Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Email Security Gateway cannot reach destination hosts

Getting a notification from the email appliance: Although destination servers are responding to

       the SMTP test, the Email Security Gateway is failing to

       connect to them: Service unavailable, downstream is

       rejecting SMTP connections  202208292121120010733;1


I'm also getting a error on the email server: domain\user provided valid credentials but it does not have submit permissions on smtp receive connector.

I just received that notification today from the email security appliance however the error on the email server appears to have been going on for some time. Perhaps these two events aren't related. Can anyone confirm they likely are or are not based on the information I provided? I'm a bit confused myself as everything appears to be working otherwise. Emails are coming in and going out it seems just fine.

Category: Email Security Appliances
Reply

Best Answers

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @djhurt1 is your Inbound Path using Authentication to deliver to your downstream server? I see Notifications from time to time that my ESA is not able to reach my SMTP server, could not figure out a reason for that, because all systems are up all the time.

    --Michael@BWC

  • djhurt1djhurt1 Enthusiast ✭✭

    @BWC


    It appears we are using authentication however for unknown reason we have an anonymous relay connector for the ESA specifically as well. The logs show the username for the ESA is what is generating the 2nd error I mentioned above however there's only two of us that have access to make changes and neither have made any changes to domain account in question. I didn't set this up so I'm a bit confused.

  • djhurt1djhurt1 Enthusiast ✭✭
    edited August 2022

    @BWC

    Upon further checking, we do not have SMTP auth configured on the appliance. I'm confused because the original error on the email server was referring to the default frontend end receive connector but this connector is set for anonymous users and why would it be passing credentials for authentication if it's not configured to do so? Under Network-->Server Configuration-->Inbound Email Flow, authentication is NOT configured. The username it gave in the error was a username we had setup I assume for the authentication but apparently is not configured on the appliance. Another oddity is that the user account was under "managed service accounts" in active directory. so I moved it from there and put it in a regular user OU and now the original error on the exchange server cleared up but I'm getting a new error on the anonymous relay connector for which the appliances IP is allowed on.

    To be sure I get this straight I assume the appliance is forwarding email messages to the default frontend receive connector. I then suspect it's trying to forward notifications through the relay agent for which I have gotten two notifications. One yesterday and another this morning. The error states the maximum number of connections per source for this connector has been reached by this source Ip address. However I ignorant to why there'd be more than one connection made from the appliance to the email server on the anonymous relay connector.

  • djhurt1djhurt1 Enthusiast ✭✭

    I think this may be a part of the issue. The latest event I've gotten on the exchange server says just that. The maximum number of connections has been reached. This error is on the anonymous relay connector. What I find odd is that based on what I mentioned above is why was I getting the error on the default frontend receive connector when authentication isn't being used. The source Ip for that event was the email appliances however mail was moving find in both directions this entire time. I do see some conflicting settings on that connector so I'll have to dig in and sort that out. Is there anywhere else the username for SMTP auth could be set on the appliance because it's passing credentials that do not appear to be configured on it at least where I was looking.

Sign In or Register to comment.