Messaging Gateway

hi all,

Now I have some problems with sending email to some domains (ex. yahoo.com; gmail.com.vn;...). Email is stuck in Message Queues with following errors:
421 4.4.0 [internal] no MXs for this domain could be reached at this time
450 4.4.1 [internal] Connection Timed Out
Client host rejected: IP address greylist check, be patient.
451 4.4.2 [internal] connection closed by remote host
451 4.4.2 [internal] no BODY response
451 4.4.2 [internal] no HELO/EHLO response

From the Control Center, I still can ping, tracert, or telnet to those domains.
I've tried some searching but still cannot fix that problems.
Pls someone helps! (sorry for my bad En.)
Thanks in advanced

https://www-secure.symantec.com/connect/forums/no-mxs-domain-could-be-reached-time-instead-undeliverable#comment-3237921

http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009032512563954?Open&seg=ent

Thanks Maheshrojia for fast reply. I've already tried this before:
+ Changed retry interval
+ Updated to latest version SBG (we're using SBG version 9.0.1-10)
+ Under "SMTP Delivery Bindings" change the bindings for non-local and dynamically routed messages to "Auto"
+ Checked "Do not advertise 8BITMIME"
...but problem still persists

In addition, we still can send email to other domains, and domains which we cant send email to, still can receive email from other domains (I've tried to send email to them by using Gmail, it's OK)

Thanks

Notification bounce msg you are getting back..

Better to log complaint to Symantec support even, And what is your SMTP routing configuration

The error 421 ,450 and 451 means..

http://www.answersthatwork.com/Download_Area/ATW_Library/Networking/Network__3-SMTP_Server_Status_Codes_and_SMTP_Error_Codes.pdf

 

Around the ISP DNS nothing in exchange and SBF side what i felt..

http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009083111532454

These are transmission errors. Have you verified that the recipients actually exist by using a 3rd party to email them or tried manually telnetting to their MX records on port 25 to verify there is connectivity?

This is typically due to some form of network issue like firewall filtering or an issue on your ISP's network.

A great site to use to check these servers is http://mxtoolbox.com/ . You should test their domain and run an MX lookup, then run an SMTP test on each of their records to see if mxtoolbox is getting similar reponses.

Thanks Maheshroja and TSE-JDAvis so far!
YES recipients exist. I can send email to them by using Gmail account. Even from our Exchange Server, I can telnet or resolve their MX record and has same result with mxtoolbox.
This is very strange!!

Thanks for updating..

Ooobs! I means i still can send email to them by using Gmail account, but i cannot send to them by our domain account.
Emails still stay in SBG.

What are the smtp routings ..

Where is SMTP routing?
You means Delivery tab in SMTP Advanced Settings

Are you telnetting from your desktop or mail server to test the connectivity to these servers? You should be telnetting from a command-line interface on the Brightmail Gateway.

You will want to transmit an entire message through telnet to make sure it will accept messages from you.

Do you have a firewall that does any SMTP cleanup or scanning?

The next step at this point would be to run a packet capture to one of these recipients' IP addresses to see what the conversation looks like.

* Below telnet result:
220 mailgw.abc.com.vn ESMTP Welcome
helo abc.com.vn
250 mailgw.abc.com.vn says HELO to 172.25.8.209:49755
mail from:test@abc.com.vn
250 MAIL FROM accepted
rcpt to:ngoclinh@finen.com.vn
554 Recipient address rejected: User unknown

* We have Checkpoint firewall in front of SBG, but there's no SMTP scanning option
* "run a packet capture" -> you means "tracert"

Yeah, the server says that is not a valid user. The test failed in that situation. The server is refusing to accept the email.

Tracert is not a packet capture, I'm talking about using tcpdump.

Hi All,

I'm also currently experiencing these issues lately although no issues to gmail.com. I currently use an SMG 10.7.1.
Similar errors are found but its just for a selected few domains.

421 4.4.0 [internal] Failed to connect: no mail servers for this domain could be reached at this time
450 4.4.1 [internal] Connection Timed Out
451 4.4.2 [internal] no BODY response
451 4.4.2 [internal] no RSET response
454 4.4.4 [internal] no MX or A for domain

I already tried these solutions but still no help https://knowledge.broadcom.com/external/article/177591/email-remains-in-the-delivery-queue-with.html

Note that after sending the email from our mail server, I also used the nslookup function under utilities and the resolved MX IPs checks out with MXToolBox I opened in parallel. I can also telnet the receiving servers from SMG CLI.

We're also experiencing this errors to selected domains that uses hosting services. Not sure if related to the issue above.
Would appreciate any leads as to how to resolve this.

421 aaa.bbb.ccc SMTP incoming data timeout - closing connection

 

Original Message:
Sent: 09-10-2010 11:01 AM
From: Jeremy Davis
Subject: Cannot send to some domains

Yeah, the server says that is not a valid user. The test failed in that situation. The server is refusing to accept the email.

Tracert is not a packet capture, I'm talking about using tcpdump.