4.4.7 error to one domain

4.4.7 error to one domain (Full Version)

All Forums >> [Microsoft Exchange 2003] >> Message Routing

Message

Twisster76 -> 4.4.7 error to one domain (13.Dec.2011 5:19:49 PM)
I'm perplexed by this one. I have a domain I can't send emails to, they just sit in the queue and retry for 2 days. I can email the domain from gmail without issue. I can email the domain via Telnet from the Exchange box as well. This makes me think it's an exchange config as the Firewall would have likely blocked the telnet smtp traffic. Admittingly, I'm a little green at this too. Any input would be appreciated, also just into my 2nd week of employment with this company and still scratching the surface on their existing configurations. Thanks.

alanhardisty -> RE: 4.4.7 error to one domain (13.Dec.2011 5:24:31 PM)
Please have a read of my blog page and check that the Exchange Server is configured optimally and no other issues exist: http://alanhardisty.wordpress.com/2010/02/25/problems-sending-emails-to-external-domains/

dmonty83 -> RE: 4.4.7 error to one domain (18.Dec.2011 7:57:36 PM)
I am having the same issue except it is multiple email providers that are denying our emails and keeping them in our exchange queue. One is hotmail, I contacted them and they claim we are not being blacklisted by any Microsoft email service. I checked our reverse DNS for our email domain "westminster-ma.gov" and it has no a record. Our FQDN for the email server meetinghouse.westminster-ma.gov. I do not understand what may have happened to our setup as it was working just fine. If you have any other suggestions I would appreciate it greatly! David

alanhardisty -> RE: 4.4.7 error to one domain (18.Dec.2011 8:03:13 PM)
Fire me an email to alan @ it-eye.co.uk and I'll see what our anti-spam software makes of you.

dmonty83 -> RE: 4.4.7 error to one domain (18.Dec.2011 10:55:08 PM)
Email sent.

dmonty83 -> RE: 4.4.7 error to one domain (18.Dec.2011 10:55:14 PM)
Email sent.

dmonty83 -> RE: 4.4.7 error to one domain (19.Dec.2011 12:34:43 AM)
The email I sent you is sitting in my MS Exchange queue. Hmmm....

alanhardisty -> RE: 4.4.7 error to one domain (19.Dec.2011 3:24:14 AM)
Your email hit my server and was temporarily Greylisted, but with the information in my logs, I have found the following: If you visit http://www.blacklistalert.org/ and enter your IP Address 74.xxx.xxx.218 you will see a problem that needs resolving. Your FQDN of your mailserver is meetinghouse.domain.gov yet your Reverse DNS is configured as just domain.gov, but domain.gov doesn't resolve to an IP Address. You should ideally have meetinghouse.domain.gov setup as your Reverse DNS record, or you need to point meetinghouse.gov to the same IP Address (74.xxx.xxx.218).

dmonty83 -> RE: 4.4.7 error to one domain (20.Dec.2011 12:41:48 PM)
Ok I believe that we have that resolved, but the root of our probelem still exists. Our email server seems to be spamming multiple email addresses.

alanhardisty -> RE: 4.4.7 error to one domain (20.Dec.2011 12:50:08 PM)
Please explain more about the spamming. Is the server sending out messages on it's own? If so - who is the sender? Administrator or some random email address not managed on your server?

dmonty83 -> RE: 4.4.7 error to one domain (20.Dec.2011 12:51:16 PM)
Hi Alan, Its from our server and it is coming from email addresses out side of our jurisdiction. David

alanhardisty -> RE: 4.4.7 error to one domain (20.Dec.2011 12:54:52 PM)
In that case, you are an authenticated relay. Some more reading for you from my blog: http://alanhardisty.wordpress.com/2010/02/11/why-are-my-outbound-queues-filling-up-with-mail-that-we-didnt-send/ A quick fix would be to disable Integrated Windows and Basic Authentication on the SMTP Virtual Server, but if you have external users with SMTP / POP3 accounts that will cause them problems.

dmonty83 -> RE: 4.4.7 error to one domain (20.Dec.2011 12:58:08 PM)
Ok. I was thinking that we were relaying within our organization. That is not the case then?

alanhardisty -> RE: 4.4.7 error to one domain (20.Dec.2011 1:05:39 PM)
Not in my experience - smells badly of an authenticated relay, which would put you on some blacklists and cause your problems with sending mail to domains. Are your queues full of messages going nowhere?

dmonty83 -> RE: 4.4.7 error to one domain (20.Dec.2011 1:26:09 PM)
Ok i changed the logging level and only had 3 entries for event ID 1708. Is that consistent with an authenticated relay attack?

alanhardisty -> RE: 4.4.7 error to one domain (20.Dec.2011 1:30:17 PM)
Yes - a single account is all that is needed to be an authenticated relay. I would change those account passwords to strong passwords and let the users know what they are. Then monitor and empty the queues. If the problem goes away, then you have sorted the problem for now, but keep an eye on it. Ideally get every account password changed and make sure that they are strong passwords or they will get hacked again and your server will become an authenticated relay again.

dmonty83 -> RE: 4.4.7 error to one domain (20.Dec.2011 1:46:01 PM)
Ok. Things seem to have quieted down. I checked our server for possible blacklisting using the site you mentioned above and mxtoolbox and neither indicate that we are blacklisted aside from one or two. I still have emails being held up in our queue, they are legitimate. How can I move them along? Thanks. David

alanhardisty -> RE: 4.4.7 error to one domain (20.Dec.2011 1:48:55 PM)
Have a look at them in the queue and see who the sender is and the subject. If they are valid, then they should go, but of not, then delete them. If you are an authenticated relay, you should be blacklisted, so that sounds different to what's going on here, but the senders are not from your domain - which is typical authenticated relay.

dmonty83 -> RE: 4.4.7 error to one domain (20.Dec.2011 1:51:09 PM)
The messages that have started to show up since we discovered what username was being used to authenticate have subsided. The emails that I see now are people that are working right now and trying to send emails. They seem stuck in the queue.

dmonty83 -> RE: 4.4.7 error to one domain (20.Dec.2011 1:53:37 PM)
What is also weird is that the folder (C:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue) for the queue is empty.

Page: [1] 2 next > >>