This issue happens because IMSS is designed that way. If IMSS can establish the initial connection but failed to send the mail, IMSS will not try to send it to the next MX or A record. However, if IMSS already has problems connecting to the downstream MTA (e.g. TCP handshake failed) or it received a 4xx response, then IMSS will try to send the mail to the next MX or A record.

If there is just a delay sending the SMTP banner, you may increase the "IdleWaitingSecond" value to "300" (5 mins) as a workaround. This allows IMSS to wait until it receives a response from the remote MTA server.

1. Go to the ..Program Files\Trend Micro\IMSS\ config folder.
2. Locate and back up the tsmtpd.ini file.
3. Open the original tsmtpd.ini file using a text editor.
4. Look for the "IdleWaitingSecond=30" parameter and change the value to "60".
5. Make sure that the "#" sign is removed to enable the parameter.
6. Save and close the file.
7. Restart the following services:
   • Trend Micro IMSS SMTP service
   • Trend Micro Scanner service

If there is no banner response being sent back, or if the respond takes too long (more than 5 minutes), you can create a smarthost entry for domain A, and then assign the second and third MX record IP to prevent IMSS from sending mails to slow-responding MTA.