Cannot send emails outbound through the service

book

Article ID: 169990

calendar_today

Updated On:

Products

Email Security.cloud

Issue/Introduction

Emails are not being sent outbound, when configured to relay through the Email Security Service (ESS). Cannot connect to the ESS infrastructure to relay outbound emails.

Cause

The most likely source for this kind of errors is the configuration of the network and security devices that lie between the email server and the ESS infrastructure.

Environment

On premises type email server configuration, going out through a single public IP. Not using a public cloud based email hosting solution (Office 365, Google Apps).

Resolution

  • Check the address you have configured as Smart Host (relay) for your outbound emails
    • You must use the outbound cluster address provided during the provisioning of the service. Example: cluster1out.eu.messagelabs.com
      • The IPs associated with the cluster addresses can change without prior notice, we strongly recommend against using specific IPs or other forms of addressing for relaying outbound emails through the service
    • The outbound Smart Host cluster address generally matches the provided inbound MX record address. Example: cluster1.eu.messagelabs.com
    • If you are able to connect to the Smart Host address, but are getting rejected with the SMTP error 553-you are trying to use me, please troubleshoot using this article: TECH231520
  • Confirm that the public IP address your server is connecting from to the ESS infrastructure is registered as an Outbound Route for your account. Registered IP addresses are automatically white listed on the ESS infrastructure and will never be blocked from connecting on port 25.
  • Attempt to resolve the destination address through DNS on the server and verify the result against the results of a 3rd party internet tool like MXToolBox
    • If the results don't match, verify the DNS configuration of the server, flush the DNS or attempt to use a different DNS server for address translation
  • Make sure that outbound network connections on port 25 are allowed to all Symantec ESS infrastructure IP ranges on all network and security devices between the email server and the internet
    • The ESS service only accepts connections on port 25
    • Run a telnet (or similar tool) on port 25 to the ESS outbound cluster address
      • If there is no response or time out, verify firewall configurations to allow port 25 connections to the destination address
    • Run a trace route (preferably on port 25) to the ESS outbound cluster address
      • If the connections are interrupted before reaching the destination, troubleshoot the devices where the connections seem to drop