Link to home
Start Free TrialLog in
Avatar of timgreen7077
timgreen7077

asked on

Exchange 2010 Hub Transport

IS there any reason my Hub transport server queues get full of emails that I'm not sending? Eventually the emails are dropped but I can have over 100 or these in a few days and if I remove them, with in a few days more will return. The Error message says "451 4.4.0 Primary target IP address responded with: 421 4.2.1 unable to connect. Attempted failover to alternate host, but did not succeed. Either there is no alternate host or delivery failed to alternate host." See attached pic.
I have used telnet to verify that I have no open relays and I also used mxtoolbox to also confirm I have no open relays. I believe this is just spam, but just trying to understand why does it seem like it's being sent from my server. This is one of the undelivered properties:

Identity: MAIL\28211\46895
Subject: Undeliverable: Tasty drink shreds extra fat
Internet Message ID: <0d77219b-56f6-4aeb-b182-cb6272d259cd@mydomainname.com>
From Address: <>
Status: Ready
Size (KB): 16
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 12/30/2015 1:21:50 PM
Expiration Time: 1/1/2016 1:21:50 PM
Last Error: 400 4.4.7 Message delayed
Queue ID: MAIL\28211
Recipients:  info@newsusapatriot3s.com;2;2;400 4.4.7 Message delayed;0;CN=Outbound Public Connector,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=alias,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=mydomainname,DC=com

I believe this mail is being caught and rejected by my Hub Transport Anti-spam. I have enabled Exchange's HT anti-spam features. Any advice would be appreciated.
Capture.PNG
Avatar of Naushad shaikh
Naushad shaikh
Flag of United States of America image

If you are not sending than you have to look for spam issue, your server is being used to send spam email to internet destination email server. There are possibility that some user account are hacked or some virus infected system in the network which is generating spam email by using local email client to send email.

SMTP error 400 4.4.7 can be mean destination email server have some problem & also mean that when recipient server is trying to reverse DNS look up for your domain  getting fail , IP of  email sending server is not matching with  MX record, hence remote recipient server is not accepting email.

In your case as you have internal spam attack, as effected user mailbox or system sending Spam email to so many fake none exist email address  hence emails are getting in retry queue for delivery.

Please try to locate internal effected user mailbox or system being used by spammer
ASKER CERTIFIED SOLUTION
Avatar of Chris
Chris
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of timgreen7077
timgreen7077

ASKER

Chris
I actually have that option checked on my recipient filter options. maybe there was an issue. I will uncheck and recheck and see if that helps. Thanks for the response and I will update.
Observed mail are stuck for valid domains as they have proper MX record. You need to export and analyze the message header to know from which address these messages were generating..

Use below command to export the message:
Export-Message -Identity  "Message Identity" |AssembleMessage -Path "c:\filename.eml"


Tahir
That corrected the issue. Thanks.