Messaging Gateway (SMG) fails to deliver messages to one or more domains with the SMTP queue status: 451 4.4.2 [internal] no HELO/EHLO response

Depending on the underlying cause, this may be accompanied by mail loop warnings in the MTA logs:

maillog

2019 Mar 29 18:51:24 PDT (warning) ecelerity: [28256] sieve: Rejecting IP mail loop connection
2019 Mar 29 18:51:24 PDT (info) ecelerity: [28256] ML-REJECT: Rejection on: 192.0.2.10:25,200, sent to host: 192.0.2.103:44561, Audit ID 0aa0f867-b7c7eae000006e60-01-4bb1591c4fb3, 554 IP mail loop detected
2019 Mar 29 18:51:24 PDT (info) ecelerity: [28256] ML-TRANSFAIL: Message ID: 10/00-28256-C1951BB4, Audit ID 0aa0f867-b7c7eae000006e60-00-4bb1591ca73c, Temporary delivery failure, sender: bad@example.com, recipient: user@example.com, Detail: 451 4.4.2 [internal] no HELO/EHLO response

There are multiple potential causes for this SMTP delivery failure:

• SMG has detected a mail loop in the environment
• The destination mail server is rejecting the SMTP connection from Messaging Gateway due to the EHLO hostname

Mail loop

This issue occurs when the destination domain's MX record or IP resolves to the IP address of the Messaging Gateway itself resulting in a mail loop as SMG attempts to deliver messages to itself or the next SMTP server in the route delivers the email back to Messaging Gateway.

1. Please ensure that the MX or A record of the destination domain does not resolve to the IP address of the appliance.
2. If you have configured delivery of this domain using the IP address make sure that the IP address is not the IP address of the Messaging Gateway.
3. Confirm that the downstream MTA does not route inbound messages back to the Messaging Gateway under any circumstance.

Unresolvable EHLO hostname

The destination mail server is rejecting the SMTP connection because the hostname presented by Messaging Gateway in the EHLO SMTP greeting does not resolve in the DNS. Essentially, the destination mail server is performing SMTP DNS validation similar to what is configurable in the SMG Protocols > Settings > SMTP > DNS Validation configuration

To address this issue:

1. Log into the Control Center as an administrator
2. Go to Administration > Configuration > hostname > SMTP > Advanced Settings > Delivery
3. Ensure that the MTA host name value at the top of the page is a fully qualified domain name which can be resolved in the public DNS
4. Click Continue
5. Check Apply above settings to all Scanners if you have multiple SMG Scanner hosts
6. Click Save

Once the SMG MTA restarts will begin presenting the new hostname in the SMTP EHLO greeting