Re: ESA delays emails to an external domain

dunnem · ‎08-24-2020

Hello lads,

We started getting strange NDR for emails sent to an external domain. Once the internal Exchange server connects to the ESA, it manages to queue the message successfully for a delivery. However, after that, the ESA doesn't send the email until after 2 days.
The next thing is that the recipient email server accepts the message and immediately rejects it with a:
'554 5.0.0 < #5.0.0 smtp; 5.4.7 - Delivery expired (message too old) 'DNS Soft Error looking up @@@.com (MX) while asking dns102.register.com. Error was: unable to reach nameserver on any valid IP' (delivery attempts: 0)>'
The DNS settings are set to use the root DNS servers.
All that happens with emails addressed only to that specific external domain. I've checked all Outgoing policies but there is nothing related.
Any help will be greatly appreciated.

charella · ‎08-24-2020

Hello dunnem,

This error message comes from the ESA.
It indicates the bounce timer has expired.
'554 5.0.0 < #5.0.0 smtp; 5.4.7 - Delivery expired (message too old) 'DNS Soft Error looking up @@@.com (MX) while asking dns102.register.com. Error was: unable to reach nameserver on any valid IP' (delivery attempts: 0)>'

The deliveryqueue
Or CLI > tophosts > 1
Displays messages pending delivery.
Mail resides here if it is unable to deliver to the destination for any reason.
It may be as simple as someone spelling “gmiail.com” incorrectly.
The default hold timer is 72 hours.
Once 72 hours has been reached the below error generates.
---
Note the domain @@@.com
It most likely does not exist.

Viewing the tophosts output the sample below shows the asterisks symbol next to the number *.
It identifies that domain as unreachable.
1* fakedomain1.com
3* bounce.fakedomain2.net
---
If you then execute the cli command using this format. Cli > hoststatus fakedomain2.com
for a domain entry containing the astrisks, the domain delivery statistics would appear including dns lookup results and error messages at the bottom.
……

A simple test to ensure your dns is working would be to perform a few dns checks from the CLI.

Cli > dig cisco.com mx
Cli > dig alln-mx-01.cisco.com
Cli > dig -x 173.37.147.230

I hope this is useful.
Thank you,

dunnem · ‎08-25-2020

Hi charella,

many thanks for your input, it's helpful indeed.

I think I had to be more detailed in my initial post where it is @@@, i just replaced the actual domain name with a dummy string.

Today I tried reproducing the issue by following your guidelines and to my surprise the 2 emails I've sent went through without any delays. As there were not any changes between then and now, i thought the issue was external.

However as it was only for that domain, decided to dig further and I was surprised by my finding. For some strange reason, someone had renamed 2 Log Subscriptions file names to be with the same name as the @@@ domain.

I'll be renaming the filenames for "SMTP Conversation Logs" and "Domain Debug Logs" back to their original filenames later tonight.

Still no idea why 2 email from today went through though....