I'll start with the question: how can I fix my Exchange server's new inability to connect to a remote mail server, to send mail? Now, the background...
My client's on-premise Microsoft Exchange 2010 server recently lost the ability to send mail to accounts at a domain I'll call pulp.com
. I'm trying to restore this capability. Specifically, when my client sends an email to, say, firstname.lastname@example.org, the message appears to have been sent, but some time later, my client receives a non-delivery report saying
400 4.4.7 Message delayed
My client receives several of these, spaced out by hours, as the Exchange server retries sending the email. Eventually, an NDR comes in stating
#550 4.4.7 QUEUE.Expired; message expired ##
pulp.com is fine. (The owner of pulp.com is also a client of mine, as it happens.) Messages are arriving just fine to email@example.com from other senders. Only my Exchange client is having trouble.
I checked Exchange 2010's SMTP logs for clues. Here, I found scores of entries that resemble these: (Note that I'm substituting 18.104.22.168 for pulp.com's real IP address)
2018-10-31T23:19:47.336Z 0 22.214.171.124:25 * attempting to connect
2018-10-31T23:20:08.338Z 1 126.96.36.199:25 * Failed to connect. Error Code: 10060, Error Message: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 188.8.131.52:25
So, there's a connection attempt, and 20 minutes later, an acknowledgement that it didn't work, due to the remote server not responding.
The SMTP log shows hundreds of successful connection attempts, and message transmissions, all beginning with an attempt to connect on port 25. Only pulp.com's IP address shows up in these "Failed to connect" scenarios.
The connection only started failing a few days ago. 20 hours before the first failure was the most recent successful connection attempt. A successful attempt shows up in the log like this:
Date Time Seq. # LocalEndpoint RemoteEndpoint
2018-10-31T03:43:59.225Z 0 184.108.40.206:25 * attempting to connect
2018-10-31T03:43:59.445Z 2 10.10.16.5:56137 220.127.116.11:25 < 220-mail.pulp.com ESMTP Exim 4.91 #1 Tue, 30 Oct 2018 20:43:59 -0700
2018-10-31T03:43:59.445Z 3 10.10.16.5:56137 18.104.22.168:25 < 220-We do not authorize the use of this system to transport unsolicited,
2018-10-31T03:43:59.445Z 4 10.10.16.5:56137 22.214.171.124:25 < 220 and/or bulk e-mail.
2018-10-31T03:43:59.445Z 5 10.10.16.5:56137 126.96.36.199:25 > EHLO mail.onPremExchangeClient.net
2018-10-31T03:43:59.506Z 6 10.10.16.5:56137 188.8.131.52:25 < 250-mail.pulp.com Hello mail.onPremExchangeClient.net [184.108.40.206]
2018-10-31T03:43:59.506Z 7 10.10.16.5:56137 220.127.116.11:25 < 250-SIZE 52428800
2018-10-31T03:43:59.506Z 8 10.10.16.5:56137 18.104.22.168:25 < 250-8BITMIME
2018-10-31T03:43:59.506Z 9 10.10.16.5:56137 22.214.171.124:25 < 250-PIPELINING
2018-10-31T03:43:59.506Z 10 10.10.16.5:56137 126.96.36.199:25 < 250-AUTH PLAIN LOGIN
2018-10-31T03:43:59.506Z 11 10.10.16.5:56137 188.8.131.52:25 < 250-STARTTLS
2018-10-31T03:43:59.506Z 12 10.10.16.5:56137 184.108.40.206:25 < 250 HELP
2018-10-31T03:43:59.506Z 13 10.10.16.5:56137 220.127.116.11:25 * 385863 sending message
2018-10-31T03:43:59.506Z 14 10.10.16.5:56137 18.104.22.168:25 > MAIL FROM:<client@onPremExchangeClient.net> SIZE=7949
2018-10-31T03:43:59.506Z 15 10.10.16.5:56137 22.214.171.124:25 > RCPT TO:<firstname.lastname@example.org>
2018-10-31T03:43:59.568Z 16 10.10.16.5:56137 126.96.36.199:25 < 250 OK
2018-10-31T03:43:59.568Z 17 10.10.16.5:56137 188.8.131.52:25 < 250 Accepted
2018-10-31T03:43:59.568Z 18 10.10.16.5:56137 184.108.40.206:25 > DATA
2018-10-31T03:43:59.629Z 19 10.10.16.5:56137 220.127.116.11:25 < 354 Enter message, ending with "." on a line by itself
2018-10-31T03:43:59.761Z 20 10.10.16.5:56137 18.104.22.168:25 < 250 OK id=1gHhQF-007GaQ-Dn
2018-10-31T03:43:59.761Z 21 10.10.16.5:56137 22.214.171.124:25 > QUIT
2018-10-31T03:43:59.823Z 22 10.10.16.5:56137 126.96.36.199:25 < 221 mail.pulp.com closing connection
2018-10-31T03:43:59.823Z 23 10.10.16.5:56137 188.8.131.52:25 - Local
Just to sanity check, I tried telnet on the Exchange server:
C:\>telnet mail.pulp.com 25
Connecting To mail.pulp.com...Could not open connection to the host, on port 25: Connect failed
C:\>telnet 184.108.40.206 25
Connecting To 220.127.116.11...Could not open connection to the host, on port 25: Connect failed
From any offsite location, telnet to these IPs connects fine. Sending mail to email@example.com works from any other domain I've tried.
How do I figure out why neither Exchange server's SMTP service, nor telnet, can connect to this mail server, when everyone else can?