Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Gabs
New Contributor

Deffered connection time out with x.y.z

Dear every one, I have encountered this problem on Fortimail 100c but not to all domain in some domain only. can some one enlighten me where in the setting or configuration the problem came from. our mail client is outlook 2007 and outlook 2010. i tried to google this problem but no luck and i browse around to the setting of fortimail and outlook many times but i can' t find the solution. Your help is very much appreciated.. here is the error: ----- Transcript of session follows ----- <arafiq@y.z>... Deferred: Connection timed out with x.y.z. Warning: message still undelivered after 1 day Will keep trying until message is 5 days old details: Reporting-MTA: dns; a.b.c Arrival-Date: Wed, 3 Jul 2013 14:20:11 +0300 Final-Recipient: RFC822; arafiq@y.z Action: delayed Status: 4.4.1 Remote-MTA: DNS; x.y.z Last-Attempt-Date: Thu, 4 Jul 2013 14:29:05 +0300 Will-Retry-Until: Mon, 8 Jul 2013 14:20:11 +0300
" Be a limitless through the power of sharing"
" Be a limitless through the power of sharing"
5 REPLIES 5
emnoc
Esteemed Contributor III

Any thing could causes that but it could be; they have greylisting at that domain enable connection issues to that MX network/systems issues ( DNS resolution comes to mind, bad DNS-RR, bad cache data ) MX gateway issues ( is it up? is it pingable, can you connect on port 25/tcp? , maybe they admin it down ) If the mail is getting to the final destinations,than I would not be too overly concerned. But I would double check your configuration and DNS resolvers.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Gabs
New Contributor

Sir emmoc, The domain is pingable and I can connect to port 25... I double check the DNS the mail server has an entry with MX record. It means the problems is in my configuration? If i look the network setting and configuration it looks okay. please can you give me idea where is the possible problem located I am not familiar with this device. This device is Fortimail 100c and configure in server mode *** now i receive two mail not delivered again same error again deferred connection time out but last two weeks its working fine no error. I cannot understand why it is happen. Thanks for help..
" Be a limitless through the power of sharing"
" Be a limitless through the power of sharing"
emnoc
Esteemed Contributor III

Is the mail being abandon and not delivered? Has greylisting been confirm enabled or not? Have you ask the remote mail-admin to whitelist you ? Have you checked any delivery policies that you might have enable? Because you can ping and telnet to port 25 that' s good, but you don' t know what the remote exch is doing or any policies that might be in-effect. If you sending mail to other domain with no problems, it' s either that domain or a mail-policy that' s being deployed, causing the deferred connection.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Gabs
New Contributor

sorry for the late reply coz iam busy yesterday. Is the mail being abandon and not delivered? No! still on the server queuing up to 5 days trying to resend. Has greylisting been confirm enabled or not? Yes! it is enable and I reset the data base because of to much expired mail mail on that. Have you ask the remote mail-admin to whitelist you ? Yes! they say that they did not put the server in the block list. Have you checked any delivery policies that you might have enable? Yes! I did not create any delivery policies. What i did yesterday is to change my DC DNS IP to our backup ISP and also their public IP to host our email server. My message last July 4 was receive by the recipient yesterday he confirmed to me this morning.. hope this new setting will work I still checking the configuration. Why it needs 4 days before the mail delivered? Any idea? Thank you very much for the help.
" Be a limitless through the power of sharing"
" Be a limitless through the power of sharing"
emnoc
Esteemed Contributor III

I don' t think nobody can ask that question for you, with out seeing the logs. Mail being deffer' d is subject to a lot of issues. Have you ask the receiving domain to look at their logs? Also do you have a valid SPF and/or PTR for your host fortimail? As far as grey-list that was meant for the domain(s) that are having problems, not your local domain. Also are you dns lookup good? " execute nslookup name" And are you 100% sure your not in any BL listing? ( check here for starters, you don' t want to be surprised to find your blacklisted :) ) http://mxtoolbox.com/blacklists.aspx And lastly, are you 100% sure you have no L3 firewallpolicies enabled that' s blocking traffic to that host? execute telnet 1.2.3.4:25 I say the last part, cause I spent pver 24hours once trying to diagnostic one of my clients lack of sending mail and it came down to they had a firewall rule blocking mail outbound and to my fortimail appliance

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors