I've looked at a few of the existing SF questions/answers and so far can't find the same situation. It's not a TLS issue like I first thought, since the remote server isn't asking for TLS, and it isn't a firewall issue since the connection is established and starts sending and receiving SMTP commands.
We are getting the following in our Exchange queue for just one domain:
The remote domain is an Exchange 2003 server it appears.
Here's a copy of the SMTP log for the email:
2013-04-12T19:03:20.684Z,Internet,08D004A55169DB35,0,,XX.XX.XX.XX:25,*,,attempting to connect
2013-04-12T19:03:20.731Z,Internet,08D004A55169DB35,1,10.54.2.15:25977,XX.XX.XX.XX:25,+,,
2013-04-12T19:03:20.777Z,Internet,08D004A55169DB35,2,10.54.2.15:25977,XX.XX.XX.XX:25,<,"220 plexch2k3.REMOTE.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Fri, 12 Apr 2013 15:03:20 -0400 ",
2013-04-12T19:03:20.777Z,Internet,08D004A55169DB35,3,10.54.2.15:25977,XX.XX.XX.XX:25,>,EHLO exchange.OURDOMAIN.com,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,4,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-plexch2k3.REMOTE.com Hello [6X.XX.X.70],
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,5,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-TURN,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,6,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-SIZE,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,7,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-ETRN,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,8,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-PIPELINING,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,9,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-DSN,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,10,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-ENHANCEDSTATUSCODES,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,11,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-8bitmime,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,12,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-BINARYMIME,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,13,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-CHUNKING,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,14,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-VRFY,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,15,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-X-EXPS GSSAPI NTLM LOGIN,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,16,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-X-EXPS=LOGIN,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,17,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-AUTH GSSAPI NTLM LOGIN,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,18,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-AUTH=LOGIN,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,19,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-X-LINK2STATE,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,20,10.54.2.15:25977,XX.XX.XX.XX:25,<,250-XEXCH50,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,21,10.54.2.15:25977,XX.XX.XX.XX:25,<,250 OK,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,22,10.54.2.15:25977,XX.XX.XX.XX:25,*,5945,sending message
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,23,10.54.2.15:25977,XX.XX.XX.XX:25,>,MAIL FROM:<Bob@OURDOMAIN.com> SIZE=13577,
2013-04-12T19:03:20.824Z,Internet,08D004A55169DB35,24,10.54.2.15:25977,XX.XX.XX.XX:25,>,RCPT TO:<Dave@REMOTE.com>,
2013-04-12T19:03:20.871Z,Internet,08D004A55169DB35,25,10.54.2.15:25977,XX.XX.XX.XX:25,<,250 2.1.0 Bob@OURDOMAIN.com....Sender OK,
2013-04-12T19:03:20.949Z,Internet,08D004A55169DB35,26,10.54.2.15:25977,XX.XX.XX.XX:25,-,,Remote
I can't seem to figure out what the problem is. It appears that it might be on the remote end as after the:
250 2.1.0 Bob@OURDOMAIN.com....Sender OK,
It then says:
,,Remote
whatever that means, and then that's the end of that log and connection.
Any ideas on how to resolve this one?
Best Answer
plexch2k3.parkerlabs.com closes TCP session just after rejecting
RCPT TO:. It seems to "confuse" your MTA.My test telnet connection produced:
550 5.7.1 Your email messages have been blocked by the recipient OR by Trend Micro Email Reputation Service. Contact the recipient or his/her administrator using alternate means to resolve the issue.Connection closed by foreign host.