Link to home
Start Free TrialLog in
Avatar of CZ_BERT
CZ_BERTFlag for Australia

asked on

SBS 2011 Queue Viewer error 451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect."...

I had this question after viewing 451 4.4.0 Primary Target IP address responded 421 4.2.1 unable to connect..

I am running SBS 2011 with Exchange 2010. Users experiencing email delays and some bounce back. In the Queue Viewer there are a list of domains keep retry and keep getting above errors. What it could be? Could be a malware on the server or on one of the domain user PC/device?  

Much appreciated if anyone can provide some solutions.
QueueViewer.jpg
Avatar of Andy M
Andy M
Flag of United Kingdom of Great Britain and Northern Ireland image

Looking at the information provided I would be tempted to say the issue appears to be DNS related. Check your DNS settings on the server - what forwarders it is using? You could also try an nslookup from your server to see if you can resolve the MX records for the 3rd party domains and see if your server can manually connect to them using Telnet.
Avatar of Pune Tech
Pune Tech

Your server is open relay and due to open relay your server is sending spam mails to outside domain so your server is blacklisted by other server on internet.

Now first you can go to mxtoolbox.com and run blacklist test and check which domain has blacklisted your IP address accordingly go to third website and send blacklist removal requests.

Also you need to check and block open relay of your server go to my toolbox.com run SMTP test and make sure your server is not open relay.
If your IP Address is blacklist then other domain will not accept your e-mail until this issue gets resolved.
Avatar of CZ_BERT

ASKER

Thank you so much guys. Pune mentioned that it could be some spam sending bug in the network nodes. I have checked with all users. No one was sending email to those blocked domains. So I removed those from the queue. It appears all normal now. The mxtoolbox blacklist check are all passed. The server looks back to normal. I will keep an eye on it and give my updates. Thank you for all your help.
Just last thing you need to check is open relay

Please go to following URL and run test make sure your server is not open relay

http://www.mailradar.com/openrelay/

If your server is open relay than spammers will be able to use your server to send spam mails.

If server is not an open relay than all is good.
Avatar of CZ_BERT

ASKER

Thank you Pune. I tested with mailradar. It appears ok. See the attachment.  Hang on, I was about to say "everything seems ok" till I see this again (see the attachment QueueView1). The same blocked messages comeback again! Do you think the server could be infected or some nodes on the domain network could be a problem?
Sounds like something is trying to send spam emails through your email server. If you click onto the queues and drill down into the messages do they show who sent the email? (If it's an internal address it may give you an idea of which computer/device is sending the emails).

It would be worth running anti-virus and malware checks on all servers and computers/devices with access to the SBS to see if anything is running on them.
Checked attachment found all recipient domain name are invalid (airtel.i n,airtelbroadband.in).

Now as suggested by Andy double click on emails which are stuck on queue viewer and check who is sender and IP address and accordingly check that computer for viruses.
Avatar of CZ_BERT

ASKER

Thank you Andy and Pune. Following are the property of some of those QueueViewer message.

**************************************************************************
Identity: BIMP-SERVER\13896\35620
Subject: Undeliverable: Order #6737417
Internet Message ID: <736df9b2-c11a-4a68-9b59-5a49cea2d720@bimp.local>
From Address: <>
Status: Ready
Size (KB): 10
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 24/11/2016 8:52:42 PM
Expiration Time: 26/11/2016 8:52:42 PM
Last Error: 400 4.4.7 Message delayed
Queue ID: BIMP-SERVER\13896
Recipients:  Summers.Maria@165084167201.ctinets.com;2;2;400 4.4.7 Message delayed;0;CN=Windows SBS Internet Send BIMP-SERVER,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=bimp,DC=local

********************************************************************************************
Identity: BIMP-SERVER\13927\35717
Subject: Undeliverable: Order #4699703
Internet Message ID: <35ccdc95-9b39-4f84-9994-53da459a5885@bimp.local>
From Address: <>
Status: Ready
Size (KB): 10
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 24/11/2016 10:17:53 PM
Expiration Time: 26/11/2016 10:17:53 PM
Last Error: 400 4.4.7 Message delayed
Queue ID: BIMP-SERVER\13927
Recipients:  Cross.Emmanuel@airtel.in;2;2;400 4.4.7 Message delayed;0;CN=Windows SBS Internet Send BIMP-SERVER,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=bimp,DC=local

*********************************************************************************
Identity: BIMP-SERVER\14033\36046
Subject: Undeliverable: It Is Important
Internet Message ID: <0931a1bf-d35f-49de-adcb-4d54050f1159@bimp.local>
From Address: <>
Status: Ready
Size (KB): 11
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 25/11/2016 8:21:31 AM
Expiration Time: 27/11/2016 8:21:31 AM
Last Error:
Queue ID: BIMP-SERVER\14033
Recipients:  Montoya.Latisha@airtelbroadband.in;2;2;;0;CN=Windows SBS Internet Send BIMP-SERVER,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=bimp,DC=local

****************************************************************************************
Identity: BIMP-SERVER\14017\35999
Subject: Undeliverable: It Is Important
Internet Message ID: <403dfcc3-e474-4598-89b3-615f29be2f31@bimp.local>
From Address: <>
Status: Ready
Size (KB): 10
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 25/11/2016 7:52:38 AM
Expiration Time: 27/11/2016 7:52:38 AM
Last Error:
Queue ID: BIMP-SERVER\14017
Recipients:  Mcclure.Myra@alshamil.net.ae;2;2;;0;CN=Windows SBS Internet Send BIMP-SERVER,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=bimp,DC=local

*******************************************************************************************
Identity: BIMP-SERVER\13942\35765
Subject: Undeliverable: Order #2498694
Internet Message ID: <ecb13ef7-71b5-4ac2-a444-4538f518cfec@bimp.local>
From Address: <>
Status: Ready
Size (KB): 10
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 24/11/2016 11:02:55 PM
Expiration Time: 26/11/2016 11:02:55 PM
Last Error: 400 4.4.7 Message delayed
Queue ID: BIMP-SERVER\13942
Recipients:  Ayala.Beatriz@brasiltelecom.net.br;2;2;400 4.4.7 Message delayed;0;CN=Windows SBS Internet Send BIMP-SERVER,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=bimp,DC=local

It looks like the server is generating the spam emails. Would you be able to advise me some suggestions of how to fix this? Thank you so much.
If you can't specifically locate which system is sending the emails the recommended solution would be anti-virus / anti-malware scans on all systems that use that server. Start with the server itself and if those scans are clean, get scans done on all workstations.
Avatar of CZ_BERT

ASKER

Thank you Andy. I'll do that and give the updates.
ASKER CERTIFIED SOLUTION
Avatar of Pune Tech
Pune Tech

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of CZ_BERT

ASKER

Hi Pune,

Thank you for the solution. It worked! I checked Hub Transport-Anti-spam setting. For some reason the Recipient Filtering was disabled. It causes the spams generated from the server probably. After enable the Recipient Filtering and make sure tick "Block messages sent to recipients that do not exist in the directory" the problem solved. I attach the screen shots of the Anti-spam setting. Let me know if you reckon there are anything needs to be checked further. Thanks again for your help!
Please keep us posted.