Link to home
Start Free TrialLog in
Avatar of Razorking
Razorking

asked on

UNDELIVERABLE MAIL

I have a situation where messages are being bounced when sent from our AS400, and I am not sure where the problem lies. Here is the situation:

We currently use POP e-mail so our e-mail is hosted by our web host, Bluehost to be specific. Yes I would like an Exchange server but until the economy gets better we are stuck with POP. Reality is that for the most part our mail works fine. We use Outlook for our mail client. The user accounts on the Outlook PC based environments work fine - no problems, we send and receive e-mail pretty much without fail. Bluehost does require that the account be set up to require authentication on the outgoing SMTP server.

Our business software runs on an AS400. Our users all have PCs or they connect to a Windows Terminal Server. Then we have a client program to connect to the AS400 and use the application that runs on the 400. The application on the AS400 has the capability of sending e-mails from the AS400. For example, we can send a customer an e-mail with a PDF attachment of an order acknowledgement. When this was first configured things were working fine. Now recently things have changed and most of the messages sent from the AS400 will bounce. However, if a user sends a message to themselves, it will be delivered no problem. So....if we send a message to any mail address that is on our domain it works fine, if we send to a different domain it bounces (only when sent from the AS400, all messages sent from the Outlook client work fine).

The bounced messages come back to the Outlook client. They say something like this (note: I have changed the user identifiable information below):

NOT ABLE TO DELIVER MAIL TO SOME/ALL RECIPIENTS.
REPLY CODES WITH FIRST DIGIT = '4' OR '5' ARE ERROR REPLIES.
ERRORS THAT DO NOT HAVE ERROR REPLY CODES MAY EXIST.

HOST xxx400 NOT ABLE TO DELIVER MAIL TO FOLLOWING RECIPIENT(S):
   <xxxx@gmail.com>
MAIL REJECTED BY gmail WITH THE MESSAGE:
   550 [99.999.99.9] is currently not permitted to relay through this server.

The message above states it was rejected by Gmail. If I send to a Comcast account it will say rejected by Comcast. It looks like it is a relay issue of some kind, I am just not sure what if anything I can do. I don't know of a way to set up individual accounts on the AS400 with authenticated user names/passwords. The 400 is just configured to send e-mail and it will send it under the e-mail address of each user. By reading the error message it looks as if the message does go to the recipients mail server and is rejected there. So...if that is correct I can assume:
A) The AS400 sends the message no problem
B) the Bluehost SMTP server gets the message and sends it to the recipient mail server
C) the recipient mail server is unhappy with it.

What I don't know is: where do I start? Is there something I can configure on the AS400, is this something Bluehost can help me with - or none of the above?

That is why I am starting here.

Thanks!
ASKER CERTIFIED SOLUTION
Avatar of Gary Patterson, CISSP
Gary Patterson, CISSP
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Razorking
Razorking

ASKER

Gary,

Those are all good comments.

Upon further review: I think you are correct in that the AS400 does seem to be sending directly rather than relaying to the Bluehost SMTP

I don't really know what changed. Actually the problem started maybe a year ago but initially not all messages from the 400 would be rejected, jsut some. Now it is virtually all (except sent to our domain. The users have just been applying a workaround where they send the message/attachment from the AS400 program interface to themselves, they receive it fine in Outlook and then they forward it on to the final destination. But some folks are complaining about the extra steps - and rightly so.

I am curious now: if we are to assume that the AS400 is sending direcly (not using the Bluehost SMTP server) wonder why messages sent to any e-mail address in our doamin do not get rejected?

I can say my original intent was to configure the AS400 to forward the messages to the Bluehost SMTP server - maybe I have that misconfigured.
Avatar of Razorking
Razorking

ASKER

Sorry for all the typos....sheesh
Avatar of Gary Patterson, CISSP
Gary Patterson, CISSP
Flag of United States of America image
As ISP's increasingly battle spam, more and more of them implement these soft of defensive measures.  I'm just guessing, but that's probably why you have seen the volume of rejected mail increasing.  There could be other reasons, for example, your IP address and/or domain could be blacklisted on one of the various spammer blacklists (I had this happen to a client htat had a bunch of machines infected with a spamming mail-bot).

Bluehost may not (yet) be applying the same restrictions that other major ISPs are, or may have toyr AS/400's public IP address configured as a permitted relayer, or something.  You may want to just try setting their SMTP mail server as your AS/400 mail forwarder.  Depending on how your firewall is configured, that may be enough to do it.  Somtimes, if you have users hitting POP all day long, the authentication will "stick" and allow your AS/400 to originate mail as long as it appears to come from the same IP address as the POP requests.  

If you only have a single static public IP address, this will probably work.

The problem is, after hours if everyone shuts their mail clients down, BlueHost may start rejecting SMTP mail after the authentication timeout expires (sometimes 30 minutes, sometimes less.)

Again, your best bet is to talk to your mail hosting provider and explain you problem.  It is unlikely that they will know anything about the AS/400, but you can just tell them that it only has basic SMTP capabilities and has no way to authenticate on it's own (AFIAK, that is!)

- Gary Patterson
Avatar of stevebowdoin
stevebowdoin
Flag of United States of America image
AOL is a strict as I know.  If you can send mail to an AOL address you should be able to send it anywhere.  I have a free account with AOL just for testing.  You should get one.

See postmaster.aol.com.  It has tools to help you.  Check your IP Reputation.  

If you dont have reverse DNS you will not get through.  Reverse DNS will come from your ISP.  Mine was free.

Steve Bowdoin  
Avatar of Razorking
Razorking

ASKER

Here is what I eventually came to:
Was able to use a colleague's Exchange server for testing. He configured his server to allow relays from my outward facing IP. I then configured my AS400 to specify his mail server as the mail router, and added an entry in the host table to resolve the DNS to IP. Sent a test e-mail from the 400 and it went right through with no 550 error.

This confirmed to me that our mail provider (Bluehost) was blocking the relays from the 400.

Did some searching on the Internet and found a service - dnsExit - which allows IP based authentication for SMTP relays. Pricing is very reasonable so I signed up and am testing. My AS400 is now relaying the e-mail to dnsExit and they are sending it from there - so far so good.
Avatar of Razorking
Razorking

ASKER

I really wanted to split the points between Gary and myself (see more findings below) but apparently I cannot do that. And since I appreciate the time he spent - I will just give him all the points.
Avatar of Gary Patterson, CISSP
Gary Patterson, CISSP
Flag of United States of America image
I don't think your mail porvider is necessarily blocking SMTP relays.  I just doubt that your AS/400 is properly configured on the internet as a "reputable" mail host.  rDNS is an important component of this reputation, as Steve explained above.

http://en.wikipedia.org/wiki/Reverse_DNS_lookup

Figure out the IP addres that your AS/400 originates mail on, and make sure you have a rDNS entry setup with your public DNS provider that matches the name that it sends on.

- Gary Patterson