Asked by:
Unable to recieve messages from certain domains

Question
-
We have just deployed a brand new standalone Exchange 2016 server
Inbound email is working for the most part, but certain domains are getting undeliverable bounce backs to our server
DNS, MX and SPF records are valid
And the Exchange connectivity analyzer shows all Green inbound SMTP.
this is the bounce back:
Delivery is delayed to these recipients or groups:
user@recipient.com (user@recipient.com)
Subject: test
This message hasn't been delivered yet. Delivery will continue to be attempted.
The server will keep trying to deliver this message for the next 1 days, 19 hours and 57 minutes. You'll be notified if the message can't be delivered by that time.
Diagnostic information for administrators:
Generating server: EXCH01.lan.sender.com
Receiving server: mail.ldrc.net (205.x.x.x)
user@recipient.com
Server at mail.ldrc.net (205.x.x.x) returned '400 4.4.7 Message delayed'
2019-01-03 11:51:18 PM - Server at mail.recipient.com (205.x.x.x) returned '451 4.4.397 Error communicating with target host. -> 421 4.4.2 Connection dropped due to ConnectionAborted'
Original message headers:
Received: from EXCH01.lan.sender.com (172.16.16.205) by
EXCH01.lan.sender.com (172.16.16.205) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
15.1.1531.3; Thu, 3 Jan 2019 13:59:33 -0600
Received: from PLWPGEXCH01.lan.sender.com
([fe80::e5b2:f5f4:5cb4:f89c]) by EXCH01.lan.sender.com
([fe80::e5b2:f5f4:5cb4:f89c%12]) with mapi id 15.01.1531.003; Thu, 3 Jan 2019
13:59:33 -0600
From: PERSON <user@sender.com>
To: "user@recipient.com" <user@recipient.com>
Subject: test
Thread-Topic: test
Thread-Index: AdSjntbthT/vxzIkQZ6PNbY6tJppjQ==
Date: Thu, 3 Jan 2019 19:59:32 +0000
Message-ID: <34627cf6d1cd4598b12bd3293c373dfa@sender.com>
Accept-Language: en-US, en-CA
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [64.X.XX]
Content-Type: multipart/alternative;
boundary="_000_34627cf6d1cd4598b12bd3293c373dfapowerlandca_"
MIME-Version: 1.0
Found this in the exchange log, so the connection is being made. But the message isn't being delivered.
2019-01-07T17:06:29.320Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,0,172.27.2.9:25,205.x.x.x:57459,+,,
2019-01-07T17:06:29.320Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,1,172.27.2.9:25,205.x.x.x:57459,>,"220 exchange.recipient.com Microsoft ESMTP MAIL Service ready at Mon, 7 Jan 2019 11:06:29 -0600",
2019-01-07T17:06:29.340Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,2,172.27.2.9:25,205.x.x.x:57459,<,EHLO mx3.sender.com,
2019-01-07T17:06:29.340Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,3,172.27.2.9:25,205.x.x.x:57459,>,250 exchange.recipient.com Hello [205.x.x.x] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS X-ANONYMOUSTLS AUTH NTLM X-EXPS GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING XRDST,
2019-01-07T17:06:29.363Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,4,172.27.2.9:25,205.x.x.x:57459,<,STARTTLS,
2019-01-07T17:06:29.363Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,5,172.27.2.9:25,205.x.x.x:57459,>,220 2.0.0 SMTP server ready,
2019-01-07T17:06:29.363Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,6,172.27.2.9:25,205.x.x.x:57459,*, CN=Exchange CN=Exchange 40A5D7371C7F1F9D49DB886B6E61A95E BD729173E66A483F1D77660B3DDD1CB4CDAA09B1 2018-12-27T21:35:32.000Z 2023-12-27T21:35:32.000Z Exchange;exchange.recipient.com,Sending certificate Subject Issuer name Serial number Thumbprint Not before Not after Subject alternate names
2019-01-07T17:06:29.405Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,7,172.27.2.9:25,205.x.x.x:57459,*,,"TLS protocol SP_PROT_TLS1_2_SERVER negotiation succeeded using bulk encryption algorithm CALG_AES_128 with strength 128 bits, MAC hash algorithm CALG_SHA_256 with strength 256 bits and key exchange algorithm CALG_ECDH_EPHEM with strength 256 bits"
2019-01-07T17:06:29.435Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,8,172.27.2.9:25,205.x.x.x:57459,<,EHLO mx3.sender.com,
2019-01-07T17:06:29.435Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,9,172.27.2.9:25,205.x.x.x:57459,*,,Client certificate chain validation status: 'EmptyCertificate'
2019-01-07T17:06:29.435Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,10,172.27.2.9:25,205.x.x.x:57459,*,,TlsDomainCapabilities='None'; Status='NoRemoteCertificate'
2019-01-07T17:06:29.435Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,11,172.27.2.9:25,205.x.x.x:57459,>,250 exchange.recipient.com Hello [205.x.x.x] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES AUTH NTLM LOGIN X-EXPS GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING XRDST,
2019-01-07T17:06:29.461Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,12,172.27.2.9:25,205.x.x.x:57459,<,MAIL FROM:<user@sender.com> SIZE=95867,
2019-01-07T17:06:29.461Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,13,172.27.2.9:25,205.x.x.x:57459,*,08D6728F6A32EE2D;2019-01-07T17:06:29.319Z;1,receiving message
2019-01-07T17:06:29.461Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,14,172.27.2.9:25,205.x.x.x:57459,<,RCPT TO:<user@recipient.com>,
2019-01-07T17:06:29.461Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,15,172.27.2.9:25,205.x.x.x:57459,>,250 2.1.0 Sender OK,
2019-01-07T17:06:29.461Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,16,172.27.2.9:25,205.x.x.x:57459,>,250 2.1.5 Recipient OK,
2019-01-07T17:06:29.485Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,17,172.27.2.9:25,205.x.x.x:57459,<,BDAT 93257 LAST,
- Edited by DarkAlman Tuesday, January 8, 2019 3:31 AM
Monday, January 7, 2019 5:51 PM
All replies
-
As per my experience, sometimes a limited bandwidth could cause this issue.
Besides, temporarily close any firewall or AV software in all the Exchange servers.In Exchange server, open EMS, run the following command and see if message got stuck in queue:
Get-queue | fl
If so, retry the queues:
Get-queue | Retry-Queue
Regards,
Manu Meng
Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.
Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.
Tuesday, January 8, 2019 7:02 AM -
The messages in question are inbound so they wouldn't be hitting the send queue
Inbound mail works from some domains but not other.
Free email services like hotmail + my ISPs work just fine, it's hard to say 100% for sure but it appears to be that our exchange is only having trouble receiving from other exchange servers.
I had the chance to go onsite at to one of the customers that can't send email to us. I was able to successfully send an email to us from telnet, but went sent through the Exchange we get a bounce back.Wednesday, January 9, 2019 9:26 PM -
From the exchange server of the customer that can't send to us:
2019-01-09 5:45:45 PM - Server at XXXXXXXXXXXXXXXXXXXXXX returned '550 5.4.300 Message expired -> 451 4.4.397 Error communicating with target host. -> 421 4.4.2 Connection dropped due to ConnectionAborted'
2019-01-09 5:41:44 PM - Server at mail.domain.net (205.X.X.X) returned '451 4.4.397 Error communicating with target host. -> 421 4.4.2 Connection dropped due to ConnectionAborted'Wednesday, January 9, 2019 9:28 PM -
Hello,
Best practice - use Microsoft Exchange Edge Server or other DMZ smart host (Cisco ESA)
For troubleshooting you can create new Receive Connector on the Front End Transport service.
Receive Connector type: Internet
Remote IP address ranges: IP of sending external exchange server
https://docs.microsoft.com/en-us/exchange/mail-flow/connectors/receive-connectors?view=exchserver-2016
https://docs.microsoft.com/en-us/exchange/mail-flow/connectors/custom-receive-connectors?view=exchserver-2016
- Edited by Alexey.Pasochnik Thursday, January 10, 2019 3:39 AM
Thursday, January 10, 2019 3:37 AM