Returned e-mail Exchange 2010, 550 4.4.7 errors

Trying to find a fix to an odd problem, where random domains outside have started returning mail with 550 4.4.7 errors. These domains were working and this example just started today. Now we have saia.com and lgsinc.com, that we can't send mail too.

I've read where it's an external relay server not passing the message to the recipient server or where we may have duplicate addresses in the address book. I just need a simple fix. Someone said scan the queue, but I see random queue names and not sure which one to scan or how to scan.

From: Microsoft Outlook
Sent: Saturday, September 26, 2015 12:37 PM
To: Janet Ratka
Subject: Undeliverable: Invoice NC119656 from The Steel Network, Inc.
 
Delivery has failed to these recipients or groups:
wwww@LGSINC.COM (wwww@LGSINC.COM)
The server has tried to deliver this message, without success, and has stopped trying. Please try sending this message again. If the problem continues, contact your helpdesk.
Vvvv@LGSINC.COM (Vvvv@LGSINC.COM)
The server has tried to deliver this message, without success, and has stopped trying. Please try sending this message again. If the problem continues, contact your helpdesk.

Diagnostic information for administrators:
Generating server: our.mail.server.corp
wwww@LGSINC.COM
#550 4.4.7 QUEUE.Expired; message expired ##
vvvvv@LGSINC.COM
#550 4.4.7 QUEUE.Expired; message expired ##
Original message headers:
LVL 1
HaroldNetwork EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris HInfrastructure ManagerCommented:
Can you PM me your domain you're sending from so I can examine your DNS records?
Amit KumarCommented:
can you check if you are able to telnet LGSINC.COM's MX record on 25 port from your gateway?

use below command in command prompt on your last gateway where this queue is stuck. Indeed: our.mail.server.corp

telnet fenix.lightgaugesolutions.com 25
systechadminConsultantCommented:
the issue is lying at the recipeint end. It seems they are having DNS issues due to which emails are not being sent out. Kindly ask them to check their administrator.
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

KimputerCommented:
Since you are the one sending the emails, it's best you look into the EXACT error messages generated when your mail server drops the email. It could very well be a rejection from the other side because your IP has been blacklisted (usually the conversation will show it).
Use Wireshark on the mail server. If you send your email to your providers' SMTP server, then the problem could be there.
HaroldNetwork EngineerAuthor Commented:
choward16980:  steelnetwork.com

Amit: yes telnet works

Gaurav: I have to be able to show proof to our sales manager. How can I prove this?

Kimputer: so should I just run wireshark against SMTP protocol. Like I mentioned to Gaurav, I need proof it's not us.
Chris HInfrastructure ManagerCommented:
Your DNS records are perfect as well as their's...  You're not on any blacklists.   Do you brand or tag your emails with a signature or disclaimer?  Try sending a basic email using telnet as mentioned above and confirming with the other end if they received.
HaroldNetwork EngineerAuthor Commented:
choward16980: ya, I checked all that as well. We have signature blocks, but these are domains that have been working all along. Now boom, these returns, like above.
KimputerCommented:
Using Wireshark on the mail server and checking the SMTP conversation will definitely provide you with more info.
HaroldNetwork EngineerAuthor Commented:
I finally got this message from the Queue.

451 4.4.0 Primary target IP address responded with: "421 4.4.2 connection dropped due to SocketError." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts.

As I monitored the message I sent, it sat in the queue with the error and then there was no error and the message just sat in the queue.

How do I get the other IP information it is looking for?
KimputerCommented:
Looking at this conversation in Wireshark would still have provided more information.
This could be some MTU settings problem. See: https://support.microsoft.com/en-us/kb/314825
HaroldNetwork EngineerAuthor Commented:
Kimputer; not sure how to setup wireshark to do this but this is what I got, by pointing WS at the interface of the mail server. I see SAIA.COMs mail server IP(12.6.89.40) but also see another IP(14.29.32.154) guess it is SAIA.COM IP from China, not sure. You can see them start the communication but not sure where it fails, as the message is still sitting on our queue. It normally takes 24 hours for it to fail.
KimputerCommented:
In a command box on the mail server > Start > run > cmd
In the command box:

ping computer_name or IP_address -f -l 1472

Please post back what the system returns after this command.

Wireshark is just a normal installation on the mail server. After default installations, just start the program, click the correct NIC, set capture options to:
port 25

Then start capture.
Send email, what for a few lines to appear, then save the capture file and post it here (probably needs renaming to .txt)
HaroldNetwork EngineerAuthor Commented:
I'm assuming the remote IPs I posted above?

WS attached.

C:\Users\administrator.TSN>ping 14.29.32.154 -f -l 1472

Pinging 14.29.32.154 with 1472 bytes of data:
Reply from 14.29.32.154: bytes=1472 time=236ms TTL=113
Reply from 14.29.32.154: bytes=1472 time=235ms TTL=113
Reply from 14.29.32.154: bytes=1472 time=236ms TTL=113
Reply from 14.29.32.154: bytes=1472 time=235ms TTL=113

Ping statistics for 14.29.32.154:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 235ms, Maximum = 236ms, Average = 235ms

C:\Users\administrator.TSN>ping 12.6.89.40 -f -l 1472

Pinging 12.6.89.40 with 1472 bytes of data:
Reply from 12.6.89.40: bytes=1472 time=26ms TTL=52
Reply from 12.6.89.40: bytes=1472 time=32ms TTL=52
Reply from 12.6.89.40: bytes=1472 time=26ms TTL=52
Reply from 12.6.89.40: bytes=1472 time=26ms TTL=52

Ping statistics for 12.6.89.40:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 26ms, Maximum = 32ms, Average = 27ms
saia.com.dmp
KimputerCommented:
During the analysis, I'm assuming you never setup your TLS correctly. While this is a nice feature (data is encrypted between your mail server and the destination), I'd say, use it after you read up on it, and want to enable it (maybe start a new question later on EE).
For now, disabling it is the fastest option:
http://blogs.technet.com/b/get-exchangehelp/archive/2013/02/05/disable-opportunistic-tls-between-an-edge-server-and-a-hosted-service-such-as-exchange-online-protection.aspx

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
HaroldNetwork EngineerAuthor Commented:
Kimputer: this worked! Now, what did this actually do and do you know how I should fix what not is correct?
KimputerCommented:
It disabled using TLS when talking to servers.
To enable it, read up on it here: http://www.windowsitpro.com/exchange-server/securing-smtp-email-traffic
It will encrypt the mail conversation from your server to the next server. But since not all servers support it (which is why you had most of your emails stuck in the queue), you have to actively research which servers support it and which don't, and use two outgoing connectors (requires more work on your part). That's also besides the extra other cost (decide on self signed certificate or commercially bought I've).
HaroldNetwork EngineerAuthor Commented:
thanks
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.