Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
4.4.7 error to one domain
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
4.4.7 error to one domain - 13.Dec.2011 5:19:49 PM
|
|
|
Twisster76
Posts: 1
Joined: 13.Dec.2011
Status: offline
|
I'm perplexed by this one. I have a domain I can't send emails to, they just sit in the queue and retry for 2 days. I can email the domain from gmail without issue. I can email the domain via Telnet from the Exchange box as well. This makes me think it's an exchange config as the Firewall would have likely blocked the telnet smtp traffic. Admittingly, I'm a little green at this too. Any input would be appreciated, also just into my 2nd week of employment with this company and still scratching the surface on their existing configurations.
Thanks.
|
|
|
|
|
RE: 4.4.7 error to one domain - 18.Dec.2011 7:57:36 PM
|
|
|
dmonty83
Posts: 54
Joined: 6.Jan.2007
Status: offline
|
I am having the same issue except it is multiple email providers that are denying our emails and keeping them in our exchange queue. One is hotmail, I contacted them and they claim we are not being blacklisted by any Microsoft email service.
I checked our reverse DNS for our email domain "westminster-ma.gov" and it has no a record. Our FQDN for the email server meetinghouse.westminster-ma.gov.
I do not understand what may have happened to our setup as it was working just fine.
If you have any other suggestions I would appreciate it greatly!
David
|
|
|
|
|
RE: 4.4.7 error to one domain - 18.Dec.2011 10:55:08 PM
|
|
|
dmonty83
Posts: 54
Joined: 6.Jan.2007
Status: offline
|
Email sent.
|
|
|
|
|
RE: 4.4.7 error to one domain - 18.Dec.2011 10:55:14 PM
|
|
|
dmonty83
Posts: 54
Joined: 6.Jan.2007
Status: offline
|
Email sent.
|
|
|
|
|
RE: 4.4.7 error to one domain - 19.Dec.2011 12:34:43 AM
|
|
|
dmonty83
Posts: 54
Joined: 6.Jan.2007
Status: offline
|
The email I sent you is sitting in my MS Exchange queue.
Hmmm....
|
|
|
|
|
RE: 4.4.7 error to one domain - 19.Dec.2011 3:24:14 AM
|
|
|
alanhardisty
Posts: 389
Joined: 28.Feb.2010
Status: offline
|
Your email hit my server and was temporarily Greylisted, but with the information in my logs, I have found the following:
If you visit http://www.blacklistalert.org/ and enter your IP Address 74.xxx.xxx.218 you will see a problem that needs resolving. Your FQDN of your mailserver is meetinghouse.domain.gov yet your Reverse DNS is configured as just domain.gov, but domain.gov doesn't resolve to an IP Address.
You should ideally have meetinghouse.domain.gov setup as your Reverse DNS record, or you need to point meetinghouse.gov to the same IP Address (74.xxx.xxx.218).
_____________________________
Alan Hardisty
http://www.it-eye.co.uk
http://alanhardisty.wordpress.com
http://www.exchange-certificates.com
|
|
|
|
|
RE: 4.4.7 error to one domain - 20.Dec.2011 12:41:48 PM
|
|
|
dmonty83
Posts: 54
Joined: 6.Jan.2007
Status: offline
|
Ok I believe that we have that resolved, but the root of our probelem still exists. Our email server seems to be spamming multiple email addresses.
|
|
|
|
|
RE: 4.4.7 error to one domain - 20.Dec.2011 12:51:16 PM
|
|
|
dmonty83
Posts: 54
Joined: 6.Jan.2007
Status: offline
|
Hi Alan,
Its from our server and it is coming from email addresses out side of our jurisdiction.
David
|
|
|
|
|
RE: 4.4.7 error to one domain - 20.Dec.2011 12:58:08 PM
|
|
|
dmonty83
Posts: 54
Joined: 6.Jan.2007
Status: offline
|
Ok. I was thinking that we were relaying within our organization. That is not the case then?
|
|
|
|
|
RE: 4.4.7 error to one domain - 20.Dec.2011 1:26:09 PM
|
|
|
dmonty83
Posts: 54
Joined: 6.Jan.2007
Status: offline
|
Ok i changed the logging level and only had 3 entries for event ID 1708. Is that consistent with an authenticated relay attack?
|
|
|
|
|
RE: 4.4.7 error to one domain - 20.Dec.2011 1:30:17 PM
|
|
|
alanhardisty
Posts: 389
Joined: 28.Feb.2010
Status: offline
|
Yes - a single account is all that is needed to be an authenticated relay.
I would change those account passwords to strong passwords and let the users know what they are. Then monitor and empty the queues.
If the problem goes away, then you have sorted the problem for now, but keep an eye on it.
Ideally get every account password changed and make sure that they are strong passwords or they will get hacked again and your server will become an authenticated relay again.
_____________________________
Alan Hardisty
http://www.it-eye.co.uk
http://alanhardisty.wordpress.com
http://www.exchange-certificates.com
|
|
|
|
|
RE: 4.4.7 error to one domain - 20.Dec.2011 1:46:01 PM
|
|
|
dmonty83
Posts: 54
Joined: 6.Jan.2007
Status: offline
|
Ok. Things seem to have quieted down.
I checked our server for possible blacklisting using the site you mentioned above and mxtoolbox and neither indicate that we are blacklisted aside from one or two.
I still have emails being held up in our queue, they are legitimate. How can I move them along?
Thanks.
David
|
|
|
|
|
RE: 4.4.7 error to one domain - 20.Dec.2011 1:48:55 PM
|
|
|
alanhardisty
Posts: 389
Joined: 28.Feb.2010
Status: offline
|
Have a look at them in the queue and see who the sender is and the subject. If they are valid, then they should go, but of not, then delete them.
If you are an authenticated relay, you should be blacklisted, so that sounds different to what's going on here, but the senders are not from your domain - which is typical authenticated relay.
_____________________________
Alan Hardisty
http://www.it-eye.co.uk
http://alanhardisty.wordpress.com
http://www.exchange-certificates.com
|
|
|
|
|
RE: 4.4.7 error to one domain - 20.Dec.2011 1:51:09 PM
|
|
|
dmonty83
Posts: 54
Joined: 6.Jan.2007
Status: offline
|
The messages that have started to show up since we discovered what username was being used to authenticate have subsided.
The emails that I see now are people that are working right now and trying to send emails. They seem stuck in the queue.
|
|
|
|
|
RE: 4.4.7 error to one domain - 20.Dec.2011 1:53:37 PM
|
|
|
dmonty83
Posts: 54
Joined: 6.Jan.2007
Status: offline
|
What is also weird is that the folder (C:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue) for the queue is empty.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
