Video Screencast Help

Error Configuring Mail Proxies

Created: 26 Jan 2012 • Updated: 02 Feb 2012 | 12 comments
Mohammad Ashkaibi's picture
This issue has been solved. See solution.


I'm having a trouble configuring my PGP Universal Gateway Email server to proxy email traffic with the error "host or domain name not found". The server is still in Learn Mode, but it gives the errors as shown in the attached files (screenshot1 & screenshot2). Below are some info:

- Gateway placement

- Placed in the DMZ next to the Exchange Server 2010 Edge Transport role

- Active Directory, DNS and Exchange Hub Transport are all in the internal network protected with firewalls

- PGP server can communicate with the internal network over the ports 389 (LDAP), 53 (DNS) and 9000 (administration)

- Operating in Learn Mode, with Mail Proxies feature properly licensed

- See configurations of my mail proxies in screenshot3

I'm sure this is a famous issue and I hope someone out there can assist me!

Many thanks in advance.



Comments 12 CommentsJump to latest comment

skuehn's picture

Hi Mohammad,

it looks like you´ve an DNS Problem.

Try to resolve one auf the MX entries, which the PGP Universal Server can't find via the same DNS server which ist configured in the UN.

For example(windows):

nslookup -type=mx <IP of the configured DNS Server>

What result did you get?

Also double check, if the Universal Server can reach the DNS-Server.

Mohammad Ashkaibi's picture

Thanks for the reply Skuehn! Most likely it is an internal issue with name resolution, since none of the emails in the queue could reach their destination and they are in different domains, as the first screenshot shows two domains (this is in addition to another domain for an email that was queued after I took this screenshot!!)

I've already opened access to the internal network through firewalls over port 53 which is for DNS, is there anything else to do or look at?


Julian_M's picture

Disable Learn mode; it blocks lots of email features.

Most likely its related to this, you can read more in the administrator´s guide:

When you consider the issue resolved, please click Mark As Solution on the post that best provided the solution.

Mohammad Ashkaibi's picture

Thanks Julian! As far as I know, Learn Mode does the following:

- Create keys for internal users

- Try to verify/decrypt incoming emails when possible and if configured to do so

- Organize internal and external users into groups as per group membership settings

Though I'm still operating in Learn Mode, it does not say it has to do with anything related to name resolution and emails being accumulating in the queue.

How could I know if my server is really licensed for Mail Proxies feature? And if I have a licensing issue, could this be the cause?

Thanks everyone...

skuehn's picture

Hi Mohammad,

have you tried the name resolution from another host as mentioned in my first reply?

It looks like that you have to search for the problem at the DNS-Server and not at Universal Server



Mohammad Ashkaibi's picture

Hi Stephan,

I shutdown PGP UN and connected a Windows laptop to the same LAN point and gave it same TCP/IP settings of PGP UN. It was unable to resolve names! The reason was because we allowed DNS communication through the firewall only via TCP (and not UDP). After allowing for UDP DNS traffic, it became able to relay emails.

However, another problem appeared. After being able to resolve domain names and relay the first set of outbound emails, it started to queue emails due to "connection timed out" errors. I believe it is a performance issue, but my server has 6-core processor and 8 GB of RAM!

See the screenshots...


- Mohammad

image001.png image002.png
skuehn's picture

Hi Mohammed,

Please check the following:

1. Telnet from another client to one of the timeout servers, port 25:


telnet 25

Are you able to establish a connection?

2. Have a look at the Postfix logs in Universal Server

Reporting -> Logs -> Choose "Postfix"

Which details can you see for the connection attempts?


Mohammad Ashkaibi's picture

Hi Stephan

I hope you would be able to make anything out of these logs. Thank you!

- Moh

AttachmentSize 78.4 KB
skuehn's picture

Hi Mohammed,

there some "host or domain not found" errors. Seems to be correct, because these domains doesn't exist nor have a MX record.

Also there are many "connection timeout" errors.

Please check your at your firewall (external) if the PGP Server is allowed to connect to any host in the internet at port 25 (SMTP).

(Also see check 2 at my last post)


Mohammad Ashkaibi's picture

Thanks Stephan. You're correct about the "host or domain not found" errors, because those email addresses/domains are currently not valid.

Regarding "connection timed out" errors, the reason I'm doubting server's performance is that when I first configured Exchange to relay through PGP UN, I sent a test email to a Yahoo! account and it went through normally. Later when I noticed emails were being queued up I sent another email to Yahoo! but it didn't pass.

- Moh

skuehn's picture

For me it doesn't looks like an performace issue.

Just do the test mentioned in my last 2 posts.

Mohammad Ashkaibi's picture

Hi Stephan,

Well, I could discover what it is. We did NOT configure reverse lookup and MX to account for PGP UN. That caused the receiving servers defer/deny connections from PGP UN thinking that it might be a bad guy trying to spam them.

Thanks for the help!

- Moh