It *could* be a firewall issue. I assume from your post that your firewall is in the mailstream as a mailer. If that's the case, then you're not failing to send to the remote host, but rather to the firewall. It's a little confusing from your post however. Are you using a mailer-daemon on the firewall to filter traffic or does exchange have TCP 25 destination ability on it's own? Al _____ From: paul_lemonidis@xxxxxxxxxxx [mailto:paul_lemonidis@xxxxxxxxxxx] Sent: Wednesday, May 26, 2004 11:35 AM To: [ExchangeList] Subject: [exchangelist] RE: Backup MX records. http://www.MSExchange.org/ Hi Al I see your point about traffic levels. The problem is I have seen mail queue up to these Domains for several hours at a time or even timeout after the deafult 2 days? We also have a couple of clients to whom we constanty have this problem. Could this possibly be a firewall issue at my end? I guess it could by the same token be their firewall but if they are receiving mail from everyone else I think that is unlikely. I have a Watchguard box and what they do with SMTP is unbelievable. Even NDR's back to senders are heavily modifyied! What Exchange sends and what gets out the firewall are totally different!! From what you say about resolution the force connection option must cause DNS to be queried again as once I had my second connector up and clicked the option the message in the queue form before it was created was delievered. Many thanks for your prompt reply and help. Regards, Paul Lemonidis. ----- Original Message ----- From: Mulnick, <mailto:Al.Mulnick@xxxxxxxxxx> Al To: [ExchangeList] <mailto:exchangelist@xxxxxxxxxxxxx> Sent: Wednesday, May 26, 2004 4:08 PM Subject: [exchangelist] RE: Backup MX records. http://www.MSExchange.org/ <http://www.MSExchange.org/> Generic SMTP problem. 4xy is a transient error (specifically, 421 is transient indicating that the host might be shutting down and must end the transmission). It's not a hard error, so it's still a valid mail handler. If you have done the resolution, then you must then use the host specified. In this case, it's the lowest cost and you will therefore use that if it's available. If it's not available for some reason, (off network and not answering at all) then you can use a higher cost MX record. General rule: if it's on the network answering SMTP verbs, it needs to be able to handle the traffic. If it can't, it needs to be removed to correct mail flow. From 974: "For example, a response code of "non-existent domain" should probably cause the message to be returned to the sender as invalid, while a response code of "server failure" should probably cause the message to be retried later" It's not a hard and fast rule, but if all hosts were to repeatedly try the mailers for a transient error, there would be significantly more traffic on the internet today. Al _____ From: paul_lemonidis@xxxxxxxxxxx [mailto:paul_lemonidis@xxxxxxxxxxx] Sent: Wednesday, May 26, 2004 10:45 AM To: [ExchangeList] Subject: [exchangelist] Backup MX records. http://www.MSExchange.org/ Hi All I have an Exchange 2003 Service Pack 1 machine. My question relates to SMTP sending. Every so often I see messages queued up for remote hosts. Sure enough from the machine I telnet to the lowest cost MX record for the remote host and the connection is dropped with an error 421, connection lost message. However, on a number of occasions I can sucessfully telnet to the higher cost hosts. Exchange, however, will simply not use them. Today as a test I decided to setup a second Internet Mail connector and limit the address space to just the Domain affected. I then rather than use DNS to forward the message chose to use the second MX record to forward to the second lowest cost MX record host directly. I then went to the queue and forced delievery. This time the message was delievered fine, well the message certainly disappeared from the queue and was not bounced. I will not be absolutely able to confirm he received it until tomorrow unfortunately but I am confident he will have. My question is this. I was told many months ago that 421 means please try again later and hence Exchange will do that rather than trying alternative MX records. Does this thus mean that any server on the Internet that issues this message makes the whole concept of backup MX records worthless? Based on what I understamd you could have 100 servers but if the first one has the lowest MX record cost and issues a 421 message Exchange\SMTP will simply ignore all 99 others despite them being able to receive perfectly? Firstly am I correct and secondly is this a generic SMTP problem or an Exchange problem and finally other than my somewhat less than ideal workaround is there a better way of resolving the issue please? Many thanks in advance. Regards, Paul Lemonidis. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: al.mulnick@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: paul_lemonidis@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: al.mulnick@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')