Queue Message: 421 4.4.0 [internal] "no MXs for this domain could be reached at this time." for a Symantec Messaging Gateway appliance
|Article:TECH93089|||||Created: 2009-01-25|||||Updated: 2012-06-07|||||Article URL http://www.symantec.com/docs/TECH93089|
The Symantec Messaging Gateway (SMG) appliance shows messages in the delivery queue with the message 421 4.4.0 [internal] no MXs for this domain could be reached at this time.
421 4.4.0 [internal] no MXs for this domain could be reached at this time
This is not an error but a description of why the message could not be delivered. The message indicates a general mail delivery attempt failure in which the appliance could not communicate with the remote mail system. This may be the result of an inability to successfully connect to the remote host, to resolve the MX records, or to resolve the DNS host names for the email domain to which the appliance is attempting message delivery. This can also be seen if a Control Center host's Quarantine SMTP listener is not available on port 41025.
Possible circumstances that may cause this issue:
- The local MTA (SMG) cannot communicate with the remote MTA.
- Connection refused by remote MTA
- Connection times out while trying to connect to the remote MTA
- Mail Exchange (MX) record(s) and A records missing
- Firewall rule blocking connection from local MTA IP address
- Destination management - Domain Settings
- Check Protocols > Domains
- Consider adding or modifying the Optional Destination Routing
- A remote Control Center's Quarantine SMTP listener is not available on port 41025 (for Quarantine bound Email)
- Masked mail banner - similar to the one found in Cisco Pix Mailguard/SMTP Fixup
- Issue with PTR or RDNS enforcement
- Invalid Response
- DNS query failure for calls larger than 512 bytes ( DNS UDP packet size has been limited to 512 bytes in SBG 8.0.2-12 and SMG versions )
- Microsoft KB 828263: http://support.microsoft.com/kb/828263
This shows an example of how to troubleshoot a problem to deliver messages to a failing remote domain, in this case example.com is the intended target domain:
sbg9> nslookup -type=mx example.com
example.com mail exchanger = 5 mail.example.com.
Authoritative answers can be found from:
mail.example.com internet address = 192.0.2.10
sbg9> telnet -b 10.160.96.148 192.0.2.10 25
Connected to 192.0.2.10.
Escape character is '^]'.
220 hostname Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Thu, 14 Oct 2010 13:01:06 +0100
Article URL http://www.symantec.com/docs/TECH93089