Avatar of timgreen7077
 asked on

Exchange 2010 Hub Transport

IS there any reason my Hub transport server queues get full of emails that I'm not sending? Eventually the emails are dropped but I can have over 100 or these in a few days and if I remove them, with in a few days more will return. The Error message says "451 4.4.0 Primary target IP address responded with: 421 4.2.1 unable to connect. Attempted failover to alternate host, but did not succeed. Either there is no alternate host or delivery failed to alternate host." See attached pic.
I have used telnet to verify that I have no open relays and I also used mxtoolbox to also confirm I have no open relays. I believe this is just spam, but just trying to understand why does it seem like it's being sent from my server. This is one of the undelivered properties:

Identity: MAIL\28211\46895
Subject: Undeliverable: Tasty drink shreds extra fat
Internet Message ID: <0d77219b-56f6-4aeb-b182-cb6272d259cd@mydomainname.com>
From Address: <>
Status: Ready
Size (KB): 16
Message Source Name: DSN
Source IP:
SCL: -1
Date Received: 12/30/2015 1:21:50 PM
Expiration Time: 1/1/2016 1:21:50 PM
Last Error: 400 4.4.7 Message delayed
Queue ID: MAIL\28211
Recipients:  info@newsusapatriot3s.com;2;2;400 4.4.7 Message delayed;0;CN=Outbound Public Connector,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=alias,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mydomainname,DC=com

I believe this mail is being caught and rejected by my Hub Transport Anti-spam. I have enabled Exchange's HT anti-spam features. Any advice would be appreciated.

Avatar of undefined
Last Comment

8/22/2022 - Mon
Naushad shaikh

If you are not sending than you have to look for spam issue, your server is being used to send spam email to internet destination email server. There are possibility that some user account are hacked or some virus infected system in the network which is generating spam email by using local email client to send email.

SMTP error 400 4.4.7 can be mean destination email server have some problem & also mean that when recipient server is trying to reverse DNS look up for your domain  getting fail , IP of  email sending server is not matching with  MX record, hence remote recipient server is not accepting email.

In your case as you have internal spam attack, as effected user mailbox or system sending Spam email to so many fake none exist email address  hence emails are getting in retry queue for delivery.

Please try to locate internal effected user mailbox or system being used by spammer

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

I actually have that option checked on my recipient filter options. maybe there was an issue. I will uncheck and recheck and see if that helps. Thanks for the response and I will update.
Mohammed Tahir

Observed mail are stuck for valid domains as they have proper MX record. You need to export and analyze the message header to know from which address these messages were generating..

Use below command to export the message:
Export-Message -Identity  "Message Identity" |AssembleMessage -Path "c:\filename.eml"

I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck

That corrected the issue. Thanks.