Emails are not being sent outbound, when configured to relay through the Email Security Service (ESS). Cannot connect to the ESS infrastructure to relay outbound emails.
Environment
Email Security.cloud
Cause
The most likely source for this kind of errors is the configuration of the network and security devices that lie between the email server and the ESS infrastructure.
Resolution
Check the address you have configured as Smart Host (relay) for your outbound emails
You must use the outbound cluster address provided during the provisioning of the service. Example: cluster1out.eu.messagelabs.com
The IPs associated with the cluster addresses can change without prior notice, we strongly recommend against using specific IPs or other forms of addressing for relaying outbound emails through the service
The outbound Smart Host cluster address generally matches the provided inbound MX record address. Example: cluster1.eu.messagelabs.com
If you are able to connect to the Smart Host address, but are getting rejected with the SMTP error 553-you are trying to use me, please troubleshoot using this article: TECH231520
Confirm that the public IP address your server is connecting from to the ESS infrastructure is registered as an Outbound Route for your account. Registered IP addresses are automatically white listed on the ESS infrastructure and will never be blocked from connecting on port 25.
Attempt to resolve the destination address through DNS on the server and verify the result against the results of a 3rd party internet tool like MXToolBox
If the results don't match, verify the DNS configuration of the server, flush the DNS or attempt to use a different DNS server for address translation
Make sure that outbound network connections on port 25 are allowed to all Symantec ESS infrastructure IP ranges on all network and security devices between the email server and the internet
The ESS service only accepts connections on port 25
Run a telnet (or similar tool) on port 25 to the ESS outbound cluster address
If there is no response or time out, verify firewall configurations to allow port 25 connections to the destination address
Run a trace route (preferably on port 25) to the ESS outbound cluster address
If the connections are interrupted before reaching the destination, troubleshoot the devices where the connections seem to drop