There is one sender who cannot send to any recipients in our domain. I can telnet to their server on port 25 but not port 110. POP3 is enabled on Exchange 2003. I look at message tracker, and there is no record of their emails coming in, but I do see emails going out to them. What settings do I need to change so that these mails get through? They continually get a delay message. Delivery is delayed to these recipients or distribution lists: This message has not yet been delivered. Microsoft Exchange will continue to try delivering the message on your behalf. Delivery of this message will be attempted until 6/11/2010 12:44:14 PM (GMT-08:00) Pacific Time (US & Canada). Microsoft Exchange will notify you if the message can't be delivered by that time

Question is, can they telnet to port 25 on your Exchange Server since they cannot send your mail server? What NDR is fired back when the message times out?MVP Exchange Server

Do you have TLS running or are they trying to send TLS? I'm assuming other people can send mail to you with out issue. Can they telnet from their mail sever to your SMTP server on port 25? Any anti-spam stuff going on? Mark Morowczynski|MCT| MCSE 2003:Messaging, Security|MCITP:EMA 2K7,EDA Win 7,ES,SA,EA|MCTS:Windows Mobile Admin|Security+|http://almostdailytech.com

I do not know if they can telnet to us, but here is the NDR message they finally get. Please let me know what that means to you. Microsoft Exchange has been trying to deliver this message without success and has stopped trying. Please try sending this message again, or provide the following diagnostic text to your system administrator. #550 4.4.7 QUEUE.Expired; message expired ## Original message headers: Received: from SOCRATES.sound.local ([fe80::74f9:e6c3:8f6a:58a3]) by SOCRATES.sound.local ([fe80::74f9:e6c3:8f6a:58a3%12]) with mapi; Tue, 8 Jun 2010 04:52:34 -0700 Date: Tue, 8 Jun 2010 04:52:33 -0700 Subject: FW: West Mall Business and Neighborhood Coalition Meeting Agenda Thread-Topic: West Mall Business and Neighborhood Coalition Meeting Agenda Thread-Index: AcqQx4vOb3sFDghAQZyfwAxdHCVOtAAACuKAA4dT0zABV6VPYAAEqYswASdR8MADJmoDgAD+10ewEzZXiUAAJ8gikA== Message-ID: <6880C6F6142B7041B4EEA4E4D805E8F512A4B7FFE4@SOCRATES.sound.local> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_6880C6F6142B7041B4EEA4E4D805E8F512A4B7FFE4SOCRATESsound_" MIME-Version: 1.0

We do not have TLS required on the server. Other companies can send email successfully. The issue is only from this specific company to us. Again, when she sends, there is nothing showing in the mail tracking log.

There wont be anything in the mail tracking since the message never arrives. I'm guessing they can't telnet either. The troubleshooting needs to be done from their side. Are they getting the proper IP when the do a DNS lookup of your MX? If they can't connect to you on port 25, they wont be able to send mail. Sometimes firewalls block enhanced SMTP, see if that is also an issue. Once again this sounds like it is all on their side. From your side are you doing any spam filtering against them. Are they on any RBL that you use?Mark Morowczynski|MCT| MCSE 2003:Messaging, Security|MCITP:EMA 2K7,EDA Win 7,ES,SA,EA|MCTS:Windows Mobile Admin|Security+|http://almostdailytech.com

Can you see if they can telnet to port 25 on your Mail Server? Are you using a filtering service or appliance in front of your Exchange Server? Message Expired leads me to believe you are blocking/filtering their domain which could or could not be related to a issue on their end such as being blacklisted, no SPF Record, etc. I would also suggest you perform a DNS check on their domain as it was not included in the above NDR.MVP Exchange Server

I am going to have them test telnet on port 25. I checked blacklists for both send and receive mail servers, and both are clean. Their domain is whitelisted on our mail server. I will see if there is anything on our firewall. I ran a DNS test on their domain and got the following result. (it did show two warnings) Not an open relay. 0 seconds - Good on Connection time 5.398 seconds - Warning on Transaction time OK - 199.181.165.20 resolves to Warning - Reverse DNS does not match SMTP Banner Session Transcript: HELO please-read-policy.mxtoolbox.com 250 remote.soundscreening.com Hello [64.20.227.133] [125 ms] MAIL FROM: <supertool@mxtoolbox.com> 250 2.1.0 Sender OK [78 ms] RCPT TO: <test@example.com> 550 5.7.1 Unable to relay [5101 ms] QUIT 221 2.0.0 Service closing transmission channel [94 ms]

There is most likely your issue if you are performing this currently, "Reverse DNS does not match SMTP Banner". This needs to be corrected on their end as they will continue to have issues not only with your mail server but many others that perform this check.MVP Exchange Server

Thanks, I will let them know. Also, I had them run a telnet test from their network to us. They failed on both port 25 and 110. I had them do the same test to another companies mail server and they had success. Any thoughts?

It really depends on what you are performing on your end, but I would think they would at least get an SMTP Banner if they telnet to port 25 of your Exchange Server. Can you verify with your firewall logs they are actually passing the firewall when they tested port 25 telnet?MVP Exchange Server

Mark, Ask them to telnet port 25 using your public IP address just to elimiate a problem with their DNS. MiguelMiguel Fra / Falcon ITS Computer & Network Support, Miami, FL Visit our Knowledgebase Sharepoint Site

Hi, Did you check the SMTP receive log on your Exchange server? If there has the track, that indicates the message was blocked on the SMTP session. If no track in there, that should be the source server could not find your Exchange server and telnet it. Thanks Allen

Hi Allen, There is still no trace of the emails on the Exchange Server. I can see email going out to her, but none of her replies reach the server. If that indicates that the source server is the problem, what is the fix for it? the source server could not find your Exchange server Thanks, Mark

Hello, I have had them try telnet again with the IP address instead of the domain, and they still fail on port 25. This issue is still ongoing. Noone from the sending company can send to our company. Is there some tests to run to confirm whether the messages are making it out of their network or not? Thanks, Mark

Have a look at your SMTP log. Search for their ip address and you might well see the initial EHLO from their server and maybe some further entries. That'll tell you if they are getting out of their network. When I've seen this kind of problem it's usually caused by a firewall blocking one of the SMTP commands or responses, after which the whole transaction grinds to a halt while both servers waits for a response. -Peter

Hello, If they cannot telnet into your server using your IP address, my guess is that you are blocking them somehow. If they could not telnet on port 25 they would know about it because all of their emails would not reach their recipients. If you do not see the IP in your SMTP logs as durkeep has indicated, firewall log will likely have a good clue. Here's some possibilities, I am guessing your firewall is dropping them. 1. Firewall IP Filter - Check that IP addresses or ranges are not blocked by firewall or IDS, etc. 2. Packet Fragmentation - This can cause communications problems between routers, especially where IDS is active. Check your router's logs, there has to be some kind of log file indicating that packets from host sender's IP was dropped. I am guessing firewall here. MiguelMiguel Fra / Falcon ITS Computer & Network Support, Miami, FL Visit our Knowledgebase Sharepoint Site