<div>
When i telnet to the failed servers on port 25, most of the time it gives the error above, but sometimes connection succeeds!<br />
Can this be something related to the ISP?
</div>


<div>
Mail sending is far more complex than most people imagine.<br />
<br />
<u><a href="https://www.experts-exchange.com/questions/29165628/Sending-Email-by-getting-email-address-from-database.html" rel="ugc">https://www.experts-exchange.com/questions/29165628/Sending-Email-by-getting-email-address-from-database.html</a></u> provides a bare minimum of setup steps required, to enable you to send email + actually have it delivered in a reliable manner.<br />
<br />
If only one site drops connections with an occasional 421, then one site has a problem.<br />
<br />
If many sites drop connections to your IP with a 421, likely you've missed some setup step out of the URL provided.
</div>


<div>
Tip: For best assistance, provide your actual domain + also the sending IP (or IP range) having problems.<br />
<br />
Or you can just go through the URL provided above + ensure all the items on this minimal list are setup correctly.
</div>


<div>
email was working perfectly since 1 year, this only started few days ago. I ca categorize emails to 3 cats:<br />
1- domains that never receive my emails (this include gmail.com)<br />
2- domains that receive my emails after 5-12 hours (this include yahoo.com)<br />
3- domain that receive my emails normally (this include outlook.com)<br />
<br />
With Yahoo and others similar, when I connect using telnet mail.yahoo.com 25, most of the time I get the error, but after almost 10-20 attempts it is accepted.<br />
<br />
I will go thru the provided link..
</div>


<div>
This might mean Verizon (owns Yahoo + AOL email) has updated to require TLS to connect to it's servers + a few are broken, still allowing port 25 connection. Unsure as Oath rarely states how their tech works.<br />
<br />
Several things to note.<br />
<br />
1) The lookup you're doing returns many IPs...<br />
<br />
i
<pre><code class="code-1 nolinks" id="code-20-43005293-1"><span>mac&gt; dig +short yahoo.com mx</span>
<span>1 mta6.am0.yahoodns.net.</span>
<span>1 mta7.am0.yahoodns.net.</span>
<span>1 mta5.am0.yahoodns.net.</span>
</code></pre>
<br />
2) Best test each of these in turn.<br />
<br />
Note: This IP list rotates every few minutes.<br />
<br />
Note: When I telnet to port 25 of any of the above IPs, all IPs connect...<br />
<br />
3) Likely best to configure your MTA to attempt an opportunistic TLS connection first, then fall back to non-TLS connection.<br />
<br />
Looking at my Oath related logs, all connections occur via opportunistic TLS.<br />
<br />
4) Just because email has worked before, does not mean it will every work again.<br />
<br />
With email, you start over every day.<br />
<br />
This is why many people use a relay service like <u><a href="https://MailGun.com" rel="ugc">https://MailGun.com</a></u> as MailGun handles tracking + fixing delivery problems... which is expensive... dividing the cost across many clients.
</div>


<div>
The issue since yesterday is getting worse, now unable to send to almost any domain. Same error always:<br />
421 service not available (connection refused, generic failure)
</div>


<div>
By pass sophos and use exchange server public IP to send a test email using telnet and see if that gets delivered.
</div>


<div>
Already did that - same error<br />
I tried using telnet on port 25 and getting same error instantly.
</div>


<div>
Modified my comment above, as I'd done an A record lookup, rather than MX record lookup.<br />
<br />
All Yahoo MX records pickup for me when I connect using telnet.<br />
<br />
So the problem might be your ISP, as many ISPs block all outgoing port 25 mail submissions now because Windows machines are so easily hacked, then used in Bot Farms to send spam.<br />
<br />
Could also be your sending IP or domain is blacklisted.<br />
<br />
1) To test for ISP blocks, just pick any other random SMTP server + attempt a connection, like...<br />
<br />

<pre><code class="code-1 nolinks" id="code-20-43009144-1"><span>telnet aspmx.l.google.com 25</span>
</code></pre>
<br />
If this fails, then you'll have to ssh into some public machine to do your connections.<br />
<br />
2) Check <u><a href="https://mxtoolbox.com/" rel="ugc">https://mxtoolbox.com/</a></u> -&gt; Blacklist Check to see if your IP or domain is blacklisted anywhere.<br />
<br />
If you're blacklisted, open a new question about how to clear this, as the process can be complex, depending on exactly where you're blacklisted + why.
</div>


<div>
I think the problem is our sending IP - although is a fixed IP, it is on a dynamic space. Looks like there is a trend to block dynamic IPs by default.<br />
<br />
I sent to outlook.com, Yahoo, gmail, and IBM requests to check why my emails are not going thru, and the reply from Microsoft is:<br />
Our investigation has determined that the above IP(s) do not qualify for mitigation.<br />
Connections from dynamic IP space may not be accepted.<br />
<br />
No reply yet from IBM, Yahoo and Google.<br />
<br />
Note: we are not listed on any RBL.
</div>


<div>
You said, &quot;our sending IP is on a dynamic space&quot; which means each time your IP changes you must ensure all steps from the checklist are somehow automatically done for you.<br />
<br />
Then each time you change IP, you'll have to go through a warm up period for the IP, which will run days to months, depending many factors.<br />
<br />
For high email deliverability, you'll always use the same static IP, never IPs from a &quot;dynamic space&quot;.
</div>


<div>
<div class="content wysiwyg-content">
I am Unable to send most emails to most domains. We are using Sophos XG as the sending relay.<br />
All (almost all) emails are stuck in the queue with error:<br />
421 service not available (connection refused, generic failure).<br />
some emails that give these errors sometimes are getting delivered.<br />
Problem started only yesterday!
</div>
</div>


I am Unable to send most emails to most domains. We are using Sophos XG as the sending relay.
All (almost all) emails are stuck in the queue with error:
421 service not available (connection refused, generic failure).
some emails that give these errors sometimes are getting delivered.
Problem started only yesterday!

Unable to send emails - error 421

email protection

Within Internet message handling services (MHS), a message transfer agent or mail transfer agent (MTA) or mail relay is software that transfers electronic mail messages from one computer to another using a client–server application architecture. A MTA implements both the client (sending) and server (receiving) portions of the Simple Mail Transfer Protocol (SMTP). The terms mail server, mail exchanger, and MX host may also refer to a computer performing the MTA function. The Domain Name System (DNS) associates a mail server to a domain with mail exchanger (MX) resource records containing the domain name of a host providing MTA services.

Email Servers

Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.

Sophos

Interactions between email servers and clients are governed by email protocols. The three most common email protocols are POP, IMAP and MAPI. Most email software operates under one of these (and many products support more than one).  The correct protocol must be selected, and correctly configured, if you want your email account to work.