Two domains can't email each other

I have a recent install of Exchange 2013 with mail filtering through a Sophos UTM, everything works as it should, except I have one domain that cannot email mine, and my domain cannot email it. Both of these servers reside in the same geographical region, use the same ISP, and use public static IP addresses that only differ by the last octet (though they reside on different subnets).

DNS can resolve the exchange server I am trying to send to however emails queue and eventually end with an NDR.

SPF records are set up properly with external DNS provider.

"Remote server at ________ returned '400 4.4.7 Message delayed' <date and time> - Remote server at ______ returned '441 4.4.1 Error encountered while communicating with primary target IP address: "Failed to connect. Winsock error code: 10060, Win32 error code: 10060." Attempted failover to alternate hosts. The last endpoint attempted was <IP address of their domain:25'

Originally thought this may have been an issue with PTR records, had the ISP fix the PTR records for both of the company's Exchange servers, however that change did not resolve the issue. At this point I have run out of ideas.

June 4th, 2015 10:46am

Hi Devux,

Thank you for your question.

For testing, we could disable SOohos UTM to check if the issue persist. If disable it and send email without any problems each other.  the organization and the specific domain email two other domains without any problems, we could contact Sophos for help.

We could run the following command on send connector to check if the issue persist:

Set-Sendconnector -Identity <Sendconnector> -IgnoreSTARTTLS $true  

If there are any questions regarding this issue, please be free to let me know.

Best Regard,

Jim

Free Windows Admin Tool Kit Click here and download it now
June 5th, 2015 3:03am

I can disable the Sophos UTM, however I do not believe it to be the issue. I have whitelisted the domain that is not able to send to mine, and configured the UTM to ignore all spam checks against the domain. I can telnet on port 25 to the Sophos UTM and send a spoofed email using the sender's domain and it comes through the UTM without issue.

Would you still advise to bypassing the Sophos UTM knowing this information?

June 5th, 2015 11:19am
Issue was found, the subnet mask on the WAN interface of the Sophos UTM was not properly set. This was causing the two Exchange servers on the same node with the ISP to be unable to communicate.
  • Marked as answer by Devux 16 hours 10 minutes ago
Free Windows Admin Tool Kit Click here and download it now
June 12th, 2015 11:18am
Issue was found, the subnet mask on the WAN interface of the Sophos UTM was not properly set. This was causing the two Exchange servers on the same node with the ISP to be unable to communicate.
  • Marked as answer by Devux Friday, June 12, 2015 3:17 PM
June 12th, 2015 3:17pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics