cancel
Showing results for 
Search instead for 
Did you mean: 

451 Could not verify recipients All MX servers unavailable for domain - Hybrid to MEG7.5 relay

Jump to solution

Hello everyone on the communities.

We have this behavior and SAAS is blocking our inbound messages with the next SMTP response ( please see the attachment for a full screenshot description ).

MessageDisposition: [451 Could not verify recipients(4a1aa725.0.4874985.00-2011.7739603.s13p02m013.mxlogic.net): All MX serversunavailable for domain caretowerlab.com (Mode: normal); Backend TLS: yes;Backend IP: n/a; Policy Set: Default Inbound]

If you can have a look and advice it would be much appreciated.

Thanks.

Sergio

Hi all,

We cantenable the Hybrid solution under this environment ( typical one ).

Meg 7.5 inExplicit Proxy.

We haveexperienced 2 behaviors:

1:

If wedeactivate the hybrid mode, the emails are pushed to the SAAS and SAAS deliverto our MEG 7.5

Client =>SAAS cloud => MEG 7.5 => Exchange. 

All OK,almost….. The SAAS portal enable full policy set, and we cant push the policiesvia MEG 7.5. The emails are scanned twice by both engine systems (AV – SPAM –DLP – Image – etc).

Obviouslythe activity of the SAAS doesn’t report in MEG 75 ( Blocked by Hybrid 0 , 0 )

Hybrid modeis disabled. Email from our test hits SAAS, process the message and delivers toMEG 7.5

MEG7.5receives the message

We can seethat message on the control console ( by Deactivating the service first, togain access to message Audit )

Timestamp

 

Event

 

2013-11-06  19:45:21 GMT

 

Recipient Disposition: [250 Backend; Mode: normal; Queued: no; Frontend  TLS: no; SPF: n/a]

 

2013-11-06  19:45:21 GMT

 

Message Disposition: [250 Backend Replied  [24c9a725.0.4872511.00-2193.7735034.s13p02m013.mxlogic.net]: Requested mail  action okay, completed. (Mode: normal); Backend TLS: yes; Backend IP:  81.142.118.219; Policy Set: Default Inbound]

 

Keep your eyes on the Backend IP value.  Now we are going to enable hybrid:

2:

If hybridis activated.

The emailsdon’t pass through.

Let me developthe proof.

Theregistration process is completed:

It bringsthe domains that are configured on the SAAS Portal. In this case 2 ( 1 disabled)

Se we can see in the portal that is enabled

Now iswhere the problems come with big intensity ( SMTP Flow stopped!!! )

Now we aregoing to get more details from the control console, Deactivating the hybridfisrt to enable the Message Audit in the Control Console. 

2013-11-06  19:58:02 GMT

 

Recipient Disposition: [250 Deferred; Mode: normal; Queued: no; Frontend  TLS: no; SPF: n/a]

 

2013-11-06  19:58:02 GMT

 

Message Disposition: [451 Could not verify recipients  (14f9a725.0.382089.00-2332.734135.s13p02m014.mxlogic.net): All MX servers  unavailable for domain caretowerlab.com (Mode: normal); Backend TLS: yes;  Backend IP: n/a; Policy Set: Default Inbound]

 

Anothertest: Hybrid enabled.

Now we aregoing to get more details from the control console, deactivating the hybridfirst to enable the Message Audit in the Control Console. 

Timestamp

 

Event

 

2013-11-06  20:08:24 GMT

 

Recipient Disposition: [250 Deferred; Mode: normal; Queued: no; Frontend  TLS: no; SPF: n/a]

 

2013-11-06  20:08:24 GMT

 

Message Disposition: [451 Could not verify recipients  (4a1aa725.0.4874985.00-2011.7739603.s13p02m013.mxlogic.net): All MX servers  unavailable for domain caretowerlab.com (Mode: normal); Backend TLS: yes;  Backend IP: n/a; Policy Set: Default Inbound]

 

We can seea 451 error: All MX Servers are unavailable (?). What really scares is the factof

Backend IP: n/a; when Hybridis enabled.
It looks like the SAASis unable to reach the MEG 7.5 IP address.
TLS settings

Note:

Whentesting the SMTP on the Hybrid we get this error / warning

The EHLOresponse from the server after establishing a TLS connection did not offer theexpected extensions

We have  tried all the settings in all combinations of the settings, even the  appliance is on Explicit and the below applies to transparent bridge and  router.

 
   

Can  anyone help on this? I have the feeling that it might be due to the firewall  settings which might be filtering encapsulated traffic ? Like ESMPT.
  Or the impossibility of sending the certificate through the port 25 ( stopped  by the Firewall somehow ).

If so why  if we Deactivate the registration with SAAS the mail flows normally?

I will  open a case with McAfee to see what else can we try.

 

ReferencesConsulted.

http://www.ietf.org/rfc/rfc3207.txt

https://support.mcafeesaas.com/MCAFEE/_cs/AnswerDetail.aspx?sSessionID=&aid=27819

https://support.mcafeesaas.com/MCAFEE/_cs/AnswerDetail.aspx?sSessionID=564175229CQUGZLHWZOKKPSIX[YJG...

https://community.mcafee.com/thread/61672

https://community.mcafee.com/message/296363

https://community.mcafee.com/thread/57533

Thanks,

Sergio_m@caretower.com

0 Kudos
1 Solution

Accepted Solutions

Re: 451 Could not verify recipients All MX servers unavailable for domain - Hybrid to MEG7.5 relay

Jump to solution

Hi all,

Problem resolved installing MEG 7.5. Patch 1

Finally fgs!

Thanks all

0 Kudos
2 Replies
cascadia
Level 12

Re: 451 Could not verify recipients All MX servers unavailable for domain - Hybrid to MEG7.5 relay

Jump to solution

Sergio,

This is a situation that is much too customer-specific and complex to resolve via a public community. I recommend contacting the MEG support team as they will be the initial point of contact for the Hybrid environment, and they will loop in SaaS Support as needed to troubleshoot.

0 Kudos

Re: 451 Could not verify recipients All MX servers unavailable for domain - Hybrid to MEG7.5 relay

Jump to solution

Hi all,

Problem resolved installing MEG 7.5. Patch 1

Finally fgs!

Thanks all

0 Kudos