asked on
Exchange 2010 Hub Transport
IS there any reason my Hub transport server queues get full of emails that I'm not sending? Eventually the emails are dropped but I can have over 100 or these in a few days and if I remove them, with in a few days more will return. The Error message says "451 4.4.0 Primary target IP address responded with: 421 4.2.1 unable to connect. Attempted failover to alternate host, but did not succeed. Either there is no alternate host or delivery failed to alternate host." See attached pic.
I have used telnet to verify that I have no open relays and I also used mxtoolbox to also confirm I have no open relays. I believe this is just spam, but just trying to understand why does it seem like it's being sent from my server. This is one of the undelivered properties:
Identity: MAIL\28211\46895
Subject: Undeliverable: Tasty drink shreds extra fat
Internet Message ID: <0d77219b-56f6-4aeb-b182-c
From Address: <>
Status: Ready
Size (KB): 16
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 12/30/2015 1:21:50 PM
Expiration Time: 1/1/2016 1:21:50 PM
Last Error: 400 4.4.7 Message delayed
Queue ID: MAIL\28211
Recipients: info@newsusapatriot3s.com;
I believe this mail is being caught and rejected by my Hub Transport Anti-spam. I have enabled Exchange's HT anti-spam features. Any advice would be appreciated.
Capture.PNG
I have used telnet to verify that I have no open relays and I also used mxtoolbox to also confirm I have no open relays. I believe this is just spam, but just trying to understand why does it seem like it's being sent from my server. This is one of the undelivered properties:
Identity: MAIL\28211\46895
Subject: Undeliverable: Tasty drink shreds extra fat
Internet Message ID: <0d77219b-56f6-4aeb-b182-c
From Address: <>
Status: Ready
Size (KB): 16
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 12/30/2015 1:21:50 PM
Expiration Time: 1/1/2016 1:21:50 PM
Last Error: 400 4.4.7 Message delayed
Queue ID: MAIL\28211
Recipients: info@newsusapatriot3s.com;
I believe this mail is being caught and rejected by my Hub Transport Anti-spam. I have enabled Exchange's HT anti-spam features. Any advice would be appreciated.
Capture.PNG
Exchange
Last Comment
timgreen7077
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Chris
I actually have that option checked on my recipient filter options. maybe there was an issue. I will uncheck and recheck and see if that helps. Thanks for the response and I will update.
I actually have that option checked on my recipient filter options. maybe there was an issue. I will uncheck and recheck and see if that helps. Thanks for the response and I will update.
Observed mail are stuck for valid domains as they have proper MX record. You need to export and analyze the message header to know from which address these messages were generating..
Use below command to export the message:
Export-Message -Identity "Message Identity" |AssembleMessage -Path "c:\filename.eml"
Tahir
Use below command to export the message:
Export-Message -Identity "Message Identity" |AssembleMessage -Path "c:\filename.eml"
Tahir
ASKER
That corrected the issue. Thanks.
SMTP error 400 4.4.7 can be mean destination email server have some problem & also mean that when recipient server is trying to reverse DNS look up for your domain getting fail , IP of email sending server is not matching with MX record, hence remote recipient server is not accepting email.
In your case as you have internal spam attack, as effected user mailbox or system sending Spam email to so many fake none exist email address hence emails are getting in retry queue for delivery.
Please try to locate internal effected user mailbox or system being used by spammer