locked
Unable to recieve messages from certain domains RRS feed

  • Question

  • We have just deployed a brand new standalone Exchange 2016 server

    Inbound email is working for the most part, but certain domains are getting undeliverable bounce backs to our server

    DNS, MX and SPF records are valid

    And the Exchange connectivity analyzer shows all Green inbound SMTP.


    this is the bounce back:

    Delivery is delayed to these recipients or groups:
     
    user@recipient.com (user@recipient.com)
     
    Subject: test
     
    This message hasn't been delivered yet. Delivery will continue to be attempted.
     
    The server will keep trying to deliver this message for the next 1 days, 19 hours and 57 minutes. You'll be notified if the message can't be delivered by that time.
     
    Diagnostic information for administrators:
     
    Generating server: EXCH01.lan.sender.com
    Receiving server: mail.ldrc.net (205.x.x.x)
     
    user@recipient.com
    Server at mail.ldrc.net (205.x.x.x) returned '400 4.4.7 Message delayed'
    2019-01-03 11:51:18 PM - Server at mail.recipient.com (205.x.x.x) returned '451 4.4.397 Error communicating with target host. -> 421 4.4.2 Connection dropped due to ConnectionAborted'
     
    Original message headers:
     
    Received: from EXCH01.lan.sender.com (172.16.16.205) by
     EXCH01.lan.sender.com (172.16.16.205) with Microsoft SMTP
     Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id
     15.1.1531.3; Thu, 3 Jan 2019 13:59:33 -0600
    Received: from PLWPGEXCH01.lan.sender.com
     ([fe80::e5b2:f5f4:5cb4:f89c]) by EXCH01.lan.sender.com
     ([fe80::e5b2:f5f4:5cb4:f89c%12]) with mapi id 15.01.1531.003; Thu, 3 Jan 2019
     13:59:33 -0600
    From: PERSON <user@sender.com>
    To: "user@recipient.com" <user@recipient.com>
    Subject: test
    Thread-Topic: test
    Thread-Index: AdSjntbthT/vxzIkQZ6PNbY6tJppjQ==
    Date: Thu, 3 Jan 2019 19:59:32 +0000
    Message-ID: <34627cf6d1cd4598b12bd3293c373dfa@sender.com>
    Accept-Language: en-US, en-CA
    Content-Language: en-US
    X-MS-Has-Attach:
    X-MS-TNEF-Correlator:
    x-originating-ip: [64.X.XX]
    Content-Type: multipart/alternative;
            boundary="_000_34627cf6d1cd4598b12bd3293c373dfapowerlandca_"
    MIME-Version: 1.0

    Found this in the exchange log, so the connection is being made. But the message isn't being delivered.

    2019-01-07T17:06:29.320Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,0,172.27.2.9:25,205.x.x.x:57459,+,,
    2019-01-07T17:06:29.320Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,1,172.27.2.9:25,205.x.x.x:57459,>,"220 exchange.recipient.com Microsoft ESMTP MAIL Service ready at Mon, 7 Jan 2019 11:06:29 -0600",
    2019-01-07T17:06:29.340Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,2,172.27.2.9:25,205.x.x.x:57459,<,EHLO mx3.sender.com,
    2019-01-07T17:06:29.340Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,3,172.27.2.9:25,205.x.x.x:57459,>,250  exchange.recipient.com Hello [205.x.x.x] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS X-ANONYMOUSTLS AUTH NTLM X-EXPS GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING XRDST,
    2019-01-07T17:06:29.363Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,4,172.27.2.9:25,205.x.x.x:57459,<,STARTTLS,
    2019-01-07T17:06:29.363Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,5,172.27.2.9:25,205.x.x.x:57459,>,220 2.0.0 SMTP server ready,
    2019-01-07T17:06:29.363Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,6,172.27.2.9:25,205.x.x.x:57459,*, CN=Exchange CN=Exchange 40A5D7371C7F1F9D49DB886B6E61A95E BD729173E66A483F1D77660B3DDD1CB4CDAA09B1 2018-12-27T21:35:32.000Z 2023-12-27T21:35:32.000Z Exchange;exchange.recipient.com,Sending certificate Subject Issuer name Serial number Thumbprint Not before Not after Subject alternate names
    2019-01-07T17:06:29.405Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,7,172.27.2.9:25,205.x.x.x:57459,*,,"TLS protocol SP_PROT_TLS1_2_SERVER negotiation succeeded using bulk encryption algorithm CALG_AES_128 with strength 128 bits, MAC hash algorithm CALG_SHA_256 with strength 256 bits and key exchange algorithm CALG_ECDH_EPHEM with strength 256 bits"
    2019-01-07T17:06:29.435Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,8,172.27.2.9:25,205.x.x.x:57459,<,EHLO mx3.sender.com,
    2019-01-07T17:06:29.435Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,9,172.27.2.9:25,205.x.x.x:57459,*,,Client certificate chain validation status: 'EmptyCertificate'
    2019-01-07T17:06:29.435Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,10,172.27.2.9:25,205.x.x.x:57459,*,,TlsDomainCapabilities='None'; Status='NoRemoteCertificate'
    2019-01-07T17:06:29.435Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,11,172.27.2.9:25,205.x.x.x:57459,>,250  exchange.recipient.com Hello [205.x.x.x] SIZE 37748736 PIPELINING DSN ENHANCEDSTATUSCODES AUTH NTLM LOGIN X-EXPS GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING XRDST,
    2019-01-07T17:06:29.461Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,12,172.27.2.9:25,205.x.x.x:57459,<,MAIL FROM:<user@sender.com> SIZE=95867,
    2019-01-07T17:06:29.461Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,13,172.27.2.9:25,205.x.x.x:57459,*,08D6728F6A32EE2D;2019-01-07T17:06:29.319Z;1,receiving message
    2019-01-07T17:06:29.461Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,14,172.27.2.9:25,205.x.x.x:57459,<,RCPT TO:<user@recipient.com>,
    2019-01-07T17:06:29.461Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,15,172.27.2.9:25,205.x.x.x:57459,>,250 2.1.0 Sender OK,
    2019-01-07T17:06:29.461Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,16,172.27.2.9:25,205.x.x.x:57459,>,250 2.1.5 Recipient OK,
    2019-01-07T17:06:29.485Z,EXCHANGE\Default Frontend EXCHANGE,08D6728F6A32EE2D,17,172.27.2.9:25,205.x.x.x:57459,<,BDAT 93257 LAST,



    • Edited by DarkAlman Tuesday, January 8, 2019 3:31 AM
    Monday, January 7, 2019 5:51 PM

All replies

  • As per my experience, sometimes a limited bandwidth could cause this issue.
    Besides, temporarily close any firewall or AV software in all the Exchange servers.

    In Exchange server, open EMS, run the following command and see if message got stuck in queue:

    Get-queue | fl

    If so, retry the queues:

    Get-queue | Retry-Queue

    Regards,

    Manu Meng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, January 8, 2019 7:02 AM
  • The messages in question are inbound so they wouldn't be hitting the send queue

    Inbound mail works from some domains but not other.

    Free email services like hotmail + my ISPs work just fine, it's hard to say 100% for sure but it appears to be that our exchange is only having trouble receiving from other exchange servers.

    I had the chance to go onsite at to one of the customers that can't send email to us. I was able to successfully send an email to us from telnet, but went sent through the Exchange we get a bounce back.

    Wednesday, January 9, 2019 9:26 PM
  • From the exchange server of the customer that can't send to us:

    2019-01-09 5:45:45 PM - Server at XXXXXXXXXXXXXXXXXXXXXX returned '550 5.4.300 Message expired -> 451 4.4.397 Error communicating with target host. -> 421 4.4.2 Connection dropped due to ConnectionAborted'
    2019-01-09 5:41:44 PM - Server at mail.domain.net (205.X.X.X) returned '451 4.4.397 Error communicating with target host. -> 421 4.4.2 Connection dropped due to ConnectionAborted'

    Wednesday, January 9, 2019 9:28 PM
  • Hello,

    Best practice - use Microsoft Exchange Edge Server or other DMZ smart host (Cisco ESA)

    For troubleshooting you can create new Receive Connector on the Front End Transport service.

    Receive Connector type: Internet

    Remote IP address ranges: IP of sending external exchange server 

    https://docs.microsoft.com/en-us/exchange/mail-flow/connectors/receive-connectors?view=exchserver-2016

    https://docs.microsoft.com/en-us/exchange/mail-flow/connectors/custom-receive-connectors?view=exchserver-2016

    Thursday, January 10, 2019 3:37 AM