Email Security Gateway cannot reach destination hosts
Getting a notification from the email appliance: Although destination servers are responding to
the SMTP test, the Email Security Gateway is failing to
connect to them: Service unavailable, downstream is
rejecting SMTP connections 202208292121120010733;1
I'm also getting a error on the email server: domain\user provided valid credentials but it does not have submit permissions on smtp receive connector.
I just received that notification today from the email security appliance however the error on the email server appears to have been going on for some time. Perhaps these two events aren't related. Can anyone confirm they likely are or are not based on the information I provided? I'm a bit confused myself as everything appears to be working otherwise. Emails are coming in and going out it seems just fine.
BWC Cybersecurity Overlord ✭✭✭
@djhurt1 do you have multiple Inbound Paths (Flows) or just a single one? Is any of the Inbound Paths using the Authentication or is your anonynmous relay connector used solely?
Is this still a thing?
I can try to have a look in my logs tomorrow, to figure out which one holds some information, also @David W or @Gailand would be a great source for shedding some light on this.
djhurt1 Newbie ✭
I've sorted this out. They were two seperate issues/causes. I incresed the max connections on the receive connector and this has so far eliminated the warning about connection loss. I also discoverd the firewall was attempting to send email alerts but was set to authenticated SMTP. Changing to no authentication cleared that up as well. Thank you for the help.1
@djhurt1 is your Inbound Path using Authentication to deliver to your downstream server? I see Notifications from time to time that my ESA is not able to reach my SMTP server, could not figure out a reason for that, because all systems are up all the time.
It appears we are using authentication however for unknown reason we have an anonymous relay connector for the ESA specifically as well. The logs show the username for the ESA is what is generating the 2nd error I mentioned above however there's only two of us that have access to make changes and neither have made any changes to domain account in question. I didn't set this up so I'm a bit confused.
Upon further checking, we do not have SMTP auth configured on the appliance. I'm confused because the original error on the email server was referring to the default frontend end receive connector but this connector is set for anonymous users and why would it be passing credentials for authentication if it's not configured to do so? Under Network-->Server Configuration-->Inbound Email Flow, authentication is NOT configured. The username it gave in the error was a username we had setup I assume for the authentication but apparently is not configured on the appliance. Another oddity is that the user account was under "managed service accounts" in active directory. so I moved it from there and put it in a regular user OU and now the original error on the exchange server cleared up but I'm getting a new error on the anonymous relay connector for which the appliances IP is allowed on.
To be sure I get this straight I assume the appliance is forwarding email messages to the default frontend receive connector. I then suspect it's trying to forward notifications through the relay agent for which I have gotten two notifications. One yesterday and another this morning. The error states the maximum number of connections per source for this connector has been reached by this source Ip address. However I ignorant to why there'd be more than one connection made from the appliance to the email server on the anonymous relay connector.
I think this may be a part of the issue. The latest event I've gotten on the exchange server says just that. The maximum number of connections has been reached. This error is on the anonymous relay connector. What I find odd is that based on what I mentioned above is why was I getting the error on the default frontend receive connector when authentication isn't being used. The source Ip for that event was the email appliances however mail was moving find in both directions this entire time. I do see some conflicting settings on that connector so I'll have to dig in and sort that out. Is there anywhere else the username for SMTP auth could be set on the appliance because it's passing credentials that do not appear to be configured on it at least where I was looking.