queue ID: EXCHANGE3\402697
Recipients:  CVScustomerrewards@vex5powervpsnode.link;2;2;400 4.4.7 Message delayed;0;CN=Internet Mail SMTP connector Exchange3,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=My Domain,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mydomain,DC=com

The recipient information:
CVScustomerrewards@vex5powervpsnode.link        ready    400 4.4.7 message delayed

Can someone please help me in identifying what is going on with my exchange, my antivirus is fine, filtering is fine running Sophos pure message.  Is my exchange sending spam? how and where can I block it?  Need help please.
Thanks
Avatar of FarWest
FarWest

first make sure that the server can access the internet, and do DNS query
using DNSLookup cmd command
Avatar of amanzoor

ASKER

Thanks fryezz:
From exchange2010
nslookup, just checked with many domains, even the ones which have the above error.  No issue, I get the reply:
Non-authoritative answer:
Name:    almanacstore.com
Address:  50.57.34.52

> aquavpshoster-40.link
Server:  vs1.mydomain.com
Address:  10.10.10.11

Non-authoritative answer:
Name:    aquavpshoster-40.link
Address:  50.2.23.21

> auraa.ca
Server:  vs1.mydomain.com
Address:  10.10.10.11

Non-authoritative answer:
Name:    auraa.ca
Address:  108.168.150.234
so check if you have any dns server setup in the send connector, and make sure that you don't set invalid external dns
I have the following config for Hub transport, is this correct?
under EMC, Server config, Hub Transport:

I have two connectors:

Cleint Exchange3 and Default Exchange3:  both enabled
-Clicked on client exchange3 and under network tab, for IPV6andIPV4 port 587
-Authentication tab; transport layer TLS is checked, basic auth is checked, offer basic auth is checked, integrated windows auth is checked:
Under permissions group:
Checked, Anonymous users
Checked, Exchange users
Checked, Exchange servers
Checked legacy exchange servers

For default Exchange3:
Network tab has port 25 for IPv6 and 4
Authentication tab:
-Authentication tab; transport layer TLS is checked, basic auth is checked, offer basic auth is checked, integrated windows auth is checked:
Under permissions group:
Checked, Anonymous users    
Checked, Exchange users
Checked, Exchange servers
Checked legacy exchange servers
I will just let you know the send connector DNS.
2 connectors attached
connectors.docx
ASKER CERTIFIED SOLUTION
Avatar of FarWest
FarWest

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I made the change, you meant 'Exchange Transport' service? , cannot find hub-transport under services.msc.
yes,
any progress ?
I re-started the whole server.   Users will be running after me :)  Will let you know in few sec
168 to 162..............slowly going down, seems a good sign
All these emails end with '.link' and all of them have suspicious subject headers matching advertisements etc.  The number of list is just sitting there.  Can I delete them all?
yes sure,   utuse with ndr so users will be notified
Thanks fryezz:
Turned out to be all messages which Sophos antispam is trying to send to quarantine.  In any case removed all messages with NDR and the list of domains kept on shrinking to 10.  Thanks a lot.
I really appreciate your time.
welcome anytime andI really enjoied discussion with you