Unable to deliver message to Google..


We are using web server to send emails to different users (gmail/hotmail/yahoo and other domains). Email related to daily stock exchange rate.
Everything is working fine except few (20 out of 150) gmail user didn't receive email and we received below NDR.
Domain (exacmple: abc.com.au) is configure on Exchange server 2016. When we send those emails via exchange server we didn't face any issue but when sending via web server we received below NDR.

More Information:
Exchange server have public IP and WebServer server also have public IP. Both servers are not same network. Exchange server in office and Web server on cloud {dedicated server (VPS)}. Please review the SPF record is fine? Kindly review the attach image from mxtoolbox related to SPF record.

v=spf1 ip4:exchange public IP/27 ip4:webserver public IP mx:abc.com.au ~all

I replace the exchange public IP, Same with Webserver public IP and domain name with abc.com.au

This is an automatically generated Delivery Status Notification.
Unable to deliver message to the following recipients, due to being unable to connect successfully to the destination mail server.


2019-01-16 00:16:17 OutboundConnectionCommand SMTPSVC1 SFWEBSERVER - 25 MAIL - FROM:<user@abc.com.au>+SIZE=6949 0 0 375 - -
2019-01-16 00:16:17 OutboundConnectionResponse SMTPSVC1 SFWEBSERVER - 25 - - 250+2.1.0+OK+d19si2567563iom.84+-+gsmtp 0 0 563 - -
2019-01-16 00:16:17 OutboundConnectionCommand SMTPSVC1 SFWEBSERVER - 25 RCPT - TO:<user@gmail.com> 0 0 563 - -
2019-01-16 00:16:18 OutboundConnectionResponse SMTPSVC1 SFWEBSERVER - 25 - - 250+2.1.5+OK+d19si2567563iom.84+-+gsmtp 0 0 907 - -
2019-01-16 00:16:18 OutboundConnectionCommand SMTPSVC1 SFWEBSERVER - 25 BDAT - 6949+LAST 0 0 907 - -
2019-01-16 00:16:18 OutboundConnectionResponse SMTPSVC1 SFWEBSERVER - 25 - - 421-4.7.0+This+message+does+not+have+authentication+information+or+fails+to+pass 0 0 1313 - -
2019-01-16 00:16:18 OutboundConnectionResponse SMTPSVC1 SFWEBSERVER - 25 - - 421-4.7.0+This+message+does+not+have+authentication+information+or+fails+to+pass 0 0 1968 - -

Open in new window

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

what email domain (from address) you used to send emails from web server?
It should be same as one you have on exchange 2016 server, else error is expected
Also do web server forward emails directly to gmail ID or it is forwarding email to another smart hosts, in that case smart host also need to be included in SPF record

Further check if web server public IP is not blacklisted
Are you signing outbound mail with DKIM?  If so, is your key length greater than 512?
GeforceAuthor Commented:
Hi Mahesh,

Thanks for the reply. Yes from address is domain address that is info@abc.com.au (I replace actual domain name with abc).
Emails directly forward to Gmail. There is no smart host.
web server public IP is not blacklisted.
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

GeforceAuthor Commented:
We are not signing outbound mail with DKIM. We didn't configure DKIM.
can you send one test email from exchange server to gmail ID and post gmail header here

also paste here complete NDR you received when you send email from web server to troubleshoot further
GeforceAuthor Commented:
In Exchange server we are using smart host (barracuda). This is the complete NDR that I received. Email remain in the Queue and finally received the NDR.  Please review the logs that i posted above so you will get the idea. Also not all email to Google are failed. 20-25 emails are Failed.
I that case why you relay emails from web server to your onpremise exchange server and from there it will go to gmail, this way unauthenticated traffic don't flow to gmail from web server and all emails will reach to gmail

For that to work, you do need to create externally secured receive connector on exchange and allow *only* specific web server IP to accept emails from web server, remove all other networks, otherwise it will be an open relay
GeforceAuthor Commented:

It seems like that you don't understand my query. I apologize that I didn't explain properly.
Here is the structure of my emails with Exchange and Web server.
In Exchange Server:
In Web Server:
Webserver-->Google : No relay and from address in "info@domain.com.au"
I am not relay emails from web server to my onpremise exchange server.
I know that

I am suggesting you to do that and send emails to gmail

The benefit is only Exchange server will be responsible to send emails to gmail and eventually solve problem
flow would be:
Web server-->Exchange-->Barracuda-->Google
GeforceAuthor Commented:

I resolved the issue. I used Barracuda SMTP in web server. Now all emails are going with BC.

Thanks guys for help.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.