Investigating email delivery failures in Messaging Gateway
search cancel

Investigating email delivery failures in Messaging Gateway

book

Article ID: 387931

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Secure Messaging Gateway (SMG) is unable to deliver email to one or more destination domains.

Resolution

Messaging Gateway is rarely the cause of email delivery problems but, due to its nature as a gateway security device, problems with delivering email to the destination mail server commonly results in messages being queued for delivery on the SMG VM / appliance.

Investigating the source of email delivery problems may require a number of different steps depending on the underlying cause of the delivery failures.

General Process for Investigating Email Delivery Problems

  1. Check the Messaging Gateway delivery queue or message audit logs for the undelivered message
  2. Determine if the destination domain is considered Local or Non-Local
  3. Look up the Last Error status message for the undelivered messages
  4. Search the Knowledge Base for that specific SMTP status code / error for next steps

Temporary deferred delivery vs permanent delivery failures

Delivery failures fall into one of two categories and can be distinguished based on their SMTP response codes.

Temporary delivery failures

  • Temporary delivery failures show a 400 level response code e.g. 421 4.4.0 [internal] failed to connect
  • Messages with temporary delivery failures will be retried at a later time based on the configured minimum retry interval and the number of previous failure attempts.
  • Messaging Gateway uses the standard exponential backoff for messages with temporary delivery failures
  • The next scheduled delivery attempt is displayed in Status > Message Queues > Delivery in the Next Attempt column
  • The Last Error column in Status > Message Queues > Delivery will show the SMTP status indicating why the message could not be delivered
  • [internal] errors are not generated by the destination mail server and are intended to communicate some 
  • Entries in the Last Error column which do not contain the [internal] tag are a response received by SMG from the destination mail server

Permanent delivery failures

  • Permanent delivery failures show a 500 level response code e.g. 554 5.1.2 - recipient address rejected
  • Messages which receive a permanent failure response from the destination mail server are deleted from the SMG delivery queue and a bounce message is sent to the sender

Email message routing

Messaging Gateway can route email messages in one of three ways:

  • Route by DNS MX record lookup
  • Static routing for individual domains or use of a "smart host"
  • Dynamic routing of messages based on LDAP or Content Policies

Route by MX

Routing email based on the DNS MX record lookup for the destination domain is the default behavior for non-local email in Messaging Gateway. This default behavior may be changed via the Inbound and Outbound tabs in Administration > Configuration > hostname > SMTP configuration page. Delivery failures for messages with the Default-Non-Local-Route are commonly due to either a failure when resolving the MX record in the DNS or an inability to connect to the destination server:

  1. Go to Administration > Utilities and use the nslookup tool to check the MX record for the destination domain. A failure to resolve the destination mail server in the DNS. Please see Troubleshoot email delivery issues using telnet for additional details

Static routing

  • Static email routes are commonly used to deliver email to the internal email server or Exchange infrastructure. 
  • Static routes can also be set on a per domain basis in Protocols > Domains 
  • Temporary failures for statically routed messages will show either the Default-Local-Domain route or the Domain: example.com route in Status > Message Queues Delivery

Dynamic routing

Dynamic routing is rarely used in Messaging Gateway and refers to messages routed via either 

  • LDAP based routing
  • Messages routed using the Route The Message policy action

Connectivity Issues

Messaging Gateway must be able to establish a TCP connection to port 25 on the destination server. This can fail for a variety of reasons including:

  • Firewall rules which prevent Messaging Gateway from establishing a TCP connection to the destination mail server
  • Network routing issues in the internal network which prevent SMG from connecting to the destination mail server
  • The destination mail server is offline
  • The destination mail server is rejecting connections from the Messaging Gateway IP address

Please see SMTP Code: "421 4.4.0 [internal] no MXs for this domain could be reached at this time" and emails are stuck in the delivery queue for more information on SMG connection failures

 

Powered by Wolken Software