Unable to deliver message to Google..

Geforce
Geforce used Ask the Experts™
on
Hi,

We are using web server to send emails to different users (gmail/hotmail/yahoo and other domains). Email related to daily stock exchange rate.
Everything is working fine except few (20 out of 150) gmail user didn't receive email and we received below NDR.
Domain (exacmple: abc.com.au) is configure on Exchange server 2016. When we send those emails via exchange server we didn't face any issue but when sending via web server we received below NDR.

More Information:
Exchange server have public IP and WebServer server also have public IP. Both servers are not same network. Exchange server in office and Web server on cloud {dedicated server (VPS)}. Please review the SPF record is fine? Kindly review the attach image from mxtoolbox related to SPF record.

v=spf1 ip4:exchange public IP/27 ip4:webserver public IP mx:abc.com.au ~all

Note:
I replace the exchange public IP, Same with Webserver public IP and domain name with abc.com.au

NDR:
This is an automatically generated Delivery Status Notification.
Unable to deliver message to the following recipients, due to being unable to connect successfully to the destination mail server.
user@gmail.com

Logs:

2019-01-16 00:16:17 74.125.129.26 OutboundConnectionCommand SMTPSVC1 SFWEBSERVER - 25 MAIL - FROM:<user@abc.com.au>+SIZE=6949 0 0 375 - -
2019-01-16 00:16:17 74.125.129.26 OutboundConnectionResponse SMTPSVC1 SFWEBSERVER - 25 - - 250+2.1.0+OK+d19si2567563iom.84+-+gsmtp 0 0 563 - -
2019-01-16 00:16:17 74.125.129.26 OutboundConnectionCommand SMTPSVC1 SFWEBSERVER - 25 RCPT - TO:<user@gmail.com> 0 0 563 - -
2019-01-16 00:16:18 74.125.129.26 OutboundConnectionResponse SMTPSVC1 SFWEBSERVER - 25 - - 250+2.1.5+OK+d19si2567563iom.84+-+gsmtp 0 0 907 - -
2019-01-16 00:16:18 74.125.129.26 OutboundConnectionCommand SMTPSVC1 SFWEBSERVER - 25 BDAT - 6949+LAST 0 0 907 - -
2019-01-16 00:16:18 74.125.129.26 OutboundConnectionResponse SMTPSVC1 SFWEBSERVER - 25 - - 421-4.7.0+This+message+does+not+have+authentication+information+or+fails+to+pass 0 0 1313 - -
2019-01-16 00:16:18 108.177.104.26 OutboundConnectionResponse SMTPSVC1 SFWEBSERVER - 25 - - 421-4.7.0+This+message+does+not+have+authentication+information+or+fails+to+pass 0 0 1968 - -

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
MaheshArchitect
Distinguished Expert 2018

Commented:
what email domain (from address) you used to send emails from web server?
It should be same as one you have on exchange 2016 server, else error is expected
Also do web server forward emails directly to gmail ID or it is forwarding email to another smart hosts, in that case smart host also need to be included in SPF record

Further check if web server public IP is not blacklisted
Top Expert 2014

Commented:
Are you signing outbound mail with DKIM?  If so, is your key length greater than 512?

Author

Commented:
Hi Mahesh,

Thanks for the reply. Yes from address is domain address that is info@abc.com.au (I replace actual domain name with abc).
Emails directly forward to Gmail. There is no smart host.
web server public IP is not blacklisted.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
We are not signing outbound mail with DKIM. We didn't configure DKIM.
MaheshArchitect
Distinguished Expert 2018

Commented:
can you send one test email from exchange server to gmail ID and post gmail header here

also paste here complete NDR you received when you send email from web server to troubleshoot further

Author

Commented:
In Exchange server we are using smart host (barracuda). This is the complete NDR that I received. Email remain in the Queue and finally received the NDR.  Please review the logs that i posted above so you will get the idea. Also not all email to Google are failed. 20-25 emails are Failed.
MaheshArchitect
Distinguished Expert 2018

Commented:
I that case why you relay emails from web server to your onpremise exchange server and from there it will go to gmail, this way unauthenticated traffic don't flow to gmail from web server and all emails will reach to gmail

For that to work, you do need to create externally secured receive connector on exchange and allow *only* specific web server IP to accept emails from web server, remove all other networks, otherwise it will be an open relay

Author

Commented:
Mahesh,

It seems like that you don't understand my query. I apologize that I didn't explain properly.
Here is the structure of my emails with Exchange and Web server.
In Exchange Server:
Exchange-->Barracuda-->Google
In Web Server:
Webserver-->Google : No relay and from address in "info@domain.com.au"
I am not relay emails from web server to my onpremise exchange server.
MaheshArchitect
Distinguished Expert 2018

Commented:
I know that

I am suggesting you to do that and send emails to gmail

The benefit is only Exchange server will be responsible to send emails to gmail and eventually solve problem
MaheshArchitect
Distinguished Expert 2018

Commented:
flow would be:
Web server-->Exchange-->Barracuda-->Google
Commented:
Hi,

I resolved the issue. I used Barracuda SMTP in web server. Now all emails are going with BC.

Thanks guys for help.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial