421 4.4.0 [internal] no MXs for this domain could be reached at this time

This issue has been solved. See solution.
Carlos Henrique Oliveira's picture
Carlos Henrique Oliveira
July 3rd, 2009

   Hello,

   Some days ago, our Brightmail server became unable to send e-mail messages to some domains, like terra.com.br .

   Users receive the message bellow:

Delivery Failure Report
Your document: Teste 18:27
was not delivered to: kkrj@terra.com.br
because: 421 4.4.0 [internal] no MXs for this domain could be reached at this time

   I was in touch with Symantec Support, after 40 minutes waiting on hold, i could talk to someone to help. He told me to update from 8.0.1 to the last version 8.0.2, he said that this would fix this bug.

   Yesterday i did the update, so now we are on 8.0.2 version, but the problem continues.

   This is what Brightmail's log shows:

kkrj@terra.com.br coliveira@mycompany.com.br Friday, Jul 03, 2009 09:59:03 AM BRT 421 4.4.0 [internal] no MXs for this domain could be reached at this time

   I checked the settings 30 times or more, all seems right, in fact, nothing changed recently that i could remember. I run Brightmail utilities (Administration -> Utilities) to Nslookup and Trace one of the domains, but everything seems right.

Results for "terra.com.br"
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
terra.com.br mail exchanger = 10 vip-us-br-mx.terra.com.
Authoritative answers can be found from:
terra.com.br nameserver = ns1.terra.com.br.
terra.com.br nameserver = ns2.terra.com.br.
vip-us-br-mx.terra.com internet address = 208.84.244.133
ns2.terra.com.br internet address = 200.176.2.173
ns1.terra.com.br internet address = 200.176.2.172

   Anyone has seen this problem before ?

   Thanks,
   Carlos Oliveira

Filed under: , ,
0 votes
Ian McShane's picture
Ian McShane
20 weeks 3 days ago

Telnet?

 Hi,

Are you able to initiate an SMTP connection to the MX records via telnet?


//ian

0 votes
Carlos Henrique Oliveira's picture
Carlos Henrique Oliveira
20 weeks 2 days ago

Tested SMTP connection

   Hi Ian, thanks for being in contact.

   At another of our servers, i tested a SMTP connection and seemed OK.

   open vip-us-br-mx.terra.com 25
220 quesnel.terra.com ESMTP

   ehlo mycompany.com.br
EHLO mycompany.com.br
250-quesnel.terra.com
250-PIPELINING
250-SIZE 26214400
250-ETRN
250-ENHANCEDSTATUSCODES
250 8BITMIME

   MAIL FROM:coliveira@mycompany.com.br
501 5.1.7 Bad sender address syntax

   Thanks,
   Carlos Oliveira

0 votes
ANDREY FYODOROV's picture
ANDREY FYODOROV
20 weeks 2 days ago

kind of the same here

I am seeing some messages stuck in the delivery queue on our Brightmails.

I tested with Telnet and the destination domains' mail servers actually took ~30 seconds to respond.

I also tested from MXToolbox.com and those domains took ~30 seconds to respond, so I wrote it off as the recipient server's problem.

0 votes
TomC 2's picture
TomC 2
19 weeks 6 days ago

Hello,

It looks like the issue they are referring to in the case is related to MX record fail over. This was actually fixed in version 8.0.1-7 I believe. I tried to look through the other case notes but unfortunately I don't speak Portuguese.  :-)  So I could be wrong, but that is what I got from the notes so far.

On the telnet session you could try to use brackets around the address to see if this helps. Example: <blah@blah.local>
Sometimes this helps with address syntax. That might get you a little further on the telnet session and give a little more information on what is happening.

Thanks!

0 votes
Roju's picture
Roju
19 weeks 5 days ago

I have a little bit doubt on

I have a little bit doubt on this. Some of my scanners throws the same error even while sending mail to domains like Yahoo.com and gmail.com. But after some time, this will get flushed automatically.

Regards,
...rOjU...

0 votes
Roju's picture
Roju
19 weeks 5 days ago

Some more error which I used

Some more error which I used to get are as below

451 4.4.2 [internal] no MAIL FROM response

452 Command not completed due to insufficient system storage

Any suggestions on this?

Regards,
...rOjU...

0 votes
fferaboli's picture
fferaboli
19 weeks 5 days ago

KB article updated

Solution

Hi,

the KB article for this topic has been updated recently:
service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009032512563954

This is not an error. Is a description of the event where the local MTA cannot reach the remote MTA for various reasons.
Most of the cases I've seen there's an issue with the remote MTA (not available) or DNS records.
You can test this by telnetting to the remote MTA from the scanner. Also make sure that if you have 2 interfaces, the one telnet is bind to is the one that should deliver the message. In some cases there was a firewall rule blocking one of the interfaces to connect to the MTA where the message should be delivered. That can be sorted by reconfiguring the firewall or changing the binding settings.
If you still see the issue open a case with Technical Support.

Federico

0 votes
SOLUTION
Carlos Henrique Oliveira's picture
Carlos Henrique Oliveira
19 weeks 3 days ago

It's OK now

   After reading the KBarticle above, i was in touch with TERRA provider.

   Seems that there was a problem in their configuration, avoiding the SMTP connection from my company. Two days after asking them for help, the e-mail messages sent from my company to TERRA came back to normal.

   No more 421 4.4.0 error messaging received, and e-mails are now being sent to TERRA.

   After all, in my case, was not a Brightmail problem.

   Thanks everyone for the great help !
   Carlos Oliveira

0 votes
Ian McShane's picture
Ian McShane
19 weeks 3 days ago

Cool

Glad to hear it Carlos.

Can you mark this thread as solved?

thanks!

//ian

0 votes