We help IT Professionals succeed at work.

can yyou help me troubleshoot a bounced back E-mail with NDR report?

1,731 Views
Last Modified: 2008-01-09
All emaisl sent from our domain (uswa.net) are being rejected by  domain oxhp.com
we have done some troubleshooting at our end, like sending emails to other domains and the emails go through successful.  I sent a few test messagess to Oxhp.com from my gmail and yahoo personal accounts and all went successfully.  The problem is that oxhp.com is rejecting all emails sent from uswa.net

here is the warning message that i get

  **********************************************
    **      THIS IS A WARNING MESSAGE ONLY      **
    **  YOU DO NOT NEED TO RESEND YOUR MESSAGE  **
    **********************************************

The original message was received at Thu, 11 Oct 2007 23:37:27 -0400 from uswa.net [65.106.160.242] (may be forged)

   ----- Transcript of session follows -----
451 4.4.1 reply: read error from mail2.corpmailsvcs.com.
<ttegler@oxhp.com>... Deferred
Warning: message still undelivered after 4 hours Will keep trying until message is 5 days old


also, i get an attachement with the following information:

Reporting-MTA: dns; host4.oneononeinternet.com
Arrival-Date: Thu, 11 Oct 2007 23:37:27 -0400

Final-Recipient: RFC822; ttegler@oxhp.com
Action: delayed
Status: 4.4.2
Last-Attempt-Date: Fri, 12 Oct 2007 05:52:33 -0400
Will-Retry-Until: Tue, 16 Oct 2007 23:37:27 -0400


also, our webhosting company who is responsible for routing our external emails did some trobleshooting  and here are the results:

Oct 11 13:25:08 host4 milter-greylist: l9BLP8gG006515: skipping greylist because address 127.0.0.1 is whitelisted, (from=<test01@uswa.net>, rcpt=<atuplin@oxhp.com>, addr=127.0.0.1)

Oct 11 13:25:11 host4 sendmail[6526]: l9BLP8gG006515: to=<atuplin@oxhp.com>, delay=00:00:03, xdelay=00:00:03, mailer=esmtp, pri=30383, relay=mail1.corpmailsvcs.com. [198.203.176.100], dsn=4.0.0, stat=Deferred: Connection reset by mail1.corpmailsvcs.com.

Oct 11 13:32:35 host4 sendmail[21887]: l9BLP8gG006515: to=<atuplin@oxhp.com>, delay=00:07:27, xdelay=00:00:00, mailer=esmtp, pri=120383, relay=mail10.corpmailsvcs.com. [198.203.174.10], dsn=4.0.0, stat=Deferred: Connection reset by mail10.corpmailsvcs.com.
-------------------------------------------------------------------------------------------------------





can you help me troubleshoot this issue
Comment
Watch Question

tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:
If it's only for one domain, and all other mail is flowing in ant out fine, then you will need to contact the system administrator at the other end as they sound like they are ones with the issue.

-tigermatt

Author

Commented:
i did contact them and asked to check their mail filter. They were saying that it is a problem at our end, but it's not possible. I just wanted to have a second opinion.

thanks for your help.
I'll take a stab --  It is a little bit of both.  They are likely rejecting you because the forward and the reverse lookup for the mail server don't match (for anti-spam).  Are you relaying through your provider?    That is, what is the domain of host4 (the one with sendmail running on it)?

You have 2 MX listed, internal.uswa.net and mail.uswa.net.  The IP address for internal points to just the domain (uswa.net) and not the full name.  is host4 the same as internal?

-T

Commented:
I think that I have found a possible source for your problems.
Since the server you are trying to access use some antispam called milter you should check this website to see what milter dose.
http://www.snertsoft.com/solutions.php#milter_ns
At this point I would be concerned about the call back technique described for milter sender.
Also I think that the main issue here is that your emails originate from a server that is not accessible
INTERNAL.uswa.net 65.106.160.242
This is why you are getting "may be forged" in the warining, then probably your hostname/ip is passed to a grey list and your messages gets delayed by milter-gris.
I think that you should make all outgoing mail to look as originating from MAIL.uswa.net 208.56.8.18,
the INTERNAL.uswa.net MX record seems a little useless since the server can't be accessed (this unless it is there for a very good reason).
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
thanks guys,

we made some changes on the sonicwall firewall
on the "Send Email (SMTP) we changed the source from "the webhosting IP" any

as i mentioned at the beginning of my question, we were able to send emails to all other domains except oxhp.com.  all your comments, especially the milter filter information were very helpful.

thank you all

Author

Commented:
According to my colleague, the reason for us relaying the emails through  corpmailsvcs.com  is that one time a hacker got to our system using the smtp port. would there be a way to secure the system from withing the sonicwall?
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.