Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 4 subscribers
  • Views 22195 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mail stuck in queue - connection refused?

Louis-M

I've just looked at the mail spool and was alarmed to see 18 mails stuck in there with subjects like "test email", "test" etc from clients within our network going to important external clients. Obviously our internal users know there is something wrong with delivery hence the titles of the mail.


For this particular domain they are sending to, I'm getting:

2016-04-25 15:16:08 XXXXX@XXXXX.uk R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host 
2016-04-25 18:02:45 mail.YYYYY.uk [150.70.226.147]:25 Connection refused 
2016-04-25 18:02:45 XXXXXX@XXXXXX.uk R=dnslookup T=remote_smtp defer (111): Connection refused 
2016-04-25 18:08:27 mail.YYYYYY.uk [150.70.226.147]:25 Connection refused 
2016-04-25 18:08:27 XXXXXXX@XXXXXX.uk R=dnslookup T=remote_smtp defer (111): Connection refused 
2016-04-25 18:21:16 mail.YYYYY.uk [150.70.226.147]:25 Connection refused

So, it's resolving the mail server and for some reason looks to get refused. I'm not on any blacklists and checking the mxrecords etc, we are set up fine. 99% of other mail
is getting delivered (both in and out)

I do however, have a couple of other domains that behave like this.


This thread was automatically locked due to age.
  • 0

    Check again that your IP address is not blacklisted. Mail servers are configured with different RBL providers:

    http://multirbl.valli.org/

  • 0 in reply to vilic

    Definitely not on any blacklists. It's a very strange problem.

    We are also encountering other issues which seem a little strange with it.

    For instance:

    2016-04-26 14:03:38 SMTP error from remote mail server after RCPT TO:<joe.bloggs@remote.maildomain.uk>: host host remote.mail.server [123.62.5.172]: 550 Your mail account has been blacklisted from sending e-mails. KB17293
2016-04-26 14:03:38 joe.bloggs@remote.maildomain.uk P=<joe.bloggs@remote.maildomain.uk> R=dnslookup T=remote_smtp: SMTP error from remote mail server after RCPT TO:<joe.bloggs@remote.maildomain.uk>: host remote.mail.server [123.62.5.172]: 550 Your mail account has been blacklisted from sending e-mails. KB17293

    Which is strange because we aren't blacklisted and we can send mail from others internal users to the other domain

    Our setup is:
    Incoming: INTERNET > UTM SMTP Proxy > EXCHANGE
    Outgoing: EXCHANGE Send connector > UTM SMTP Proxy > INTERNET

    Mail to most (not all) other domains flows fine (in & out)

    Another thing we have noticed is we have a distribution group on exchange eg xxx@yyy.com
    That distribution group has 4 internal recipients & 4 external recipients.
    When we use an internal address, mail goes out to everybody in that distribution group.
    When we use an external address to mail that distribution group, mail only goes to the internal users and the external users get bounced at the UTM

    Exchange does its part and sends to all but the UTM seems to bounce the external mail due to it coming from an external contact?

  • 0

    Are the "problem" domains perhaps using greylisting?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Not sure at this point in time.

    R=dnslookup T=remote_smtp defer (111): Connection refused

    With the above, can you explain what this means as it's a bit vague.

    R=dnslookup   = what does this mean? Does it mean that the DNS lookup was successful? It's very vague
    T=remote_smtp defer (111): Connection refused  = Is this message from the UTM itself and formatted as such? 

    And another separate issue: 

    T=remote_smtp: SMTP error from remote mail server after RCPT TO:<joe.bloggs@remote.maildomain.uk>: host remote.mail.server [123.62.5.172]: 550 Your mail account has been blacklisted from sending e-mails. KB17293

    Is the above message formatted from the UTM or is it a direct message from the remote server?


    Think I might have to turn the debug messages on although that would have been a handy feature in the GUI also.
  • 0 in reply to Louis-M

    ummmmmhhhh

    Finally solved. It seems i had set some country blocking on the firewall.

    And although I was sending to only .uk addresses, their cloud mail servers were in various places that I'd blocked at the firewall.

    Turning Country blocking off resolved this. One to look out for in the future.

  • 0 in reply to Louis-M

    I would only block inbound, not outbound traffic.  To maintain inbound Country Blocking in this situation, make an Exception for SMTP traffic.  If you can limit the Exception to select countries or even specific IPs/subnets, all the better.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Today I had exactly the same problem and found this old thread.

    Turned out that one of our suppliers is using a mail provider with 62.x.x.x addresses, which were blocked by "country blocking".

    My exception now excludes outgoing SMTP-traffic for all countries and everything is working fine since then.

    Thanks Bob for your suggestion!

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML