[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Exchange 2000 - Email bounces back for certain Domain

Posted on 2004-11-05
19
Medium Priority
?
597 Views
Last Modified: 2013-11-30
I cannot send email to a certain domain "stmarysschool.org".  My domain is musowls.org and my MX Record is mail.musowls.org and my PTR is mail.musowls.org.  We've been having this problem for a while.  Time Warner is our ISP and they told us to Relay all our Email through their mail server mail.chrl.twtelecom.net.  So I went into Exchange System Manager under Servers under Protocols under SMTP and right-clicked SMTP Default Virtual Server and selected properties.  Went to Delivery tab and then Advanced button and then put in mail.chrl.twtelecom.net as a Smart Host.  I also made a new SMTP Connector and called it Problematic Domains and for its properties I selected Forware all mail through this connector to the following smart hosts and typed in mail.chrl.twtelecom.net, added my bridgehead server then went to the Address Space Tab and added an SMTP domain *.stmarysschool.org then I clicked Allow messages to be relayed to this domain.  I'm not sure what else could be done.  Also if you telnet to port 25 on our mail.musowls.org it gives a weird greeting with asteriks in the greeting.

here's the NDR I get when it bounces back to me.

---------------------------------------------
The following recipient(s) could not be reached:

      mCENSORED@stmarysschool.org on 11/5/2004 10:58 AM
            The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < barracuda.stmarysschool.org #5.0.0 X-Spam-Firewall; host 172.16.0.2[172.16.0.2] said: 553 Bad    parameters to MAIL command. (in reply to MAIL FROM command)>
----------------------------------------------

A more detailed analysis is the internet header of the email

----------------------------------------------
Microsoft Mail Internet Headers Version 2.0
Received: from barracuda.stmarysschool.org ([66.192.137.236]) by mail.musowls.org with Microsoft SMTPSVC(5.0.2195.6713);
       Fri, 5 Nov 2004 10:57:13 -0600
Received: by barracuda.stmarysschool.org (Spam Firewall)
      id 818214C00094; Fri,  5 Nov 2004 10:58:04 -0600 (CST)
Date: Fri,  5 Nov 2004 10:58:04 -0600 (CST)
From: MAILER-DAEMON (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: ME@MUSOwls.org
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
      boundary="29F8D4C00090.1099673884/barracuda.stmarysschool.org"
Message-Id: <20041105165804.818214C00094@barracuda.stmarysschool.org>
Return-Path: <>
X-OriginalArrivalTime: 05 Nov 2004 16:57:13.0875 (UTC) FILETIME=[7F9CFE30:01C4C358]

--29F8D4C00090.1099673884/barracuda.stmarysschool.org
Content-Description: Notification
Content-Type: text/plain

--29F8D4C00090.1099673884/barracuda.stmarysschool.org
Content-Description: Delivery error report
Content-Type: message/delivery-status

--29F8D4C00090.1099673884/barracuda.stmarysschool.org
Content-Description: Undelivered Message
Content-Type: message/rfc822

X-ASG-Debug-ID: 1099673884-27638-2-0
X-Barracuda-URL: http://172.16.0.98:8000/cgi-bin/mark.cgi
X-ASG-Whitelist:  Sender
Received: from relay1.mail.twtelecom.net (relay1.mail.twtelecom.net [216.136.102.250])
      by barracuda.stmarysschool.org (Spam Firewall) with ESMTP id 0FE99200009C
      for <mCENSORED@stmarysschool.org>; Fri,  5 Nov 2004 10:58:04 -0600 (CST)
Received: from mail.musowls.org (unknown [66.162.168.3])
      by relay1.mail.twtelecom.net (Postfix) with SMTP id 962E557D7
      for <mCENSORED@stmarysschool.org>; Fri,  5 Nov 2004 09:54:42 -0600 (CST)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
      charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.0.6375.0
X-ASG-Orig-Subj: 10:56 a.m. Friday
Subject: 10:56 a.m. Friday
Date: Fri, 5 Nov 2004 10:57:12 -0600
Message-ID: <591676CFA5F36E48BA079A2CF80DF76C0F3E49@tc-campus.muscampus.local>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: 10:56 a.m. Friday
Thread-Index: AcTDWH42FoRBwM/XSr2jx1kV48OwdQ==
From: "ME" <ME@MUSOwls.org>
To: "MCENSORED (E-mail)" <mCENSORED@stmarysschool.org>
X-Virus-Scanned: by Barracuda Spam Firewall at stmarysschool.org
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=3.0 QUARANTINE_LEVEL=9.0 KILL_LEVEL=3.5


--29F8D4C00090.1099673884/barracuda.stmarysschool.org--

--------------------------------------------------------------------
0
Comment
Question by:MWhiteside
  • 7
  • 7
  • 5
19 Comments
 
LVL 3

Expert Comment

by:ccceqo2
ID: 12507490
It sounds like the recipient email address format has gotten mangled up.
It might be worth trying from a different email client and/or by just typing the recipient address only in the to field.
0
 
LVL 8

Expert Comment

by:kain21
ID: 12507501
why did you create the second smtp virtual server?  the default smtp virtual server would have been sufficient to relay messages through your ISP...
0
 

Author Comment

by:MWhiteside
ID: 12507590
I CENSORED out the recipient email address just so no one could see it posted here ;).

And I made the second smtp virtual server just to cover all my bases.  And from the looks of the Internet Header it does look like its getting relayed through Time Warners email server.  So I'm still not sure why it's bouncing back.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 8

Expert Comment

by:kain21
ID: 12507771
on your default virtual smtp server is the full qualified domain name on the advanced delivery tab "tc-campus.muscampus.local"... if so... try changing it to mail.musowls.org and click check dns and see if it can resolve... then click ok... do this on the other virtual smtp server also unless you decide to get rid of it...  this way the message id will match your external domain name... it might be something with how the barracuda spam filter on their end is parsing the header...
0
 

Author Comment

by:MWhiteside
ID: 12507845
Weird.  How did you find out "tc-campus.muscampus.local"????  Did you telnet to mail.musowls.org port 25 and see that??  Changed the fqdn to mail.musowls.org about 3 days ago in the Default Virtual smtp server.  If you did see that by telneting why hasn't the change taken affect?  I restarted the Microsoft Exchange Routing Engine and the SMTP service.  And you told me to change it at the second SMTP Connector, but there isn't a place to change it.  Should I just get rid of the second one, because I only added it to try and solve this issue???  It's not for any other use.
0
 

Author Comment

by:MWhiteside
ID: 12507856
Ohh I see, you saw TC-Campus.muscampus.local in the internet Header stuff
0
 
LVL 8

Expert Comment

by:kain21
ID: 12507868
ok... do you have a more recent header from an email that was sent back after the change had taken effect?
0
 

Author Comment

by:MWhiteside
ID: 12507899
The one I've posted is from today.  I made the change about 3 days ago.  I don't know why the tc-campus.muscampus.local would show up.  I haven't rebooted the server, so maybe the change hasn't totally taken affect.  I'm not sure why it still shows.
0
 
LVL 8

Expert Comment

by:kain21
ID: 12507935
the only thing I could think of is a configuration problem on their barracuda... they probably need to specifically allow your domain to come through... their spam filter may be catching it... it won't necessarily give you a reason so you don't try and find a way around it...
0
 
LVL 3

Expert Comment

by:ccceqo2
ID: 12511947
I realise you censored it out, my suggestion was based on the error number from their server. That and the fact that neither your server nor your ISP's server could send it.
0
 

Author Comment

by:MWhiteside
ID: 12515435
Well I rebooted the server and that didn't change anything.  Does the Internet Header saying "Message-ID: <591676CFA5F36E48BA079A2CF80DF76C0F3E49@tc-campus.muscampus.local>" have anything to do with this?  How can I change it to say mail.musowls.org?  And cccego2, I see what your talking about.  I tried telneting to barracuda.stmarysschool.org, but couldn't.  I telneted to mail.stmarysschool.org on port 25 and did
helo mail.musowls.org  <---- Also typed in just musowls.org and that worked too
mail from: me@musowls.org
rcpt to: m@stmarysschool.org
data
blah blah
.
quit
And it all goes through fine.  I also telneted to mail.chrl.twtelecom.net and did the same thing and it worked.  So it doesn't seem to reject mail.musowls.org domain or musowls.org.  It seems that the problem is not on my end.  I think it has something to do with the barracuda.  Any more idea's?  I'm going to try and get ahold of their SMTP logs and see what it shows.
0
 
LVL 3

Expert Comment

by:ccceqo2
ID: 12517597
What I meant was maybe your email client like outlook express is turning the email address into a format that their mail server doesn't like.

Error 553 generally means "mailbox name not allowed". This might happen if your email client had stored the email address and name wrong or had some bug (think outlook express). Therefore what I was suggesting is to use some other version of email client, point it's SMTP outgoing setup to YOUR mail server, type in just the plain email address without the <Contact Name> Part at the front and try sending a test message to the problem address.
0
 
LVL 3

Expert Comment

by:ccceqo2
ID: 12517606
For our more savvy users, here is information on the extra headers that each message will contain.
X-Barracuda-Spam-Flag: YES
This tag will be present if the Barracuda believes the message to be spam, if it has a score of 3.5. If you believe this is too restrictive, you may base your filter on the X-Barracuda-Spam-Score header instead. This header will not be present otherwise if the score is lower than 3.5.
X-Virus-Scanned: by Barracuda Spam Firewall at dcn.davis.ca.us
This tag will be present in all messages scanned by the Barracuda.
X-Barracuda-Spam-Score
The Barracuda scores messages by using SpamAssassin, and this tag reports that score. Messages with a score of 3.5 or higher will contain a "[SPAM?]" subject prefix. Messages that score 9 or higher will not be delivered to your mailbox.
X-Barracuda-Spam-Status
This tag mentions which SpamAssassin rules matched with the message.
X-Barracuda-Spam-Report
This tag includes a detailed report on the rules matched with the message. It will look something like this:

pts  rule name              description
---- ---------------------- -------------------------------------------
0.3 NO_REAL_NAME           From: does not include a real name
1.7 HTML_IMAGE_ONLY_06     BODY: HTML: images with 400-600 bytes of words
0.1 HTML_60_70             BODY: Message is 60% to 70% HTML
0.6 HTML_WEB_BUGS          BODY: Image tag intended to identify you
0.1 HTML_FONTCOLOR_BLUE    BODY: HTML font color is blue
0.0 HTML_MESSAGE           BODY: HTML included in message
0.1 HTML_FONTCOLOR_UNSAFE  BODY: HTML font color not in safe 6x6x6 palette
0.1 HTML_TAG_EXISTS_TBODY  BODY: HTML has "tbody" tag
0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
1.5 HTML_FONT_INVISIBLE    BODY: HTML font color is same as background
0.1 HTML_FONTCOLOR_RED     BODY: HTML font color is red
1.1 MAILTO_TO_SPAM_ADDR    URI: Includes a link to a likely spammer email
0.2 HTTP_WITH_EMAIL_IN_URL URI: 'remove' URL contains an email address
0
 
LVL 3

Expert Comment

by:ccceqo2
ID: 12517612
So, it looks like the spam filter has said your message is fine, since it got a score of 0.

X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=3.0 QUARANTINE_LEVEL=9.0 KILL_LEVEL=3.5
0
 
LVL 3

Expert Comment

by:ccceqo2
ID: 12517625
Further to my original suggestion, next maybe investigate this line:
Received: from mail.musowls.org (unknown [66.162.168.3])
I think your FQDN should be in place of that unkown? If that was the problem it would explain the 553 error.
0
 

Author Comment

by:MWhiteside
ID: 12549611
The person in charge of the server on the other end is seeing the SMTP log as

Tue, Nov 9, 2004 2:10:48 PM - SMTP Server has rejected a message from <me@MUSOwls.org>. Preferences for host "MUSOwls.org" indicate mail from this host is to be rejected.

When I try and send an email.  She says it's getting past the baracuda.  Also the email server is an
Appleshare IP 6.3
0
 

Author Comment

by:MWhiteside
ID: 12567291
Problem is solved.  It was on the other School's end.  Here's the reply of what they did on the other end

"I really don't know. I called TW telecom and they didn't think it was on there end. Even though the bounce msg you received said it was from the Barracuda, that was not the problem. The Barracuda Spam filter show all mail from MUS being allowed. The only thing I did was delete MUS from the HOST list (it was cached) and added it back manually. I suppose that could have been the problem, but don't know for sure. "

So she deleted MUS from the apple servers HOST list and readded it.
0
 
LVL 8

Expert Comment

by:kain21
ID: 12567366
glad to hear you got it fixed... didn't think it was a problem on your end... corrupted cache list... hmm... that would explain the unknown in the header... have to remember that one...
0
 
LVL 3

Accepted Solution

by:
ccceqo2 earned 1000 total points
ID: 12592280
Hello... this is what I was saying above... where I said it should have your domain and it actually had "uknown". By investigating this we would have figured out that the receiving server could not resolve your domain. This turns out to be exactly the case, as you say they had some weird entry in their hosts file.

I already pointed out that the barracuda was not blocking your mail too.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question