exchange 2010

Possibly a DNS issue.  Check that your exchange server can resolve the domain name and MX records of your client.

A 4.7.1 implies that it's not leaving your organization.  Is it possible that email you're sending to has been assigned to a contact or user in your AD?

OPen a command prompt on the server.

Type NSLOOKUP

when you get >   type 'set type=mx'
(without quotes)

then type the name of the mail domain (ie if email chris@send.com type 'send.com')

Do you get a public IP address?

Also, are you trying to send FROM as a different user?

Pramod1,

Could you provide some more information? Other than 4.7.1, is there verbiage with that reject notice? 4.7.1 can be a number of things depending on the provider that is sending back that error. Some examples are:

** 454 4.7.1 Relay access denied
** Client does not have permission to submit mail to this server. The server response was: 4.7.1 <alias@domain.com>: Relay access denied
** 421 4.7.1 : Sender address rejected: Account disabled

The common theme in these appears to be the sender account and its lack of permissions to send email.

However, there are others as well.

** 450 4.7.1 Client Host Rejected Cannot Find Your Hostname
------- This occurs when your receive connector is not setup correctly to issue HELO/EHLO to verify the server's identity.
** 451 4.7.1 Please try again later
** 451 4.7.1 Greylisting in action, come back in x minutes (where x is a number)
------- The two above can be researched here: https://support.google.com/postini/answer/1408989?hl=en 


I hope that helps!

I am getting below with particular email.
deferred: 403 4.7.0 TLS handshake failed

Your outbound TLS settings are too aggressive for the recipient.

so how should I correct it, please let me know

serverfault.com/questions/667692/reason-403-4-7-0-tls-handshake-failed

This guy talks about his outlook email client cert expiring

I didn't get your answer,  it states disable disable client-mode starttls?

C--Users-con-ccisat1pwk-Desktop-I-amgett

david I did below
C--Users-con-ccisat1pwk-Desktop-I-amgett

PRAMOD, Are you sure you shouldn't be sending to zurich-airport.com instead of zurichairport.com?  The one without the hyphen looks shady.

how it looks shady, just concerned?

I'm about 100000% sure that zurichairport.com is a honey pot and does not serve email, have valid MX records, SPF records or would ever abide by a secure TLS policy.

Go to www.zurichairport.com   and then go to www.zurich-airport.com

MX RECORDS:

ZURICH-AIRPORT.COM
Non-authoritative answer:
zurich-airport.com      MX preference = 10, mail exchanger = smtp02.zurich-airport.com
zurich-airport.com      MX preference = 10, mail exchanger = smtp01.zurich-airport.com
zurich-airport.com      nameserver = ns2.zrh.aero
zurich-airport.com      nameserver = ns2.init7.net
zurich-airport.com      nameserver = ns1.zrh.aero
smtp02.zurich-airport.com       internet address = 194.146.215.104
smtp01.zurich-airport.com       internet address = 194.146.215.103
ns2.init7.net   AAAA IPv6 address = 2001:8a8:21:4::2

ZURICHAIRPORT.COM
zurichairport.com
        primary name server = buy.internettraffic.com
        responsible mail addr = hostmaster.hostingnet.com
        serial  = 1437505385
        refresh = 10800 (3 hours)
        retry   = 3600 (1 hour)
        expire  = 604800 (7 days)
        default TTL = 86400 (1 day)

now  when I send it says mail delayed , we will try again

We are still getting the TLS error(attached)
C--Users-con-ccisat1pwk-Desktop-We-are-s

FYI…

 

please find the error
C--Users-con-ccisat1pwk-Desktop-deferred

on mxtool box , I checked smtp tls , it says server cannot do starttls

receipent disabled tls and the email started working

and our exchange server has starttls enabled, so what does this all mean

You may have weaker versions of TLS disabled for security reasons.  I'm noticing in your error messages that you might work for someone in the healthcare industry?  It's mandated all outgoing email communication (for us and our carriers, at least) that all email transmission uses TLS 1.2 or higher.


A direct connection indicates they do use TLS, though:
220 ESMTP Server Zurich Airport
helo mydomain.com
250 SPCH1111.zrh.local
STARTTLS
220 2.0.0 Ready to start TLS

Maybe your Cert used for TLS is expired?

we were having problems sending email to Zurich-airport.com and our email were bouncing back with
4.7.1 tls handshake failed.

our certificate for tls has not expired.

the receipent Zurich-airport.com disabled tls and email started flowing.

so how our email will work when they have disabled tls

TLS Mismatch?  

I was able to issue a STARTTLS to both of your mail server.

Maybe you're not really set up correctly to use TLS.  Is your exchange server hosting the session or do you have an appliance that sends mail?

This is the feedback from receipent server (Zurich-airport.com)-IT

[000.734]            Cert Hostname DOES NOT VERIFY (mxb-001b1801.gslb.pphosted.com != *.pphosted.com)
[000.734]            (see RFC-2818 section 3.1 paragraph 4 for info on wildcard ("*") matching)
[000.734]            So email is encrypted but the host is not verified

They changed something on the parameters.

any inference you can draw

our email goes through proofpoint gateway