PROBLEM: Â When a user tries to send my organization an email, they will get an error message stating the the email has been delayed.Â The exact message: â€œThis message hasn’t been delivered yet. Delivery will continue to be attempted.â€
After a few days, the user would get an error that the message has failed stating that the â€œDelivery has failed to these recipients or groupsâ€
The frustrating part of this issue is that it doesnâ€™t happen consistently.Â The emails will successfully be delivered for days or even weeks and then the errors will rear their ugly heads once again.
Observations and what I have done to troubleshoot the issue:
- In all of the failed emails, the generating server was from the domain bigfish.com.Â After a couple of google searches, I found out that this is part of the Office365 services.Â In particular, the Forefront portion of the service.
- I whitelisted the email of the sender in our spam filter to make sure it wasnâ€™t getting blocked on accident.Â This did not fix our issue.Â (our spam filter is a Mail Foundry appliance).
- I removed some outdated blacklist sites on the spam filter to improve SMTP response time.Â Did not fix
- I put our spam filter in a DMZ to rule out our firewall.Â Did not fix
- Per a suggestion from a fellow admin, I checked our DNS and made sure that our SPF record was setup setup properly.Â Did not fix
- Worked with Mail Foundry tech support and confirmed with them that the email wasnâ€™t even getting to the appliance, let alone rejecting the message.
- Changed ISPs.Â We switched out ISPâ€™s not because of this issue but just to change service and this didnâ€™t fix the issue as well.
I have tried everything that I could think of so now I turn to anyone who might stumble on this post.Â Hopefully, someone might be able to give me a suggest that I havenâ€™t thought of yet.Â So if you have a suggestion, please leave a comment.
UPDATE 4.13.14: Â After working with another engineer who was working with Microsoft Forefront’s tech support, we found out that my firewall was blocking some of the originating servers. Â This would explain why some mails would go through and some wouldn’t. Â We had some Geographic/country related rules to block unwanted traffic. Â Problem is that MS has servers all over the world. Â So I created a white list for all the IP’s that Forefront uses(see below). Â Once we did that, email seems to be passing much better.
Forefront IP ranges to white list:
Technet article regarding this fix…