Exchange 2010 not sending some emails Queue Viewer shows 451 4.4.0 Primary Target IP 554 SMTP service not available

Hi, I have had a problem with a SBS2011 Server not able to send all emails.

I believe it is due to a certificate problem and have renewed the still valid RapidSSL certificate.

When I remotely connect, I still see a warning that it it self-signed.

Emails are backing up as I believe some recipients will not accept self-signed email?

I have tried Fix my network & this identifies a trusted certificate expired of invalid. It does not fix it.

I need to get the emails sending again ASAP but would also like to use the RapidSSL that is already installed.

Thanks in Advance.   Steve T
trebysAsked:
Who is Participating?
 
Will SzymkowskiSenior Solution ArchitectCommented:
As stated mail routing is not halted from Certificates. Are you able to send mail to any external domains? This error message usually points to the recipients domain you are sending to.

Contact the recipient and check to make sure that they are not having any issues with their mail server and/or DNS (MX) records.

Will.
0
 
KimputerCommented:
I have a feeling this has nothing to do with certificates. Can you send the same email using gmail/live/yahoo ? I have a feeling it's a problem on the other side. This holds true of course, if you have a problem with one domain. Instead of a problem, it could also be on purpose (spam filter on their servers, maybe your IP is on a blacklist). If it's ALL email, then the problem must be at your side.
0
 
HariomExchange ExpertsCommented:
The certificate will not cause this issue.

Are you sending e-mail using smart host or directly sending e-mail ,Also go to mxtoolbox.com and make sure your domain is not blacklisted.
http://mxtoolbox.com/blacklists.aspx
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
trebysAuthor Commented:
Thanks for your comments. It is not blacklisted. We are sending email directly. I have got the certificates tidied up. It is not all sent email, so I will look at spam filters. Thanks again
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
If you are getting blocked this error on a specific domain you need to contact them directly to ensure there is no issues on there end. A good test you can do is try to telnet on port 25 to their mail server. If this does not work then there is something definitely wrong on their end.

Will.
0
 
trebysAuthor Commented:
Thanks Will. I think you have found something -
I ran Telnet (I am not v familiar with telnet) open imap.hosts.co.uk 25
I got connect failed. It worked for mail.pcsteve.co.uk 25
Should I try another port number?

Thanks Again

Steve
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Nope. Server to Server mail is sent on port 25. If you cannot telnet to a mail server on port 25 without a fail then there is something wrong on the recipients end.

Nothing you can do. Just contact them and let them know there is something wrong with their mail server. This is why you are getting those emails stuck in your queue that are going to this domain. Exchange is trying to send them and they are given you an error like you have listed above.

Will.
0
 
trebysAuthor Commented:
Thanks Will. I also have 5 other mail servers that are giving me a 554 SMTP Service not available or 421 4.2.1 Unable to connect. I tried dcdiag.exe /dns & got the errors below. I wonder if my PTR record could be causing the problem?

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 195.54.225.10 (<name unavailable>)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 195.54.225.10
            DNS server: 62.121.0.2 (<name unavailable>)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 62.121.0.2
               SERVER1                      PASS PASS PASS PASS WARN PASS n/a
         ......................... ***********.local passed test DNS
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
The command you are running is for internal DNS zone. try the following...

type: nslookup <press enter>
type: set type=mx <press enter>

Open in new window


You will get a reply stating what you are using for your MX record IP address. Then run the below command.
type: set type=ptr
type: <ip address of your reverse record for mail.domain.com> <press enter>

Open in new window


You will then get the reverse lookup of this IP. If you do not have your reverse (ptr) record pointing to your mail.domain.com domain this will create issues when sending on the internet and you will get flagged as a spammer.

Will.
0
 
trebysAuthor Commented:
Thanks again Will. I ran nslookup & then set type=mx but get nothing back. I tried the same with PTR.

Hope it is not a red herring but nslookup came up with
C:\Windows\system32>nslookup
DNS request timed out.
    timeout was 2 seconds.
Default Server:  UnKnown
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
I ran nslookup & then set type=mx but get nothing back.
Sorry did not complete the command.

You need to type set type=mx <press enter>
then type domain.com <press enter>

This will give you the MX records for the domain that you type.

Will.
0
 
trebysAuthor Commented:
Thanks again Will,
I got this when I typed Domain.com


Non-authoritative answer:
domain.com      MX preference = 10, mail exchanger = et03.maileig.com
domain.com      MX preference = 10, mail exchanger = et02.maileig.com
domain.com      MX preference = 10, mail exchanger = et06.maileig.com

Then I typed set type=ptr but simply returned to the nslookup prompt
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Then I typed set type=ptr but simply returned to the nslookup prompt
When you type those commands you are simply changing the type of record you are looking for. that is why it does not show any info.

Once you have changed the setting to look at PTR records, then type your Reverse IP address that you use for mail.domain.com. If the IP address does not match up to your mail.domain.com then you have a reverse IP mismatch which will flag you as spam on the internet.

Will.
0
 
trebysAuthor Commented:
Putting our server in gave this result -

Server:  UnKnown
Address:  fe80::a4c2:324:*************

***********.com
        primary name server = server1.***********.local
        responsible mail addr = admin.***********.local
        serial  = 18
        refresh = 900 (15 mins)
        retry   = 600 (10 mins)
        expire  = 86400 (1 day)
        default TTL = 3600 (1 hour)
0
 
trebysAuthor Commented:
Thanks Will. I am getting the correct reply when I use the type=ptr

I am going to chase the ISP to check they have not changed our PTR record for our fixed IP
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Address:  fe80::a4c2:324:*************

We are testing this externally. That is a link local IPv6 IP you are using which is why you are getting those results. Your Reverse IP is an IP you get from your ISP.

Will.
0
 
trebysAuthor Commented:
Now sorted.

Thanks to everyone who contributed, especially Will.

Our DNS was pointing to namesco (who are hosting our website) and they needed to fix our PTR record on their Server.

They finally sorted it this morning and all emails are sending now.

That is 4 days I don't ever want to repeat!

Thanks again to everyone.

Steve T
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
So if this was a PTR record issue on your end not sure why points were split as I provided complete walk through for this solution?

Will.
0
 
trebysAuthor Commented:
Hi Will, Sorry, I am new to this. I have asked that you have all the points.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.