What Local Issues may Cause Non-delivery of Mail?
Intrusion Detection Issues
Messages may be queued because of a connection timeout:
Connection timed out: SMTP timeout while connected to destinationserver.example [18.104.22.168] after sending data block (49135 bytes written)
This may occur if the message is over a certain size and your firewall has Intrusion Detection enabled.
Solution: Disable Intrusion Detection on your Firewall.
ASA 5505 ESMTP Inspection Problems
The ASA 5505 has an ESMTP inspection rule that may wrongly block certain emails from being delivered. Please ensure to disable this rule and/or to update the firmware.
Outdated Firmware Issues
You may be having issues with Inbound delivery.
Solution: Make sure all routers and firewalls are running up-to-date firmware. Telnet from a Windows machine to the destination server to test.
Exchange (On Premise or Online) and Missing Spam Experts Headers
If, when looking at the source of your message, you do not see our 'X-Headers', this could be an issue with the default HeaderPromotionModeSetting settings that Microsoft Exchange has in place. By default Microsoft Exchange sets these to 'NoCreate'. If you want to see the Spam Experts X-Headers when using IMAP and POP, you should change this to 'MayCreate'. This can be achieved from the Microsoft Exchange Shell by typing:
set-transportconfig -HeaderPromotionModeSetting MayCreate
Lotus Domino Notes Outbound SSL Issue
Older versions of Lotus Notes maybe be wrongly configured to send outbound mail by default to port 465 instead of port 25. This is a severe security issue since port 465 is not defined as an official port for incoming email delivery. Instead, email uses STARTTLS to handle encryption. To avoid email getting rejected from Lotus Notes servers, it's important to configure Lotus Notes to correctly deliver outbound mail to port 25 directly instead.
For more information, refer to the IBM Knowledge Center.
DNS and HTTP proxy with Custom Host Names
Avoid using DNS/HTTP proxy services (e.g. Cloudflare, Akamai) for custom host names for the control panel, quarantine or SMTP destinations. This can result in intermittent non-delivery issues or loss of functionality in the control panel. Use the 'direct' option instead.
For inbound mail, verify that the DNS settings for the destination host are correct. Specifically, if you are using a FQDN rather than an IP address for the destination host (e.g. mail.myserver.com), ensure that the A or CNAME record (and any AAAA record) is correctly set.
You can test your DNS settings to ensure that your zone is correctly configured: Zonemaster DNS check.
For outbound mail, ensure that your DNS provider correctly resolves the FQDNs for Spam Experts (e.g. mx1.mtaroutes.com). Some customers experience issues where their DNS returns IPv6 addresses but there is no IPv6 route to the host.
If in doubt, try using a public DNS provider or configure your server to use a local DNS server.