locked
E-mails are not going out of the server for one domain RRS feed

  • Question

  • Hi,

    This problem started when we shifted to the new ISP we've changed the Live IP address for our exchange server it is working fine with all the domains but accept only one domain, we can receive their emails but we can't send, whenever we try to send any email to the particular domain it stucks in the server mail queu and after a while a message comes.

    451 4.4.0 Primary target IP address responded with: "421 4.2.1 Unable to connect."
    Attempted failover to alternate host, but did not secceed. Either there are no alternate host,
    or delivery faild to all alternate hosts.

    To Troubleshoot i've gone through following steps.

    1. Confirmed with the other party if they blocked our domain in their mail server.
    2. Checked with the local ISP the provider of Real IP.
    3. Inquired with the Domain hosting company.

    Every body tells me no problem.
    i don't understand what to do and this is the only place where I always got the answers.

    Regards,

    Omer
    Assistant Project Manager
    Sunday, February 15, 2009 8:12 AM

Answers

  •  I would do a telnet test from your Exchange server to the Remote IP over port 25.  If you don't get a connection or response then something is blocking your IP.
    Sr. Exchange Engineer - Constellation Energy
    Monday, February 16, 2009 4:26 PM
  • Hi,

    Please do a test based on the Aaron suggestion.

    Hope to receive your update.

    Thanks

    Allen
    Tuesday, February 17, 2009 8:07 AM
  • Thanks for the reply,

    Besides previous troubleshoot i've used smtpdiag tool to find out the actual reason of issue so i found that i  can't telnet them on a specific IP address i mean to say that by checking their MX records i came to know that they have 2 live adderss for their mail server one is pointed to companyname.com and other one is pointing to mail.companyname.com

    gulfhotelbahrain.com          =  72.18.135.76          Telnet = Yes
    mail.gulfhotelbahrain.com = 77.69.146.138         Telnet = No

    as i am new to the mail server i think if i am not wrong one should use only IP to the mail server. As we are using in our organization and here is the SMTPDIAG results

    for our network security i am removing the IP addresses and domain from the result given below.

    Searching for Exchange external DNS settings.
    Computer name is abcd.
    Failed to bind to search. Error: 8007054b

    Checking SOA for gulfhotelbahrain.com.
    Checking external DNS servers.
    Checking internal DNS servers.

    Checking TCP/UDP SOA serial number using DNS server [0.0.0.0].
    TCP test succeeded.
    UDP test succeeded.
    Serial number: 2007022126
    SOA serial number match: Passed.

    Checking local domain records.
    Starting TCP and UDP DNS queries for the local domain. This test will try to
    validate that DNS is set up correctly for inbound mail. This test can fail for
    3 reasons.
        1) Local domain is not set up in DNS. Inbound mail cannot be routed to
    local mailboxes.
        2) Firewall blocks TCP/UDP DNS queries. This will not affect inbound mail,
    but will affect outbound mail.
        3) Internal DNS is unaware of external DNS settings. This is a valid
    configuration for certain topologies.
    Checking MX records using TCP: our-company.com.
      A:     our-company.com [0.0.0.0]
      A:     our-company.com [0.0.0.0]
    Checking MX records using UDP: our-company.com.
      A:     hits-africa.com [0.0.0.0]
      A:     hits-africa.com [0.0.0.0]
    Both TCP and UDP queries succeeded. Local DNS test passed.

    Checking remote domain records.
    Starting TCP and UDP DNS queries for the remote domain. This test will try to
    validate that DNS is set up correctly for outbound mail. This test can fail for
    3 reasons.
        1) Firewall blocks TCP/UDP queries which will block outbound mail. Windows
    2000/NT Server requires TCP DNS queries. Windows Server 2003 will use UDP
    queries first, then fall back to TCP queries.
        2) Internal DNS does not know how to query external domains. You must
    either use an external DNS server or configure DNS server to query external
    domains.
        3) Remote domain does not exist. Failure is expected.
    Checking MX records using TCP: gulfhotelbahrain.com.
      MX:    mail.gulfhotelbahrain.com (21)
      A:     mail.gulfhotelbahrain.com [77.69.146.138]
    Checking MX records using UDP: gulfhotelbahrain.com.
      MX:    mail.gulfhotelbahrain.com (21)
    Both TCP and UDP queries succeeded. Remote DNS test passed.

    Checking MX servers listed for ghmicd@gulfhotelbahrain.com.
    Connecting to mail.gulfhotelbahrain.com [77.69.146.138] on port 25.
    Connecting to the server failed. Error: 10060
    Failed to submit mail to mail.gulfhotelbahrain.com.

    i am sure you can help me.

    Thanks & Regards,

    Omer


    Assistant Project Manager
    Tuesday, February 17, 2009 11:36 AM
  • Hi,

    In fact, there can have more than mail servers for one company. To make it, the inbound email can failover to another mail server in order to avodi losing email when one of the mail server is down.

    From your test result, it seems that one of the mail server is unavailable since the 25 port could not be connected.

    Thus, please create another MX record for gulfhotelbahrain.com, then associated with the IP as 72.18.135.76.

    The example as:

    A record:  gulfhotelbahrain.com     =  72.18.135.76 
    MX record: gulfhotelbahrain.com, set the mail server priority lower than mail.gulfhotelbahrain.com.

    Thanks

    Allen
    Thursday, February 19, 2009 9:38 AM

All replies

  •  I would do a telnet test from your Exchange server to the Remote IP over port 25.  If you don't get a connection or response then something is blocking your IP.
    Sr. Exchange Engineer - Constellation Energy
    Monday, February 16, 2009 4:26 PM
  • Hi,

    Please do a test based on the Aaron suggestion.

    Hope to receive your update.

    Thanks

    Allen
    Tuesday, February 17, 2009 8:07 AM
  • Thanks for the reply,

    Besides previous troubleshoot i've used smtpdiag tool to find out the actual reason of issue so i found that i  can't telnet them on a specific IP address i mean to say that by checking their MX records i came to know that they have 2 live adderss for their mail server one is pointed to companyname.com and other one is pointing to mail.companyname.com

    gulfhotelbahrain.com          =  72.18.135.76          Telnet = Yes
    mail.gulfhotelbahrain.com = 77.69.146.138         Telnet = No

    as i am new to the mail server i think if i am not wrong one should use only IP to the mail server. As we are using in our organization and here is the SMTPDIAG results

    for our network security i am removing the IP addresses and domain from the result given below.

    Searching for Exchange external DNS settings.
    Computer name is abcd.
    Failed to bind to search. Error: 8007054b

    Checking SOA for gulfhotelbahrain.com.
    Checking external DNS servers.
    Checking internal DNS servers.

    Checking TCP/UDP SOA serial number using DNS server [0.0.0.0].
    TCP test succeeded.
    UDP test succeeded.
    Serial number: 2007022126
    SOA serial number match: Passed.

    Checking local domain records.
    Starting TCP and UDP DNS queries for the local domain. This test will try to
    validate that DNS is set up correctly for inbound mail. This test can fail for
    3 reasons.
        1) Local domain is not set up in DNS. Inbound mail cannot be routed to
    local mailboxes.
        2) Firewall blocks TCP/UDP DNS queries. This will not affect inbound mail,
    but will affect outbound mail.
        3) Internal DNS is unaware of external DNS settings. This is a valid
    configuration for certain topologies.
    Checking MX records using TCP: our-company.com.
      A:     our-company.com [0.0.0.0]
      A:     our-company.com [0.0.0.0]
    Checking MX records using UDP: our-company.com.
      A:     hits-africa.com [0.0.0.0]
      A:     hits-africa.com [0.0.0.0]
    Both TCP and UDP queries succeeded. Local DNS test passed.

    Checking remote domain records.
    Starting TCP and UDP DNS queries for the remote domain. This test will try to
    validate that DNS is set up correctly for outbound mail. This test can fail for
    3 reasons.
        1) Firewall blocks TCP/UDP queries which will block outbound mail. Windows
    2000/NT Server requires TCP DNS queries. Windows Server 2003 will use UDP
    queries first, then fall back to TCP queries.
        2) Internal DNS does not know how to query external domains. You must
    either use an external DNS server or configure DNS server to query external
    domains.
        3) Remote domain does not exist. Failure is expected.
    Checking MX records using TCP: gulfhotelbahrain.com.
      MX:    mail.gulfhotelbahrain.com (21)
      A:     mail.gulfhotelbahrain.com [77.69.146.138]
    Checking MX records using UDP: gulfhotelbahrain.com.
      MX:    mail.gulfhotelbahrain.com (21)
    Both TCP and UDP queries succeeded. Remote DNS test passed.

    Checking MX servers listed for ghmicd@gulfhotelbahrain.com.
    Connecting to mail.gulfhotelbahrain.com [77.69.146.138] on port 25.
    Connecting to the server failed. Error: 10060
    Failed to submit mail to mail.gulfhotelbahrain.com.

    i am sure you can help me.

    Thanks & Regards,

    Omer


    Assistant Project Manager
    Tuesday, February 17, 2009 11:36 AM
  • Hi,

    In fact, there can have more than mail servers for one company. To make it, the inbound email can failover to another mail server in order to avodi losing email when one of the mail server is down.

    From your test result, it seems that one of the mail server is unavailable since the 25 port could not be connected.

    Thus, please create another MX record for gulfhotelbahrain.com, then associated with the IP as 72.18.135.76.

    The example as:

    A record:  gulfhotelbahrain.com     =  72.18.135.76 
    MX record: gulfhotelbahrain.com, set the mail server priority lower than mail.gulfhotelbahrain.com.

    Thanks

    Allen
    Thursday, February 19, 2009 9:38 AM
  •  Hello and thanks again Allen,

    Well the real problem is gulf hotel firewall even though our company and gulf hotel both are in one ISP network but still i don't know for what reasons our network is blocked from their site, first i thought that our firewall might be causing this issue then i connected my machine directly to the ISP router and the result was same no telnet, so i asked one of my friend to telnet this domain from his network which he could and he also give me the access to his network for troubleshooting.

    Well end of the story its gulf hotel who are blocking our IPs to enter their network and their IT manager i believe who knows nothing was telling me that we are not the one.

    but i would like to appricate the efforts of all the poeple who helped me thanks again.

    Regards,

    omer javed butt

    Assistant Project Manager
    Sunday, March 1, 2009 7:30 AM