Link to home
Start Free TrialLog in
Avatar of perkskj
perkskj

asked on

Sender Denied

Environment is Exchange 2003, TrendMicro IMSS 5.5

Outside email from traid.rr.com and cox.net are not making it through my InterScan Messaging Security Suite.  IMSS is email to the sender that they are denied.  An example from the IMSS log is below.



2006/04/21 12:43:48 GMT-04:00            Scan Queue Size: <0> Current Connections: <1>      [284:368]
2006/04/21 12:43:48 GMT-04:00            ACL check OK, connection accepted from peer <XX.255.223.235>       [284:368]
2006/04/21 12:43:48 GMT-04:00            >> 500 XXX-SMTP1.XXX.com: unknown command.       [284:f40]
2006/04/21 12:43:48 GMT-04:00            << HELO fw1.calliope-sa.com       [284:f40]
2006/04/21 12:43:48 GMT-04:00            >> 250 XXX-SMTP1.XXX.com Hello [81.255.223.235]       [284:f40]
2006/04/21 12:43:48 GMT-04:00            << MAIL From:<ZZZ@triad.rr.com>       [284:f40]
2006/04/21 12:43:48 GMT-04:00            >> 250 <ZZZ@triad.rr.com>: Sender Ok       [284:f40]
2006/04/21 12:43:48 GMT-04:00            << RCPT To:<WWW@XXX.com>       [284:f40]
2006/04/21 12:43:48 GMT-04:00            >> 250 <jtweedy@XXX.com>: Recipient Ok       [284:f40]
2006/04/21 12:43:49 GMT-04:00            << DATA       [284:f40]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      >> 354 SFO-SMTP1.XXX.com: Send data now.  Terminate with "."       [284:f40]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      DOT command received       [284:f40]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      >> 250 SFO-SMTP1.XXX.com: Message accepted for delivery       [284:f40]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Message from: <ZZZ@triad.rr.com>       [284:f40]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Message map <d:\program files\trend\imss\ISNTSMTP\mqueue\4240C305-6C50-4CB3-ACD0-85DA3B17AF0B.DF>, Subject=<>, TID=<3904>      [284:f40]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Message to: <jtweedy@XXX.com>       [284:f40]
2006/04/21 12:43:49 GMT-04:00      4240c305-6c50-4cb3-acd0-85da3b17af0b      Push email into <scanning queue> OK       [284:f40]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      parsing message.
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      finished parsing message.
2006/04/21 12:43:49 GMT-04:00            Matched rule : Global Policy\Incoming Policy
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Policy matching took <0>ms [284:c5c]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      spliting message.
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      finished spliting message.
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Matched rule : Incoming Policy [284:c5c]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Filter(0x20001, CONTENT FILTER) runs successfully, outcome: Passed, took <0>ms [284:c5c]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Get entity filename = no filename [284:c5c]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Get entity filename = no filename [284:c5c]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Filter(0x10001, Antivirus Filter) runs successfully, outcome: No_Virus, took <15>ms [284:c5c]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Filter(0x30001, Spam Filter) runs successfully, outcome: Passed, took <0>ms [284:c5c]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Filter(0x20006, SPAM FILTER) runs successfully, outcome: Passed, took <0>ms [284:c5c]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Filter(0x20001, CONTENT FILTER) runs successfully, outcome: Passed, took <0>ms [284:c5c]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Filter(0x20001, CONTENT FILTER) runs successfully, outcome: Passed, took <0>ms [284:c5c]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Filter(0x20001, CONTENT FILTER) runs successfully, outcome: Passed, took <0>ms [284:c5c]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Filter(0x20001, CONTENT FILTER) runs successfully, outcome: Passed, took <0>ms [284:c5c]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Filter(0x20001, CONTENT FILTER) runs successfully, outcome: Passed, took <0>ms [284:c5c]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Filter(0x20003, STANDARD FILTER) runs successfully, outcome: Passed, took <0>ms [284:c5c]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Filter(0x20001, CONTENT FILTER) runs successfully, outcome: Passed, took <0>ms [284:c5c]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Filter(0x20001, CONTENT FILTER) runs successfully, outcome: Passed, took <0>ms [284:c5c]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Filter(0x30001, Spam Filter) runs successfully, outcome: Passed, took <0>ms [284:c5c]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      writing back message.
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      finished writing message.
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Final action is Deliver. [284:c5c]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Scan email result <1020000>, return code <1020000>       [284:c5c]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Scan finish, scan took <15> ms, message took <0> ms, total <15> ms, size=(0, 2627) bytes       [284:c5c]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Delete Message file<d:\program files\trend\imss\ISNTSMTP\mqueue\4240C305-6C50-4CB3-ACD0-85DA3B17AF0B.DF> success       [284:c5c]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Rename Message file<d:\program files\trend\imss\ISNTSMTP\mqueue\4240C305-6C50-4CB3-ACD0-85DA3B17AF0B.RF> success       [284:c5c]
2006/04/21 12:43:49 GMT-04:00      4240c305-6c50-4cb3-acd0-85da3b17af0b      Push email into <delivery queue> OK       [284:c5c]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Routing Table for Recipient - <jtweedy@XXX.com> : SmartHost<10.175.20.54:25;10.175.126.50:25>, DNSList<>, UseDNS<0>, Outbound<0>       [284:aac]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Host list for SmartHost<10.175.20.54:25;10.175.126.50:25>       [284:aac]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Forwarding mail for <jtweedy@XXX.com> to 10.175.20.54 via port 25       [284:aac]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      << 220 **************************************************************0****0****0 ***************2******200***2********0*00 \r\n       [284:aac]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      >> EHLO SFO-SMTP1.XXX.com\r\n       [284:aac]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      << 500 5.3.3 unrecognized command\r\n       [284:aac]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      >> HELO SFO-SMTP1.XXX.com\r\n       [284:aac]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      << 250 sfo-mail.XXX.com hello [70.158.117.100]\r\n       [284:aac]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      Downstream do not support ehlo, use helo instead. rcpt=<jtweedy@XXX.com>       [284:aac]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      interScanSendMailSMTPEx() to set setting bTransfer827 = <FALSE>       [284:aac]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      >> MAIL FROM:<ZZZ@triad.rr.com>\r\n       [284:aac]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      << 554 5.1.0 sender denied\r\n       [284:aac]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      >> QUIT\r\n       [284:aac]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      << QUIT       [284:f40]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      >> 221 SFO-SMTP1.XXX.com closing connection. Goodbye!       [284:f40]
2006/04/21 12:43:49 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      MTA finish, spend <1235> ms, size=(0, 2627) bytes, 1 messages       [284:f40]
2006/04/21 12:43:50 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      socket error, no packets received       [284:aac]
2006/04/21 12:43:50 GMT-04:00            554 5.1.0 sender denied\r\n<jtweedy@XXX.com>       [284:aac]
2006/04/21 12:43:50 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      ERROR:  ERROR DELIVERING MAIL - TIMESTAMP AND REASON HAS BEEN UPDATED IN AF FILE       [284:aac]
2006/04/21 12:43:50 GMT-04:00      4240C305-6C50-4CB3-ACD0-85DA3B17AF0B      MDA finish, delivery success, spend <1469> ms       [284:aac]
2006/04/21 12:43:51 GMT-04:00      353A5744-2B4E-49E0-970A-C639D9A3AA33      Host list for DNS<>       [284:954]
2006/04/21 12:43:51 GMT-04:00            Do DNS UDP query on <10.175.20.254>       [284:954]
2006/04/21 12:43:51 GMT-04:00            Do DNS UDP query(A record) on <10.175.20.254>       [284:954]
2006/04/21 12:43:51 GMT-04:00            going to connect host <clmboh-02.mgw.rr.com> at 65.24.7.66      [284:954]
2006/04/21 12:43:52 GMT-04:00      353A5744-2B4E-49E0-970A-C639D9A3AA33      << 220 welcome to road runner.  no uce *** for authorized use only! ***\r\n       [284:954]
2006/04/21 12:43:52 GMT-04:00      353A5744-2B4E-49E0-970A-C639D9A3AA33      >> EHLO SFO-SMTP1.XXX.com\r\n       [284:954]
2006/04/21 12:43:52 GMT-04:00            Downstream SMTP server support 8bitmime.       [284:954]
2006/04/21 12:43:52 GMT-04:00            Downstream SMTP server support size command.       [284:954]
2006/04/21 12:43:52 GMT-04:00      353A5744-2B4E-49E0-970A-C639D9A3AA33      << 250 size 20971520\r\n       [284:954]
2006/04/21 12:43:52 GMT-04:00      353A5744-2B4E-49E0-970A-C639D9A3AA33      interScanSendMailSMTPEx() to set setting bTransfer827 = <FALSE>       [284:954]
2006/04/21 12:43:52 GMT-04:00      353A5744-2B4E-49E0-970A-C639D9A3AA33      >> MAIL FROM:<postmaster@XXX.com> SIZE=3564\r\n       [284:954]
2006/04/21 12:43:52 GMT-04:00      353A5744-2B4E-49E0-970A-C639D9A3AA33      << 250 sender <postmaster@XXX.com> ok\r\n       [284:954]
2006/04/21 12:43:52 GMT-04:00      353A5744-2B4E-49E0-970A-C639D9A3AA33      >> RCPT TO:<ZZZ@triad.rr.com>\r\n       [284:954]
2006/04/21 12:43:52 GMT-04:00      353A5744-2B4E-49E0-970A-C639D9A3AA33      << 250 recipient <jtweedy@triad.rr.com> ok\r\n       [284:954]
2006/04/21 12:43:52 GMT-04:00      353A5744-2B4E-49E0-970A-C639D9A3AA33      >> DATA\r\n       [284:954]
2006/04/21 12:43:52 GMT-04:00      353A5744-2B4E-49E0-970A-C639D9A3AA33      << 354 go ahead\r\n       [284:954]
2006/04/21 12:43:52 GMT-04:00      353A5744-2B4E-49E0-970A-C639D9A3AA33      >> .\r\n       [284:954]
2006/04/21 12:43:52 GMT-04:00      353A5744-2B4E-49E0-970A-C639D9A3AA33      << 250 ok:  message 661326734 accepted\r\n       [284:954]
2006/04/21 12:43:52 GMT-04:00      353A5744-2B4E-49E0-970A-C639D9A3AA33      >> QUIT\r\n       [284:954]
2006/04/21 12:43:52 GMT-04:00      353A5744-2B4E-49E0-970A-C639D9A3AA33      << 221 clmboh-mx-12.mgw.rr.com\r\n       [284:954]
2006/04/21 12:43:52 GMT-04:00      353A5744-2B4E-49E0-970A-C639D9A3AA33      MDA finish, delivery notification success, spend <1453> ms       [284:954]
2006/04/21 12:43:59 GMT-04:00            Scan Queue Size: <0> Current Connections: <1>      [284:368]
2006/04/21 12:43:59 GMT-04:00            ACL check OK, connection accepted from peer <XX.255.223.235>       [284:368]
2006/04/21 12:43:59 GMT-04:00            >> 500 SFO-SMTP1.XXX.com: unknown command.       [284:d78]
Avatar of perkskj
perkskj

ASKER

This ticket can be closed
Apparently my predecessor blocked all customers of 2 of the largest ISP cable companies in the United States from sending mail to the company.
Never would of thought to check something that stupid.  Especially when the error message was coming from IMSS.
ASKER CERTIFIED SOLUTION
Avatar of EE_AutoDeleter
EE_AutoDeleter
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial