DNS Issues
For incoming mail, verify that the DNS settings for the destination host are correct. Specifically, if you are using a FQDN rather than an IP address for the destination host (e.g. mail.myserver.com), ensure that the A or CNAME record (and any AAAA record) is correctly set.
You can test your DNS settings to ensure that your zone is correctly configured: Zonemaster DNS check.
For outgoing mail, ensure that your DNS provider correctly resolves the FQDNs for SpamExperts (e.g. mx1.mtaroutes.com). Some customers experience issues where their DNS returns IPv6 addresses but there is no IPv6 route to the host.
If in doubt, try using a public DNS provider or configure your server to use a local DNS server.
Exchange (On Premise or Online) and Missing SpamExperts Headers
If, when looking at the source of your message, you do not see our 'X-Headers', this could be an issue with the default HeaderPromotionModeSetting settings that Microsoft Exchange has in place.
By default Microsoft Exchange sets these to 'NoCreate'. If you want to see the SpamExperts X-Headers when using IMAP and POP, you should change this to 'MayCreate'. This can be achieved from the Microsoft Exchange Shell by typing:
set-transportconfig -HeaderPromotionModeSetting MayCreate
Be sure to set the config back to 'NoCreate' once the SpamExperts headers start appearing.
Intrusion Detection Issues
Messages may be queued because of a connection timeout:
Connection timed out: SMTP timeout while connected to destinationserver.example [1.1.1.1] after sending data block (49135 bytes written)
This may occur if the message is over a certain size and your firewall has Intrusion Detection enabled.
To fix this, disable Intrusion Detection on your Firewall.
DNS and HTTP proxy with Custom Host Names
Avoid using DNS/HTTP proxy services (e.g. Cloudflare, Akamai) for custom host names for the control panel, quarantine or SMTP destinations. This can result in intermittent non-delivery issues or loss of functionality in the control panel. Use the 'direct' option instead.
Lotus Domino Notes Outgoing SSL Issue
Older versions of Lotus Notes maybe be wrongly configured to send outgoing mail by default to port 465 instead of port 25. This is a severe security issue since port 465 is not defined as an official port for incoming email delivery. Instead, email uses STARTTLS to handle encryption. To avoid email getting rejected from Lotus Notes servers, it's important to configure Lotus Notes to correctly deliver outgoing mail to port 25 directly instead.
For more information, refer to the IBM Knowledge Center.
Outdated Firmware Issues
If you are having issues with Incoming delivery, make sure all routers and firewalls are running up-to-date firmware. Telnet from a Windows machine to the destination server to test.
ASA 5505 ESMTP Inspection Problems
The ASA 5505 has an ESMTP inspection rule that may wrongly block certain emails from being delivered. Please ensure to disable this rule and/or to update the firmware.