eemmpph
asked on
Error when sending email to one particular recipient: 450 4.1.8 <Cory@mydomain2.com>: Sender address rejected: Domain not found. What is the problem?
We recently switched from an Exchange Server 2010 (on premises) to an Exchange Server 2016 (on premises).
A co-worker (Cory) is part of a group where people post messages to it, and others respond to the "posts".
Her "sent" emails to the group, are staying in our Exchange 2016 queue for 48 hours, then not delivered.
For example,
Identity: VMEXCHANGE\3\5295694675989
Subject: RE: The client's case is ready for review.
Internet Message ID: <3107f8236ceb47e8a6c96e1e1
From Address: Cory@mydomain2.com
Status: Retry
Size (KB): 16
Message Source Name: SMTP:Default VMEXCHANGE
Source IP: 192.xxx.x.xxx
SCL: -1
Date Received: 3/23/2019 4:10:24 PM
Expiration Time: 3/25/2019 4:10:24 PM
Last Error: 450 4.1.8 <Cory@mydomain2.com>: Sender address rejected: Domain not found
Queue ID: VMEXCHANGE\3
Recipients: discuss@mainstoranges.info
{LED=450 4.1.8 <Cory@mydomain2.com>: Sender address rejected: Domain not found};{MSG=};{FQDN=};{IP=
Note: We have 2 internet domains names that "point" to the same Exchange Server 2016 (mydomain1.com, mydomain2.com). Most of us in the firm use mydomain1.com (as sender and reply to address). Cory (and 4 other co-workers) use mydomain2.com (in the sender's address and in the reply to address.
What is causing the error and how can i fix it?
Error: 450 4.1.8 <Cory@mydomain2.com>: Sender address rejected: Domain not found
Thank you for your help.
A co-worker (Cory) is part of a group where people post messages to it, and others respond to the "posts".
Her "sent" emails to the group, are staying in our Exchange 2016 queue for 48 hours, then not delivered.
For example,
Identity: VMEXCHANGE\3\5295694675989
Subject: RE: The client's case is ready for review.
Internet Message ID: <3107f8236ceb47e8a6c96e1e1
From Address: Cory@mydomain2.com
Status: Retry
Size (KB): 16
Message Source Name: SMTP:Default VMEXCHANGE
Source IP: 192.xxx.x.xxx
SCL: -1
Date Received: 3/23/2019 4:10:24 PM
Expiration Time: 3/25/2019 4:10:24 PM
Last Error: 450 4.1.8 <Cory@mydomain2.com>: Sender address rejected: Domain not found
Queue ID: VMEXCHANGE\3
Recipients: discuss@mainstoranges.info
{LED=450 4.1.8 <Cory@mydomain2.com>: Sender address rejected: Domain not found};{MSG=};{FQDN=};{IP=
Note: We have 2 internet domains names that "point" to the same Exchange Server 2016 (mydomain1.com, mydomain2.com). Most of us in the firm use mydomain1.com (as sender and reply to address). Cory (and 4 other co-workers) use mydomain2.com (in the sender's address and in the reply to address.
What is causing the error and how can i fix it?
Error: 450 4.1.8 <Cory@mydomain2.com>: Sender address rejected: Domain not found
Thank you for your help.
Make sure that both domains are in the "Accepted Domains" list on your exchange server and both are "Authoritative"
ASKER
In Exchange Server 2016, navigating to: Mail Flow \ Accepted Domains
I see: Both of my domains appear as:
Name: mydomain1 Accepted Domain: mydomain1.com Domain Type: Authoritative
Name: mydomain2 Accepted Domain: mydomain2.com Domain Type: Authoritative
I see: Both of my domains appear as:
Name: mydomain1 Accepted Domain: mydomain1.com Domain Type: Authoritative
Name: mydomain2 Accepted Domain: mydomain2.com Domain Type: Authoritative
does the error occur only when sending to cory@domain2.com or when sending to anyone at domain2.com.
or is cory having the issue sending emails. I'm not completely clear on the issue.
or is cory having the issue sending emails. I'm not completely clear on the issue.
ASKER
Cory only has a problem sending email to Recipients: discuss@mainstoranges.info
She does not have a problem sending email to anyone else.
She does not have a problem sending email to anyone else.
other than cory can anyone else send successfully to that domain. its likely that either there is a typo or the recipient side may be rejecting the email. test sending from both of your domains.
have them to verify the recipient email address.
ASKER
Checking the Exchange Queue viewer: it states:
Time Tuesday, March 26, 2019 1:58:18 PM GMT-0700 (yesterday)
Sender Cory@mydomain2.com
Recipient discuss@mainstoranges.info
Email Subject RE: Frequent hospitalization
Which is still sitting in the Exchange Queue (as it retrys over a 48 hour period).
Date Received: 3/26/2019 1:58:18 PM
Expiration Time: 3/28/2019 1:58:18 PM
Last Error: 450 4.1.8 <Cory@mydomain2.com>: Sender address rejected: Domain not found
Time Tuesday, March 26, 2019 1:58:18 PM GMT-0700 (yesterday)
Sender Cory@mydomain2.com
Recipient discuss@mainstoranges.info
Email Subject RE: Frequent hospitalization
Which is still sitting in the Exchange Queue (as it retrys over a 48 hour period).
Date Received: 3/26/2019 1:58:18 PM
Expiration Time: 3/28/2019 1:58:18 PM
Last Error: 450 4.1.8 <Cory@mydomain2.com>: Sender address rejected: Domain not found
ASKER
If Cory cannot send to discuss@mainstoranges.info
I will try to send from my Iphone instead.
I will try to send from my Iphone instead.
You don't have to check from your phone, so if no one can send from your domain to that recipient then it might be something on the recipient side that is rejecting the mail. You may need to contact the recipient and have them allow the emails from your domains. Also you need to make sure that your SPF record is also correct since you changed servers and potentially IP addresses (External), but the recipient is probably rejecting the mail.
ASKER
The IP address of our new Server did change, but the IP address (from our ISP ATT Business Fiber) for our internet domain names did not change.
I will try and contact the administrator of that "group" at mainstroranges.com to see if they are blocking us for some reason.
I will try and contact the administrator of that "group" at mainstroranges.com to see if they are blocking us for some reason.
ASKER
Meaning: the internal ip address changed, but the external IP address did not change.
oh ok, if you external outbound IP addresses didnt change then your SPF record should still be ok. the recipient still needs to be contacted to see about the rejecting the mail.
ASKER
FYI:
I went to the mxtoolbox.com and selected "mx lookup" mydomain1.com
It said:
Test: Dmarc Record Published
Result: No Dmarc record found
Test: Dmarc Policy Not Enabled
Result: Dmarc quaratine/reject policy not enabled
Test: DNS record published
Result: DNS Record Found
I went to the mxtoolbox.com and selected "SPF Record Lookup" for mydomain1.com
It said:
Test: DNS Record Published
Result: DNS Record not found
- - - - - - - - - - - - - - - - - - - -
I went to the mxtoolbox.com and selected "mx lookup" mydomain2.com
It said:
Test: Dmarc Record Published
Result: No Dmarc record found
Test: Dmarc Policy Not Enabled
Result: Dmarc quaratine/reject policy not enabled
Test: DNS record published
Result: DNS Record Found
I went to the mxtoolbox.com and selected "SPF Record Lookup" for mydomain2.com
It said:
Test: DNS Record Published
Result: DNS Record not found
I went to the mxtoolbox.com and selected "mx lookup" mydomain1.com
It said:
Test: Dmarc Record Published
Result: No Dmarc record found
Test: Dmarc Policy Not Enabled
Result: Dmarc quaratine/reject policy not enabled
Test: DNS record published
Result: DNS Record Found
I went to the mxtoolbox.com and selected "SPF Record Lookup" for mydomain1.com
It said:
Test: DNS Record Published
Result: DNS Record not found
- - - - - - - - - - - - - - - - - - - -
I went to the mxtoolbox.com and selected "mx lookup" mydomain2.com
It said:
Test: Dmarc Record Published
Result: No Dmarc record found
Test: Dmarc Policy Not Enabled
Result: Dmarc quaratine/reject policy not enabled
Test: DNS record published
Result: DNS Record Found
I went to the mxtoolbox.com and selected "SPF Record Lookup" for mydomain2.com
It said:
Test: DNS Record Published
Result: DNS Record not found
ASKER
Because it's time for me to leave work, I will have to check tomorrow will the administrator who takes care of mainstroranges.com.
Thanks TimGreen7077 for taking the time to help me.
Thanks TimGreen7077 for taking the time to help me.
Those results are fine, go the the following website and test the spf record for both of your domains:
https://www.kitterman.com/spf/validate.html
Let me know the results also enjoy your evening.
https://www.kitterman.com/spf/validate.html
Let me know the results also enjoy your evening.
ASKER
I went to the kitterman.com link you provided. Here are the results for mydomain1.com and mydomain2.com
SPF record lookup and validation for: mydomain1.com
SPF records are published in DNS as TXT records.
The TXT records found for your domain are:
Checking to see if there is a valid SPF record.
No valid SPF record found of either type TXT or type SPF.
- - - -
SPF record lookup and validation for: mydomain2.com
SPF records are published in DNS as TXT records.
The TXT records found for your domain are:
Checking to see if there is a valid SPF record.
No valid SPF record found of either type TXT or type SPF.
SPF record lookup and validation for: mydomain1.com
SPF records are published in DNS as TXT records.
The TXT records found for your domain are:
Checking to see if there is a valid SPF record.
No valid SPF record found of either type TXT or type SPF.
- - - -
SPF record lookup and validation for: mydomain2.com
SPF records are published in DNS as TXT records.
The TXT records found for your domain are:
Checking to see if there is a valid SPF record.
No valid SPF record found of either type TXT or type SPF.
It looks like you don't have an spf record. you will need to create an spf record also known as a TXT record and add it to your domain registrar that also has your MX record. The company maybe rejecting if you SPF is failing their checks or requirements. I'm not saying that's the reason but it's very possible. you can see the below link to help you generate the SPF record and then you will need to add it to your external DNS, and alot of times your external DNS registrar will have a generator also.
https://www.spfwizard.net/
https://www.spfwizard.net/
ASKER
Thank you for the spfwizard.net link.
Now we're going in areas (SPF creation) I am not familiar with.
How can I tell who my external DNS registrar is?
AT&T is my internet service provider.
I know the IP address of my exchange server, and the IP address to the outside world.
Would I need 2 spf records for mydomain1.com and mydomain2.com?
Now we're going in areas (SPF creation) I am not familiar with.
How can I tell who my external DNS registrar is?
AT&T is my internet service provider.
I know the IP address of my exchange server, and the IP address to the outside world.
Would I need 2 spf records for mydomain1.com and mydomain2.com?
ASKER
My domain names are registered through network solutions.
My name server is ns1.nethere.net
My ASN is GoDaddy
My name server is ns1.nethere.net
My ASN is GoDaddy
which ever one has your MX record also create the spf record there also. SPF and TXT records are the same.
ASKER
The SPF records for both domains were created 3/28/2019.
Cory tried to send 3 different emails to discuss@mainstoranges.info
Recipients: discuss@mainstoranges.info
Cory received this message from the owner of Main Street Oranges, LLC:
Basically they are saying that they didn't find any message or attempt from Cory@mydomain2.com and they are suggesting the following:
If the sender use an antispam/antivirus he has to check at this level if there is a block.
If he doesn't use one, he has to contact his mail provider in order to make some verifications in order to know why this message has not been sent.
Cory tried to send 3 different emails to discuss@mainstoranges.info
Recipients: discuss@mainstoranges.info
Cory received this message from the owner of Main Street Oranges, LLC:
Basically they are saying that they didn't find any message or attempt from Cory@mydomain2.com and they are suggesting the following:
If the sender use an antispam/antivirus he has to check at this level if there is a block.
If he doesn't use one, he has to contact his mail provider in order to make some verifications in order to know why this message has not been sent.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Is domain1 and domain2 both on your external DNS records including the MX? It saying that "Sender address rejected: Domain not found", so it seems that the domain isn't being verified.
GoDaddy is the company that we purchase the ssl certificate for Email security. A 3rd party company actually maintains the mx entried, while GoDaddy (I believe) maintains the DNS records.
Is your exchange on-prem or hosted? Exchange Server 2016 is on premises
What are you using as a smarthost or is exchange sending straight out to the internet? We do not route mail though a smarthost - - we send mail thru mx record associated with recipient domain
Are you sending out via your ISP provider or not? No, I don't think so, but how could I know for sure?
Are you having any issues sending internal between the 2 domains? No
Note: we are only having issues, by one co-worker, sending email to dicuss@mainstoranges.info.
GoDaddy is the company that we purchase the ssl certificate for Email security. A 3rd party company actually maintains the mx entried, while GoDaddy (I believe) maintains the DNS records.
Is your exchange on-prem or hosted? Exchange Server 2016 is on premises
What are you using as a smarthost or is exchange sending straight out to the internet? We do not route mail though a smarthost - - we send mail thru mx record associated with recipient domain
Are you sending out via your ISP provider or not? No, I don't think so, but how could I know for sure?
Are you having any issues sending internal between the 2 domains? No
Note: we are only having issues, by one co-worker, sending email to dicuss@mainstoranges.info.
ok if it's that one address I would have them look on their end. it's easy for them to pass the buck, but if you are successfully sending to everyone else other than that 1 domain, the issue might be with them.
when you look at the transport queues, what does it show the next hop to be?
when you look at the transport queues, what does it show the next hop to be?
ASKER
Tim, you are far more knowledgeable than I am. How can I determine the "hops"?
In the exchange management shell run the following cmdlets and let me the results. Of course you can change the domain names.
Get-Queue -Server "exchange server" | fl identity, deliverytype, status, nexthopdomain, lasterror
If it's staying in the queue for 48hours you should see the message in the queue via powershell. I just need to see the info on that particular message.
Get-Queue -Server "exchange server" | fl identity, deliverytype, status, nexthopdomain, lasterror
If it's staying in the queue for 48hours you should see the message in the queue via powershell. I just need to see the info on that particular message.
ASKER
Hello Tim, yes, I do believe it is an DNS issue for sure. When I reread your comments and saw that you mentioned smart hosts, a light turned on in my head.
So, on mxtoolbox.com, I looked up the mx records for mainstoranges.info.
Then on Exchange Server 2016,
I opened Microsoft Exchange Server 2016 and navigated to Mail Flow -> Send Connectors.
I created a new send Connector called mainstoranges.
I added two smart host IP addresses: 270.70.178.1 and 217.70.178.215
which will route email to mainstroranges.info.
It appears that Cory is able to send email successfully.
Thanks for your excellent support Tim. I greatly appreciate it.
So, on mxtoolbox.com, I looked up the mx records for mainstoranges.info.
Then on Exchange Server 2016,
I opened Microsoft Exchange Server 2016 and navigated to Mail Flow -> Send Connectors.
I created a new send Connector called mainstoranges.
I added two smart host IP addresses: 270.70.178.1 and 217.70.178.215
which will route email to mainstroranges.info.
It appears that Cory is able to send email successfully.
Thanks for your excellent support Tim. I greatly appreciate it.
great.