Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6721
Views
0
Helpful
9
Replies

Soft Bounce with Error

Go to solution
rockbd
Level 1
Level 1

‎04-23-2017 05:05 AM

Did anyone face a soft bounce problem with following error

"amitabh.chak@xyz.com delayed. Reason: 4.3.0 - Other mail system problem ('451', ['4.7.0 Temporary server error. Please try again later. PRX2 ']) []
23 Apr 2017 17:19:50 (GMT +06:00)  

Message 2993017 to amitabh.chak@xyz.com pending until Sun Apr 23 19:19:49 2017 as per bounce profile Default.

How to mitigate this error.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎04-23-2017 08:51 PM

Hi,

This error is usually due to an issue on the exchange server side as described in the below articles.

http://stackoverflow.com/questions/20171135/exchange-2013-the-server-response-was-4-7-0-temporary-server-error-please-try

http://social.technet.microsoft.com/Forums/exchange/en-US/fc26dac5-d4e2-49da-903d-361ea8b85388/451-470-temporary-server-error-please-try-again-later-prx5?forum=exchangesvrgeneral

Most articles available point to a DNS issue on the exchange side.

Thank You!
Libin Varghese

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎04-23-2017 08:51 PM

Hi,

This error is usually due to an issue on the exchange server side as described in the below articles.

http://stackoverflow.com/questions/20171135/exchange-2013-the-server-response-was-4-7-0-temporary-server-error-please-try

http://social.technet.microsoft.com/Forums/exchange/en-US/fc26dac5-d4e2-49da-903d-361ea8b85388/451-470-temporary-server-error-please-try-again-later-prx5?forum=exchangesvrgeneral

Most articles available point to a DNS issue on the exchange side.

Thank You!
Libin Varghese

0 Helpful

Go to solution
rockbd
Level 1
Level 1
In response to Libin Varghese

‎04-24-2017 09:01 PM

Thanks.

I go through those article and make changes in my xchage and i think till now no soft bounce with that error. :)

But with a new error a few mail getting soft bounce the error is as follows:

(DCID 6013) Message 2332 to smoqwed@yahoo.com delayed. Reason: 4.4.2 - Bad connection ('000', ['Connection Lost']) []

and

Message 3002332 to smoqwed@yahoo.com received remote SMTP response 'ok dirdel'.


Is this due do some misconfig or changes of exchange?

0 Helpful

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee
In response to rockbd

‎04-25-2017 04:51 AM

Hi,

SMTP response 'ok dirdel' would indicate the email was delivered and this would not be a bounce.

Reason: 4.4.2 - Bad connection ('000', ['Connection Lost']) [] would normally indicate a connectivity or network issue establishing a TCP connection with the destination host.

You could try and set up a packet capture for the destination IP in question or attempt to telnet to that destination server from the device command line over port 25.

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118467-technote-esa-00.html

- Libin V

0 Helpful

Go to solution
rockbd
Level 1
Level 1
In response to Libin Varghese

‎05-01-2017 10:21 PM

Yes you are right that the Reason:4.4.2 Bad connection is not related to soft bounce. But it occur once or twice for a one domain (reported) in a day.

How can i do packet capture in ESA? i think i have to do the packet capture in swtich or router isn't it? So there is nothing to do in ESA part. 

Waiting for your respond.

0 Helpful

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee
In response to rockbd

‎05-02-2017 04:52 AM

You can set up packet capture on the ESA from the GUI under Help and Support -> Packet Capture or using command "packetcapture host <IP>" from the command line.

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117797-technote-esa-00.html

The IP to use in the capture would be the IP for the destination server seen in the delivery connections (DCID).

Setting a packet capture on other network equipment in the mail flow path could also help.

- Libin V 

0 Helpful

Go to solution
rockbd
Level 1
Level 1
In response to Libin Varghese

‎05-02-2017 07:08 AM

Thanks again for the reply.

The problem is once or twice for 1 user complain with one domain. Next time i will try to do the packet capture if problem occur again.

Another problem don't know it is ironport related or not. The problem is when i try to send mail my domain from gmail is show TLS is not enable but i enable the TLS in the iron port? As ironport is my gateway isn't gmail checking only my ironport TLS? Or other things need to be done.

0 Helpful

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee
In response to rockbd

‎05-02-2017 07:37 AM

Please review the message tracking details for the email in question and confirm which sendergroup is matched.

You would need to confirm TLS is enabled on that specific sendergroup mail flow policy to ensure connections are secure.

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118844-technote-esa-00.html

- Libin V

0 Helpful

Go to solution
rockbd
Level 1
Level 1
In response to Libin Varghese

‎05-08-2017 01:28 AM

Done it but still showing same error on gmail.. what else goes wrong in this case.

0 Helpful

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee
In response to rockbd

‎05-08-2017 05:04 AM

You could set up a packet capture or injection debug logs for the sending IP to confirm why the connection is failing.

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117797-technote-esa-00.html

- Libin V

0 Helpful
Customers Also Viewed These Support Documents