Error when sending email to one particular recipient:  450 4.1.8 <Cory@mydomain2.com>: Sender address rejected: Domain not found.  What is the problem?

eemmpph
eemmpph used Ask the Experts™
on
We recently switched from an Exchange Server 2010 (on premises) to an Exchange Server 2016 (on premises).

A co-worker (Cory) is part of a group where people post messages to it, and others respond to the "posts".
Her "sent" emails to the group, are staying in our Exchange 2016 queue for 48 hours, then not delivered.

For example,

Identity: VMEXCHANGE\3\5295694675989
Subject: RE: The client's case is ready for review.
Internet Message ID: <3107f8236ceb47e8a6c96e1e1d3@mydomain2.com>

From Address: Cory@mydomain2.com
Status: Retry
Size (KB): 16
Message Source Name: SMTP:Default VMEXCHANGE

Source IP: 192.xxx.x.xxx
SCL: -1

Date Received: 3/23/2019 4:10:24 PM
Expiration Time: 3/25/2019 4:10:24 PM

Last Error: 450 4.1.8 <Cory@mydomain2.com>: Sender address rejected: Domain not found
Queue ID: VMEXCHANGE\3

Recipients:  discuss@mainstoranges.info;3;2;
{LED=450 4.1.8 <Cory@mydomain2.com>: Sender address rejected: Domain not found};{MSG=};{FQDN=};{IP=}; LRT=}];0;CN=Default,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=TD,DC=local;0

Note:  We have 2 internet domains names that "point" to the same Exchange Server 2016 (mydomain1.com, mydomain2.com).  Most of us in the firm use mydomain1.com (as sender and reply to address).  Cory (and 4 other co-workers) use mydomain2.com (in the sender's address and in the reply to address.

What is causing the error and how can i fix it?
Error: 450 4.1.8 <Cory@mydomain2.com>: Sender address rejected: Domain not found

Thank you for your help.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
timgreen7077Exchange Engineer
Distinguished Expert 2018

Commented:
Make sure that both domains are in the "Accepted Domains" list on your exchange server and both are "Authoritative"

Author

Commented:
In Exchange Server 2016, navigating to:  Mail Flow \ Accepted Domains

I see:  Both of my domains appear as:

Name:  mydomain1     Accepted Domain:  mydomain1.com    Domain Type:  Authoritative
Name:  mydomain2     Accepted Domain:  mydomain2.com    Domain Type:  Authoritative
timgreen7077Exchange Engineer
Distinguished Expert 2018

Commented:
does the error occur only when sending to cory@domain2.com or when sending to anyone at domain2.com.

or is cory having the issue sending emails. I'm not completely clear on the issue.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Cory only has a problem sending email to Recipients:  discuss@mainstoranges.info

She does not have a problem sending email to anyone else.
timgreen7077Exchange Engineer
Distinguished Expert 2018

Commented:
other than cory can anyone else send successfully to that domain. its likely that either there is a typo or the recipient side may be rejecting the email. test sending from both of your domains.
timgreen7077Exchange Engineer
Distinguished Expert 2018

Commented:
have them to verify the recipient email address.

Author

Commented:
Checking the Exchange Queue viewer:  it states:

Time       Tuesday, March 26, 2019 1:58:18 PM GMT-0700 (yesterday)
Sender      Cory@mydomain2.com
Recipient      discuss@mainstoranges.info
Email Subject      RE: Frequent hospitalization

Which is still sitting in the Exchange Queue (as it retrys over a 48 hour period).
Date Received: 3/26/2019 1:58:18 PM
Expiration Time: 3/28/2019 1:58:18 PM
Last Error: 450 4.1.8 <Cory@mydomain2.com>: Sender address rejected: Domain not found

Author

Commented:
If Cory cannot send to discuss@mainstoranges.info, then I cannot either, because it will get stuck in the queue for 48 hours.

I will try to send from my Iphone instead.
timgreen7077Exchange Engineer
Distinguished Expert 2018

Commented:
You don't have to check from your phone, so if no one can send from your domain to that recipient then it might be something on the recipient side that is rejecting the mail. You may need to contact the recipient and have them allow the emails from your domains. Also you need to make sure that your SPF record is also correct since you changed servers and potentially IP addresses (External), but the recipient is probably rejecting the mail.

Author

Commented:
The IP address of our new Server did change, but the IP address (from our ISP ATT Business Fiber) for our internet domain names did not change.

I will try and contact the administrator of that "group" at mainstroranges.com to see if they are blocking us for some reason.

Author

Commented:
Meaning:  the internal ip address changed, but the external IP address did not change.
timgreen7077Exchange Engineer
Distinguished Expert 2018

Commented:
oh ok, if you external outbound IP addresses didnt change then your SPF record should still be ok. the recipient still needs to be contacted to see about the rejecting the mail.

Author

Commented:
FYI:

I went to the mxtoolbox.com and selected "mx lookup" mydomain1.com
It said:
Test:  Dmarc Record Published
Result:  No Dmarc record found
Test:  Dmarc Policy  Not Enabled
Result:  Dmarc quaratine/reject policy not enabled
Test:  DNS record published
Result:  DNS Record Found

I went to the mxtoolbox.com and selected "SPF Record Lookup" for mydomain1.com
It said:
Test:  DNS Record Published
Result:  DNS Record not found

- - - - - - - - - - - - - - - - - - - -

I went to the mxtoolbox.com and selected "mx lookup" mydomain2.com

It said:
Test:  Dmarc Record Published
Result:  No Dmarc record found
Test:  Dmarc Policy  Not Enabled
Result:  Dmarc quaratine/reject policy not enabled
Test:  DNS record published
Result:  DNS Record Found

I went to the mxtoolbox.com and selected "SPF Record Lookup" for mydomain2.com
It said:
Test:  DNS Record Published
Result:  DNS Record not found

Author

Commented:
Because it's time for me to leave work, I will have to check tomorrow will the administrator who takes care of mainstroranges.com.

Thanks TimGreen7077 for taking the time to help me.
timgreen7077Exchange Engineer
Distinguished Expert 2018

Commented:
Those results are fine, go the the following website and test the spf record for both of your domains:

https://www.kitterman.com/spf/validate.html


Let me know the results also enjoy your evening.

Author

Commented:
I went to the kitterman.com link you provided.  Here are the results for mydomain1.com and mydomain2.com

SPF record lookup and validation for: mydomain1.com
SPF records are published in DNS as TXT records.

The TXT records found for your domain are:

Checking to see if there is a valid SPF record.
No valid SPF record found of either type TXT or type SPF.

- - - -

SPF record lookup and validation for: mydomain2.com
SPF records are published in DNS as TXT records.

The TXT records found for your domain are:

Checking to see if there is a valid SPF record.
No valid SPF record found of either type TXT or type SPF.
timgreen7077Exchange Engineer
Distinguished Expert 2018

Commented:
It looks like you don't have an spf record. you will need to create an spf record also known as a TXT record and add it to your domain registrar that also has your MX record. The company maybe rejecting if you SPF is failing their checks or requirements. I'm not saying that's the reason but it's very possible. you can see the below link to help you generate the SPF record and then you will need to add it to your external DNS, and alot of times your external DNS registrar will have a generator also.

https://www.spfwizard.net/

Author

Commented:
Thank you for the spfwizard.net link.

Now we're going in areas (SPF creation) I am not familiar with.

How can I tell who my external DNS registrar is?

AT&T is my internet service provider.

I know the IP address of my exchange server, and the IP address to the outside world.

Would I need 2 spf records for mydomain1.com and mydomain2.com?

Author

Commented:
My domain names are registered through network solutions.
My name server is ns1.nethere.net
My ASN is GoDaddy
timgreen7077Exchange Engineer
Distinguished Expert 2018

Commented:
which ever one has your MX record also create the spf record there also. SPF and TXT records are the same.

Author

Commented:
The SPF records for both domains were created 3/28/2019.

Cory tried to send 3 different emails to discuss@mainstoranges.info.  All are sitting in the Queue viewer for the next 48 hours

Recipients:  discuss@mainstoranges.info;3;2;[{LED=450 4.1.8 <Cory@mydomain2.com>: Sender address rejected: Domain not found};{MSG=};{FQDN=};{IP=};{LRT=}];0;CN=Default,CN=Connections,CN=Exchange Routing Group (DWBGZMFD01QNBJR),CN=Routing Groups,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=TD,DC=local;0


Cory received this message from the owner of Main Street Oranges, LLC:

Basically they are saying that they didn't find any message or attempt from Cory@mydomain2.com  and they are suggesting the following:

     If the sender use an antispam/antivirus he has to check at this level if there is a block.

     If he doesn't use one, he has to contact his mail provider in order to make some verifications in order to know why this message has not been sent.
Exchange Engineer
Distinguished Expert 2018
Commented:
Is domain1 and domain2 both on your external DNS records including the MX? It saying that "Sender address rejected: Domain not found", so it seems that the domain isn't being verified.

Is your exchange on-prem or hosted?
What are you using as a smarthost or is exchange sending straight out to the internet?
Are you sending out via your ISP provider or not?
Are you having any issues sending internal between the 2 domains?

Author

Commented:
Is domain1 and domain2 both on your external DNS records including the MX? It saying that "Sender address rejected: Domain not found", so it seems that the domain isn't being verified.  

GoDaddy is the company that we purchase the ssl certificate for Email security.  A 3rd party company actually maintains the mx entried, while GoDaddy (I believe) maintains the DNS records.



Is your exchange on-prem or hosted?      Exchange Server 2016 is on premises

What are you using as a smarthost or is exchange sending straight out to the internet?   We do not route mail though a smarthost - - we send mail thru mx record associated with recipient domain

Are you sending out via your ISP provider or not?  No, I don't think so, but how could I know for sure?

Are you having any issues sending internal between the 2 domains?     No

Note:  we are only having issues, by one co-worker, sending email to dicuss@mainstoranges.info.  No one in our firm has a problem sending / receiving email (other than Cory to that one email address.
timgreen7077Exchange Engineer
Distinguished Expert 2018

Commented:
ok if it's that one address I would have them look on their end. it's easy for them to pass the buck, but if you are successfully sending to everyone else other than that 1 domain, the issue might be with them.

when you look at the transport queues, what does it show the next hop to be?

Author

Commented:
Tim, you are far more knowledgeable than I am.  How can I determine the "hops"?
timgreen7077Exchange Engineer
Distinguished Expert 2018

Commented:
In the exchange management shell run the following cmdlets and let me the results. Of course you can change the domain names.

Get-Queue -Server "exchange server" | fl identity, deliverytype, status, nexthopdomain, lasterror

If it's staying in the queue for 48hours you should see the message in the queue via powershell. I just need to see the info on that particular message.

Author

Commented:
Hello Tim, yes, I do believe it is an DNS issue for sure.  When I reread your comments and saw that you mentioned smart hosts, a light turned on in my head.

So, on mxtoolbox.com, I looked up the mx records for mainstoranges.info.

Then on Exchange Server 2016,
                I opened Microsoft Exchange Server 2016 and navigated to Mail Flow -> Send Connectors.

I created a new send Connector called mainstoranges.
               I added two smart host IP addresses:  270.70.178.1 and 217.70.178.215
                which will route email to mainstroranges.info.

                It appears that Cory is able to send email successfully.

Thanks for your excellent support Tim.  I greatly appreciate it.
timgreen7077Exchange Engineer
Distinguished Expert 2018

Commented:
great.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial