• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 164
  • Last Modified:

Exchange 2013 400 4.4.7 Message delayed

Hello:

We just recovered yesterday from an Exchange database failure. Database was restored and most mail seems to be flowing in and out except for mail sent to a few domains. We have a 2-node DAG (EXCH01 and EXCH02) with the database currently active on EXCH01. All mail flows thru a Barracuda Spam 300 firewall and up until the recovery yesterday all the email flowed fine in both directions. Barracuda has not been touched. Delivery to a few domains is showing as delayed in the queue and is bouncing back with the message:

Diagnostic information for administrators:

Generating server: EXCH01.neweraopt.com
Receiving server: edge.receivingdomain.com (xxx.xx.xx.xxx)


users@receivingdomain.com
Remote Server at edge.receivingdomain.com (xxx.xx.xx.xxx) returned '400 4.4.7 Message delayed'
11/13/2017 8:29:42 PM - Remote Server at edge.receivingdomain.com (xxx.xx.xx.xxx) returned '451-4.4.0 Primary target IP address responded with: "554-edge2.receivingdomain.com  451 4.4.0 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was xxx.xx.xxx.xxx:25'

I have checked out MX records and they seem fine. I have also checked several blacklist sites and our domain is not listed.

If any additional info is needed please let me know. Thank you.
0
ctsuhako
Asked:
ctsuhako
  • 4
  • 4
  • 2
  • +1
2 Solutions
 
Hemil AquinoNetwork EngineerCommented:
You are having DNS issue.

login to your ECP then go to server>Servername> DNS lookup and make sure you have your internal and external DNS bind.
0
 
Hemil AquinoNetwork EngineerCommented:
In case you have that in place, then you need to delete your queue logs and restart the transport services.
0
 
ctsuhakoAuthor Commented:
Hi, Hemil:

External DNS Lookups show: "All network adapters (All available IPv4) with the Address Field empty.

Internal DNS Lookups is identical.

Thank you.

Clay
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Hemil AquinoNetwork EngineerCommented:
Clay, on the do not select all the adapters. Change it and user their respective IP, for example:

Internal DNS 192.168.1.2
External DNS 8.8.8.8

I think you get the picture.
0
 
ctsuhakoAuthor Commented:
Hi, Hemil:

Do I use Custom Settings?

I have these options:
All network adapters (All available IPv4)
HP Ethernet 1GB 2-port 361i Adapter #2
HP Ethernet 1GB 2-port 361i Adapter
Microsoft Failover Cluster Virtual Adapter
Custom Settings

For External DNS would I use out ISP settings?

Thank you again!

Clay
0
 
Hemil AquinoNetwork EngineerCommented:
You need to configure the interface and add the DNS IP
And yes for the external you can use the ISP, or google DNS
0
 
Mal OsborneAlpha GeekCommented:
"Reputation" sounds like a Cisco IronPort or some other device that keeps a database might be in use. Not quite the same as a blacklist, but similar. Check below:

https://talosintelligence.com/
0
 
ctsuhakoAuthor Commented:
Hi, Mal:

For some reason it appears that Barracuda has put us on their list (they are the only ones). Ironic, since we use Barracuda Spam Firewall, Link Balancer and Archivers. I have applied to removed. Would being on only one list cause this? The Talos search on our IP shows an email reputation of Good. Thanks.

Clay
0
 
Mal OsborneAlpha GeekCommented:
Being on Barracuda's database will cause problems with anyone else using the same database. Barracuda is a reasonably large player, so it will impact a few recipient domains.
0
 
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Refer to my comments in https://www.experts-exchange.com/questions/29036679/AWS-EC2-mail-server.html for some of the steps required for having high email deliverability.

Keep in mind each IP + each domain has an associated reputation, which is determined by age + quality of messages sent over age period.

I use to manage all my own IPs + now I use MailGun, as it's far cheaper to have them do all this work, than me.
0
 
ctsuhakoAuthor Commented:
Thanks, everyone. After further research it has been fixed. It had to do with our outbound email being sent thru our secondary ISP link instead of our primary ISP link from our Barracuda Link Balancer. I had done some testing and forgot to revert back to route outgoing thru the pirmary. Even though I had made a note to myself to change it back. I need an assistant!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now