This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mail stuck in queue - connection refused?

I've just looked at the mail spool and was alarmed to see 18 mails stuck in there with subjects like "test email", "test" etc from clients within our network going to important external clients. Obviously our internal users know there is something wrong with delivery hence the titles of the mail.


For this particular domain they are sending to, I'm getting:

2016-04-25 15:16:08 XXXXX@XXXXX.uk R=dnslookup T=remote_smtp defer (-53): retry time not reached for any host 
2016-04-25 18:02:45 mail.YYYYY.uk [150.70.226.147]:25 Connection refused 
2016-04-25 18:02:45 XXXXXX@XXXXXX.uk R=dnslookup T=remote_smtp defer (111): Connection refused 
2016-04-25 18:08:27 mail.YYYYYY.uk [150.70.226.147]:25 Connection refused 
2016-04-25 18:08:27 XXXXXXX@XXXXXX.uk R=dnslookup T=remote_smtp defer (111): Connection refused 
2016-04-25 18:21:16 mail.YYYYY.uk [150.70.226.147]:25 Connection refused

So, it's resolving the mail server and for some reason looks to get refused. I'm not on any blacklists and checking the mxrecords etc, we are set up fine. 99% of other mail
is getting delivered (both in and out)

I do however, have a couple of other domains that behave like this.


This thread was automatically locked due to age.
Parents
  • Are the "problem" domains perhaps using greylisting?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Not sure at this point in time.

    R=dnslookup T=remote_smtp defer (111): Connection refused

    With the above, can you explain what this means as it's a bit vague.

    R=dnslookup   = what does this mean? Does it mean that the DNS lookup was successful? It's very vague
    T=remote_smtp defer (111): Connection refused = Is this message from the UTM itself and formatted as such?

    And another separate issue:

    T=remote_smtp: SMTP error from remote mail server after RCPT TO:<joe.bloggs@remote.maildomain.uk>: host remote.mail.server [123.62.5.172]: 550 Your mail account has been blacklisted from sending e-mails. KB17293

    Is the above message formatted from the UTM or is it a direct message from the remote server?


    Think I might have to turn the debug messages on although that would have been a handy feature in the GUI also.
  • ummmmmhhhh

    Finally solved. It seems i had set some country blocking on the firewall.

    And although I was sending to only .uk addresses, their cloud mail servers were in various places that I'd blocked at the firewall.

    Turning Country blocking off resolved this. One to look out for in the future.

Reply
  • ummmmmhhhh

    Finally solved. It seems i had set some country blocking on the firewall.

    And although I was sending to only .uk addresses, their cloud mail servers were in various places that I'd blocked at the firewall.

    Turning Country blocking off resolved this. One to look out for in the future.

Children
  • I would only block inbound, not outbound traffic.  To maintain inbound Country Blocking in this situation, make an Exception for SMTP traffic.  If you can limit the Exception to select countries or even specific IPs/subnets, all the better.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Today I had exactly the same problem and found this old thread.

    Turned out that one of our suppliers is using a mail provider with 62.x.x.x addresses, which were blocked by "country blocking".

    My exception now excludes outgoing SMTP-traffic for all countries and everything is working fine since then.

    Thanks Bob for your suggestion!

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.