none
Mail sent to one domain stayed in the queue

    Question

  • Hi!

    Exchange 2010 SP3. The second day messages sent to the addresses of just one mail domain is stayed in the queue. Some messages reach the addresses, but with a very long delay (DnsConnectionDelivery)

    In the message properties in this error queue, errors like 421 4.4.2 Connection dropped due to TimedOut and 451 4.4.0 Primary target IP address responded with: "421 # 4.4.5 Too many connections from your host

    Tried to clear messages and restart the Exchange transport. After that, several messages are sent normally, and then the queue starts to grow again.

    The mailflow is not to large, at the moment there are about 30 messages in this queue.

    In the same time, messages to that domain from other addresses come without any problems. As well as to other addresses from our server.

    Wednesday, February 28, 2018 3:44 PM

All replies

  • Hi!

    Exchange 2010 SP3. The second day messages sent to the addresses of just one mail domain is stayed in the queue. Some messages reach the addresses, but with a very long delay (DnsConnectionDelivery)

    In the message properties in this error queue, errors like 421 4.4.2 Connection dropped due to TimedOut and 451 4.4.0 Primary target IP address responded with: "421 # 4.4.5 Too many connections from your host

    Tried to clear messages and restart the Exchange transport. After that, several messages are sent normally, and then the queue starts to grow again.

    The mailflow is not to large, at the moment there are about 30 messages in this queue.

    In the same time, messages to that domain from other addresses come without any problems. As well as to other addresses from our server.


    YOu should contact the recipient domain and ask them.
    Wednesday, February 28, 2018 6:41 PM
  • Hello,

    This could because the recipient's mail server has set some limitation of receiving message from your server IP or domains.

    Please refer to: https://social.technet.microsoft.com/Forums/ie/en-US/7e50b69d-a337-4e02-a7ac-dd8f05c9b101/421-445-too-many-messages-from-this-host-last-hour?forum=exchangesvrsecuremessaging

    Hope it helps.


    Best Regards,
    Jason Chao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, March 1, 2018 8:19 AM
    Moderator
  • Hi,
     
    We are currently standing by for further update from you and would like to know how things are going. If you have any questions, please don't hesitate to let me know. And if the replies has helped you, please help to mark as answer and it could be helpful for others.
     
    Thanks for your time and have a nice day!

    Best Regards,
    Jason Chao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, March 5, 2018 2:01 AM
    Moderator
  • yes, I'm sure that is recipient mail server limitation. But in Exchange Health Monitor I can see Messages Sent/sec =358. I suppose that's too much for about 100 users.

    How to check what users send this messages?

    Monday, March 5, 2018 7:58 AM
  • Thanks for your response.

    We can run the command get-queue <> | get-message | fl to check the detailed information.


    Best Regards,
    Jason Chao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, March 5, 2018 8:10 AM
    Moderator
  • In queue I see only few messages (about 20 for this moment)

    RunspaceId        : 27bd963b-a667-4f3a-a0d7-6b345c0963f4
    Subject           : sbj
    InternetMessageId : <257B30C8CA494B4EA34D42BFEC6AF208421DB959@MAIL1.domain.local>
    FromAddress       : user1@domain.com
    Status            : Ready
    Size              : 13.15 KB (13,461 bytes)
    MessageSourceName : FromLocal
    SourceIP          : 255.255.255.255
    SCL               : -1
    DateReceived      : 05.03.2018 11:25:48
    ExpirationTime    : 07.03.2018 11:25:48
    LastError         :  421 4.4.2 Connection dropped due to TimedOut
    RetryCount        : 0
    Recipients        : 
    ComponentLatency  : 
    MessageLatency    : 00:00:32.9692966
    DeferReason       : None
    Priority          : Normal
    MessageIdentity   : MAIL1\111\6310
    Queue             : MAIL1\111
    Identity          : MAIL1\111\6310
    IsValid           : True


    Monday, March 5, 2018 2:33 PM
  • Meanwhile Messages Sent\sec > 1500

    What's going on?

    Monday, March 5, 2018 4:33 PM
  • How many messages in the queue now?

    All to that same domain?

    Does the name of the sender make sense? And the subject?

    Do these look legitimate - or suspicious?


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

    Monday, March 5, 2018 8:14 PM
  • Now there are 12 messages in the queue, all to that domain.

    I didn't notice any sense of sender name or subject. But guys on other side says that they see a lot of messages with empty subj. from our IP in the logs.

    Subject:Incoming connection (ICID 23945777) disconnected address <our ip>. Maximum connection time exceeded.

    Message 12555602 aborted: Receiving aborted

    All these messages in the queue don't look suspicious - real e-mail from our users.

    Suspicious looks number of connections from our IP reported by remote server > 20k

    Monday, March 5, 2018 10:46 PM
  • Thanks for your response.

    Are the senders' address from your domain?

    It seems your domain has been spoofed, it’s recommended to run the command to remove the extended permission:

    Get-ReceiveConnector "connector name" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-exch-smtp-accept-authoritative-domain-sender"} | Remove-ADPermission

    Usually we can remove the permission of default receive connector.

    Hope it helps.



    Best Regards,
    Jason Chao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, March 6, 2018 2:33 AM
    Moderator
  • Yes, senders from our domain.

    But we have SPF records configured. How it can be spoofed?

    Now queue is empty (after night). But my 2 new test messages to this domain stuck in queue again

    All other test messages delivered immediately 

    [PS] C:\Windows\system32>Get-ReceiveConnector "Default MAIL1" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon"

    | where {$_.ExtendedRights -like "ms-exch-smtp-accept-authoritative-domain-sender"}

    Identity             User                 Deny  Inherited
    --------             ----                 ----  ---------
    MAIL1\Default ... NT AUTHORITY\Anon... False False




    • Edited by -Student- Tuesday, March 6, 2018 5:46 AM
    Tuesday, March 6, 2018 5:16 AM
  • Could the removal of this permission affect the receipt of emails from our web portal on remote hosting?

    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:

      group1@company.com
        SMTP error from remote mail server after end of data:
        host mail.company.com [our ip]: 550 5.7.1 Client does not have permissions to send as this sender
       group2@company.com
        SMTP error from remote mail server after end of data:
        host mail.company.com [our ip]: 550 5.7.1 Client does not have permissions to send as this sender

    I'm trying to add this permission back using Get-ReceiveConnector "Deault MAIL1" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-exch-smtp-accept-authoritative-domain-sender"} | Add-ADPermission

    but after that Get-ReceiveConnector "Default MAIL1" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon"

    | where {$_.ExtendedRights -like "ms-exch-smtp-accept-authoritative-domain-sender"}

    displays no entries

    Tuesday, March 6, 2018 8:30 AM
  • Thanks for your response. It won’t affect the internet senders, but it will affect the sender that use this connector with the authoritative domain address.

     

    For adding back this permission, please use the command below:

     

    Get-ReceiveConnector "Relay Servers Add" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-exch-smtp-accept-authoritative-domain-sender"

     

    By the way, after remove this permission, does the undeliverable messages in queue still increase?

     

    Thanks.


    Best Regards,
    Jason Chao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, March 6, 2018 8:40 AM
    Moderator
  • Ok, now we receiving messages from webportal again.

    But before adding back this permission there was 3 messages in queue. Now we have 9... But this may be due to peak of business day ...

    Our partners on other side says they increased connection limits:

    Max. Concurrent Connections From a Single IP:  300

    Max. Messages Per Connection:  5000  


    Tuesday, March 6, 2018 10:08 AM
  • Monitoring connection status on our TMG 2010

    Time after time see records like FWX_E_TCP_NOT_SYN_PACKET_DROPPED to IP adresses of these mail servers

    Can it cause these problems?

    Source: Local computer  (mail.company.com:62470) 
    Destination: External (mail.domain.com:25) 



    • Edited by -Student- Wednesday, March 7, 2018 5:53 AM
    Tuesday, March 6, 2018 10:55 AM
  • Yes it can be.

    Best Regards,
    Jason Chao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, March 7, 2018 2:15 AM
    Moderator
  • Last 4 hours no records FWX_E_TCP_NOT_SYN_PACKET_DROPPED in TMG logs. But still have messages in that queue and it slowly growing...

    Is it possible to use external smtp server to send messages (to this domain only) ?

    Wednesday, March 7, 2018 7:42 AM
  • Thanks for your update, yes it's possible, with the setting of the send connector.

    Best Regards,
    Jason Chao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, March 7, 2018 9:44 AM
    Moderator
  • How to remove the extended permission on Default ReceiveConnector and keep this permission to receive email from our external web hosting?

    I created recieve connector "Web Portal" , limit remote ip to just one ip address (ip address of our web portal) and allowed accept-authoritative-domain-sender

    Get-ReceiveConnector "Web Portal" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "ms-exch-smtp-accept-authoritative-domain-sender"

    but we can't recieved mail from our web portal.

    But with this permission enabled on Default connector - we can.

    • Edited by -Student- Sunday, March 11, 2018 10:13 PM
    Friday, March 9, 2018 8:55 AM
  • Do you use internal address for the web portal?

    Best Regards,
    Jason Chao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, March 15, 2018 10:14 AM
    Moderator
  • No, external (http://portal.company.com)

    Sunday, March 18, 2018 9:38 PM