601 Error, Multiple Domains, SmarterMail 9.x.x, Mail coming IN, not going OUT

Discussion in 'SmarterMail' started by RobertKroll, May 5, 2012.

  1. RobertKroll

    RobertKroll New Member

    I have been working on this for days, and I am blurry eyed reading posts and knowledge base articles. I am running the following server:

    HP DL380 G4, 2x XEON 3.6, Windows Server 2008 R2, Smartermail 9.x.x

    I have 9 domains on the server, and up until about a week ago mail was moving properly. I tried the following:

    1. Checked for blacklists...negative
    2. Contacted ISP to check rDNS entry...positive for base url
    3. Changed ISP's to new provider w/dedicated IP
    4. Upgraded from Smartermail 8.x.x to 9.x.x
    5. Ran DNS test on mxtoolbox.com and failed only on reverse DNS doesn't match header
    6. Getting this error in my log: System.Net.Sockets.SocketException (0x80004005): The requested address is not valid in its context
    7. Tried to remove old IP bindings with no luck
    8. Performed nslookup and addresses appear correct

    My server ip address is: 96.232.168.227
    Here are a list of a few of the domains I am using:

    1. mail.datumcc.com
    2. mail.headstarthousing.com
    3. mail.krollfam.com
    4. mail.msc-site.com
    5. mail.temp-art.com
    and a few more

    Messages appear to stay in the spool, then they return: Reason: Remote host said: 601 Attempted to send the message to the following ip's: xxx.xxx.xxx.xxx

    I have an exchange 2010 server on another machine that is hosting 3 domains and it has been running flawlessly, so I am inclined to think there is a setting in SmarterMail that I am overlooking (I am very familiar with exchange, but sadly a novice with SM).

    Any help would be GREATLY appreciated.

    Kind Regards,
    Bob
  2. RobertKroll

    RobertKroll New Member

    Switched to IIS from built in web server, still problems.

    I disabled the built in web server and switched to IIS. I am able to send mail from one domain to another domain (on the same box). I also tried some outbound messages to several of my other servers (Exchange, Gmail, Optonline, Hotmail). Of the lot, only the Optonline account received the message. Oddly, I searched EVERY log on the system, and there are NO entries AT ALL. NOTHING apears in ANY logs. No Delivery, SMTP, Etc... According to the system, NOTHING was ever transmitted. The message is still lurking in the spool however, so I can imagine it will sit there for several ours then I will get a bounce "601" error message again.

    I don't have ANY of these problems with my Exchange machines. I may have to nuke SM and set up another MS box. It isn't worth it to pay for tickets to fix this application for it all to cost me more than exchange (and activesync is included in MSE).

    I am praying that SOMEBODY out there has an idea what is wrong here.

    EDIT:::
    Spoke too soon, just found this in Delivery log:

    11:08:28 [54034] Exception: Could not find file 'c:\SmarterMail\Spool\SubSpool5\7335454034.eml'.
    at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
    at System.IO.FileInfo.get_Length()
    at SmarterTools.SmarterMail.RelayServer.DeliveryManager.#rUb(SpoolMessage )
    at SmarterTools.SmarterMail.RelayServer.DeliveryManager.ProcessMessage(SpoolMessage )
    at SmarterTools.SmarterMail.RelayServer.DeliveryManager.#iUb()


    -Bob
  3. brianlewis

    brianlewis Product Expert

    Make sure your logs are set to Detailed, they are set to not log at all by default
    Check your DNS settings in SmarterMail, try using Google DNS servers 8.8.8.8 8.8.4.4 under SETTINGS / GENERAL SETTINGS

  4. RobertKroll

    RobertKroll New Member

    Good Call on the Logging, I didn't know that, but now another error...Getting Closer

    Thank you for the quick response, I changed the log settings and this is what I got:

    12:12:57 [35000] CMD: EHLO datumcc.com
    12:12:57 [35000] RSP: 250-Postini says hello back
    12:12:57 [35000] RSP: 250-STARTTLS
    12:12:57 [35000] RSP: 250-8BITMIME
    12:12:57 [35000] RSP: 250 HELP
    12:12:57 [35000] CMD: STARTTLS
    12:12:58 [35000] RSP: 220 Go ahead
    12:13:21 [35003] Delivery started for rkroll@datumcc.com at 12:13:21 PM
    12:13:24 [35003] Skipping spam checks: No local recipients
    12:13:27 [35003] Sending remote mail for rkroll@datumcc.com
    12:13:27 [35003] Initiating connection to 74.125.148.10
    12:13:27 [35003] Connecting to 74.125.148.10:25 (Id: 1)
    12:13:27 [35003] Binding to local IP 192.168.1.100:0 (Id: 1)
    12:13:27 [35003] Connection to 74.125.148.10:25 from 192.168.1.100:63365 succeeded (Id: 1)
    12:13:27 [35003] RSP: 220 Postini ESMTP 220 y650_pstn_c6 ready. CA Business and Professions Code Section 17538.45 forbids use of this system for unsolicited electronic mail advertisements.
  5. brianlewis

    brianlewis Product Expert

    That looks like a good connection, its not complete but its a connection out, were there more lines after that for [35003]? Go to www.myipaddress.com from the server to get your static ip, then do an nslookup on that static ip to make sure it resolves to a FQDN, then ping that FQDN and make sure it resolves back to the ip. Postini isn't going to allow the message if it doesn't match.

  6. chicagonettech

    chicagonettech Product Expert

    Two of your domain FAIL MX RECORD LOOKUPS because one or more of your MX records points to a CNAME.

    CNAMES ARE PROHIBITED in MX RECORDS according to RFC974, RFC1034 3.6.2, RFC1912 2.4, and RFC2181 10.3. In some, but not all, cases, CNAMES in MX records will cause delivery failure.


    - headstarthousing.com fails MX record lookup:
    http://www.dnsstuff.com/tools/dnsre...s=true&token=11816f2ce9cb59821be6832f0f7bd01d

    - krollfam.com fails MX record lookup:
    http://www.dnsstuff.com/tools/dnsre...s=true&token=11813c1a19f15bce1236da2410d2801f


    Both the two records above, and all of the other listed domains, have DOUBLE MX RECORDS - both of which point to the same IP address. It is doubeful that the duplicate MX entries are causing delivery failures, but they can confuse some DNS resolution software and always cause duplicate lookups, wasting time on busy networks:

    - datumcc.com:
    http://www.dnsstuff.com/tools/dnsre...s=true&token=11a139b5eb3b582f1b464d2a0f002010

    - msc-site.com:
    http://www.dnsstuff.com/tools/dnsre...s=true&token=1101a169848953931256e42f107dd01c

    - temp-art.com:
    http://www.dnsstuff.com/tools/dnsre...s=true&token=11e1803594445ea518569e2b1006701c
  7. RobertKroll

    RobertKroll New Member

    Thank you for the quick response...seems that the MX record works, but...

    I am now seeing the MX record properly in dnstoolbox, however, here is the log on a recent email I tried to send:

    13:16:31 [35059] End delivery to rkroll@temp-art.com
    13:16:31 [35059] Delivery finished for approvals@echobeatzstudios.com at 1:16:31 PM [id:65373735059]
    13:24:16 [35060] Delivery started for rkroll@datumcc.com at 1:24:16 PM
    13:24:20 [35060] Skipping spam checks: No local recipients
    13:24:22 [35060] Sending remote mail for rkroll@datumcc.com
    13:24:22 [35060] Initiating connection to 74.125.148.10
    13:24:22 [35060] Connecting to 74.125.148.10:25 (Id: 1)
    13:24:22 [35060] Binding to local IP 192.168.1.100:0 (Id: 1)
    13:24:23 [35060] Connection to 74.125.148.10:25 from 192.168.1.100:57309 succeeded (Id: 1)
    13:24:23 [35060] RSP: 220 Postini ESMTP 175 y650_pstn_c6 ready. CA Business and Professions Code Section 17538.45 forbids use of this system for unsolicited electronic mail advertisements.
    13:24:23 [35060] CMD: EHLO datumcc.com
    13:24:23 [35060] RSP: 250-Postini says hello back
    13:24:23 [35060] RSP: 250-STARTTLS
    13:24:23 [35060] RSP: 250-8BITMIME
    13:24:23 [35060] RSP: 250 HELP
    13:24:23 [35060] CMD: STARTTLS
    13:24:23 [35060] RSP: 220 Go ahead

    Can you help me with WHY Postini is NOT accepting the mail?
  8. Wheemer

    Wheemer Senior Member

    How do you know it's not accepting it?
  9. brianlewis

    brianlewis Product Expert

    Check your TLS bindings in SmarterMail for the smtp 25 protocol, check your TLS certificates. Maybe its failing to make a secure connection.

  10. Wheemer

    Wheemer Senior Member

    I do not see anything that says it's not working.

    The message in the helo is not an actual error is it?
  11. Matty-CT

    Matty-CT Member

    Tell you what, rather than testing via some big uncaring ISP let's keep it "in the family" right here. Send an email to matt(at)specialops.com from your rkroll(at)datumcc.com address. I'll turn on detailed logging on my end and we should see what actions SM takes on it. I just set my SMTP log and Delivery log to detailed. This makes for very large daily logs and I don't normally leaving logging at this verbose a level. Post here if and when you send an email to me.
  12. RobertKroll

    RobertKroll New Member

    Ok, thanks...let's give that a whirl

    Thank you very much...I will send you a test email from both addresses and let's see what happens. BTW, that message log that I showed you returned:

    Could not deliver message to the following recipient(s):

    Failed Recipient: rkroll@temp-art.net
    Reason: Remote host said: 601 Attempted to send the message to the following ip's:
    74.125.148.10, 74.125.148.10

    -- The header and top 20 lines of the message follows --

    Received: by datumcc.com via HTTP;
    Mon, 7 May 2012 13:24:14 -0400
    From: "rkroll"
    To:
    Subject: MX Record seems to be OK
    Date: Mon, 7 May 2012 13:24:14 -0400
    Reply-To: rkroll@datumcc.com
    Message-ID: <2e744c19$5dae98e4$66f1cf22$@com>
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0001_7BFE28E0.6BF585A2"
    X-Originating-IP: [96.232.168.226]

    This is a multipart message in MIME format.

    ------=_NextPart_000_0001_7BFE28E0.6BF585A2
    Content-Type: text/plain;
    charset="us-ascii"
    Content-Transfer-Encoding: 7bit


    Arrgh!!!
  13. brianlewis

    brianlewis Product Expert

    What version 9.x.x have you installed? The problems you are describing are known issues in 2 versions of 9.x where TLS communication was broken.
  14. RobertKroll

    RobertKroll New Member

    Version 9.3 Enterprise

    I do NOT have TLS set up. I just purchased certificates from GoDaddy, and I will be installing them shortly.
  15. RobertKroll

    RobertKroll New Member

    No workie!

    Could not deliver message to the following recipient(s):

    Failed Recipient: matt@specialops.com
    Reason: Remote host said: 601 Attempted to send the message to the following ip's:
    71.88.57.168, 12.200.47.93

    -- The header and top 20 lines of the message follows --

    Received: by datumcc.com via HTTP;
    Tue, 8 May 2012 07:26:50 -0400
    From: "rkroll"
    To: "Matthew Titley"
    Subject: re: Smartermail
    Date: Tue, 8 May 2012 07:26:50 -0400
    Reply-To: rkroll@datumcc.com
    Message-ID: <6deda32b$2ea5f77$668fbd36$@com>
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0001_1DA5E4A6.33677BB4"
    X-Originating-IP: [96.232.168.226]

    This is a multipart message in MIME format.

    ------=_NextPart_000_0001_1DA5E4A6.33677BB4
    Content-Type: text/plain;
    charset="iso-8859-1"
    Content-Transfer-Encoding: quoted-printable

    Matt,
    Thank you for the help. Let me know if you got this reply. The biggest=
    problem I am having is that SOME isp's seem to allow the mail, but many do=
    n't. As you know, mail has to be reliable...and that is my issue.

    Let me know if you got this.

    -Bob

    ----------------------------------------
    From: "Matthew Titley"
    Sent: Monday, May 07, 2012 4:48 PM
    To: "rkroll@datumcc.com"

    BUMMER!
  16. Matty-CT

    Matty-CT Member

    Hmmm. I host for dozens of domains and hundreds of users, so that's an oddball error. I never received your emails but my outbound logs indicate that your server accepted the message I sent to your account at datumcc.com after three greylisting periods. I'll peruse my SMTP logs later today.

    From a command prompt ON YOUR SERVER (sorry for the caps) can you do this and get a welcome banner?

    telnet mail.hosting.specialops.com 25
  17. RobertKroll

    RobertKroll New Member

    Response


    220 mail.hosting.specialops.com
  18. chicagonettech

    chicagonettech Product Expert

    Regarding SPECIALOPS.COM, he has two MX records, and only one is live.

    20 mx20.hosting.specialops.com. [TTL=7200] IP=12.200.47.93 [TTL=7200] [US]
    10 mail.hosting.specialops.com. [TTL=7200] IP=71.88.57.168 [TTL=7200] [US]

    He needs to get rid of 20 mx20.hosting.specialops.com because it is totally dead.

    ERROR: I could not complete a connection to one or more of your mailservers:
    mx20.hosting.specialops.com: Timed out [Last data sent: [Did not connect]]

    specialops.jpg
  19. RobertKroll

    RobertKroll New Member

    Getting Closer it Seems

    I download a new certificate
    I set up the certificate on the server
    I added an SPF record with GoDaddy.com
    I updated the certificate in IIS on the server

    Result seems to be getting closer (Seems it may be a propogation delay since I didn't really wait):

    11:08:48 [38011] Delivery started for rkroll@datumcc.com at 11:08:48 AM
    11:08:51 [38011] Skipping spam checks: No local recipients
    11:08:54 [38011] Sending remote mail for rkroll@datumcc.com
    11:08:54 [38011] Initiating connection to 71.88.57.168
    11:08:54 [38011] Connecting to 71.88.57.168:25 (Id: 1)
    11:08:54 [38011] Binding to local IP 192.168.1.100:0 (Id: 1)
    11:08:54 [38011] Connection to 71.88.57.168:25 from 192.168.1.100:49585 succeeded (Id: 1)
    11:08:54 [38011] RSP: 220 mail.hosting.specialops.com
    11:08:54 [38011] CMD: EHLO datumcc.com
    11:08:54 [38011] RSP: 250-mail.hosting.specialops.com Hello [96.232.168.227]
    11:08:54 [38011] RSP: 250-SIZE 104857600
    11:08:54 [38011] RSP: 250-AUTH LOGIN CRAM-MD5
    11:08:54 [38011] RSP: 250-STARTTLS
    11:08:54 [38011] RSP: 250 OK
    11:08:54 [38011] CMD: STARTTLS
    11:08:54 [38011] RSP: 220 Start TLS negotiation
    11:09:51 [38010] Exception: Authentication failed because the remote party has closed the transport stream.
    at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
    at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
    at SmarterTools.SmarterMail.SmtpClient.ClientConnectionSync.InitiateSsl(Boolean validateAllCerts)
    at SmarterTools.SmarterMail.SmtpClient.SmtpClientSession.#inc(Boolean )
  20. chicagonettech

    chicagonettech Product Expert

    You can check TLS senders and receivers here:

    http://www.checktls.com/perl/TestReceiver.pl

    Select either RECEIVER MAIL TO or SENDER MAIL FROM

    Then select the PULL DOWN MENU and select CERT DETAIL to get the most information.

    Follow the instructions for the test you want to execute and it will test both your INCOMING and OUTGOING TLS capabilities and show you what is going on with your mail server