[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1558
  • Last Modified:

can yyou help me troubleshoot a bounced back E-mail with NDR report?

All emaisl sent from our domain (uswa.net) are being rejected by  domain oxhp.com
we have done some troubleshooting at our end, like sending emails to other domains and the emails go through successful.  I sent a few test messagess to Oxhp.com from my gmail and yahoo personal accounts and all went successfully.  The problem is that oxhp.com is rejecting all emails sent from uswa.net

here is the warning message that i get

    **      THIS IS A WARNING MESSAGE ONLY      **

The original message was received at Thu, 11 Oct 2007 23:37:27 -0400 from uswa.net [] (may be forged)

   ----- Transcript of session follows -----
451 4.4.1 reply: read error from mail2.corpmailsvcs.com.
<ttegler@oxhp.com>... Deferred
Warning: message still undelivered after 4 hours Will keep trying until message is 5 days old

also, i get an attachement with the following information:

Reporting-MTA: dns; host4.oneononeinternet.com
Arrival-Date: Thu, 11 Oct 2007 23:37:27 -0400

Final-Recipient: RFC822; ttegler@oxhp.com
Action: delayed
Status: 4.4.2
Last-Attempt-Date: Fri, 12 Oct 2007 05:52:33 -0400
Will-Retry-Until: Tue, 16 Oct 2007 23:37:27 -0400

also, our webhosting company who is responsible for routing our external emails did some trobleshooting  and here are the results:

Oct 11 13:25:08 host4 milter-greylist: l9BLP8gG006515: skipping greylist because address is whitelisted, (from=<test01@uswa.net>, rcpt=<atuplin@oxhp.com>, addr=

Oct 11 13:25:11 host4 sendmail[6526]: l9BLP8gG006515: to=<atuplin@oxhp.com>, delay=00:00:03, xdelay=00:00:03, mailer=esmtp, pri=30383, relay=mail1.corpmailsvcs.com. [], dsn=4.0.0, stat=Deferred: Connection reset by mail1.corpmailsvcs.com.

Oct 11 13:32:35 host4 sendmail[21887]: l9BLP8gG006515: to=<atuplin@oxhp.com>, delay=00:07:27, xdelay=00:00:00, mailer=esmtp, pri=120383, relay=mail10.corpmailsvcs.com. [], dsn=4.0.0, stat=Deferred: Connection reset by mail10.corpmailsvcs.com.

can you help me troubleshoot this issue
1 Solution
If it's only for one domain, and all other mail is flowing in ant out fine, then you will need to contact the system administrator at the other end as they sound like they are ones with the issue.

winperezAuthor Commented:
i did contact them and asked to check their mail filter. They were saying that it is a problem at our end, but it's not possible. I just wanted to have a second opinion.

thanks for your help.
I'll take a stab --  It is a little bit of both.  They are likely rejecting you because the forward and the reverse lookup for the mail server don't match (for anti-spam).  Are you relaying through your provider?    That is, what is the domain of host4 (the one with sendmail running on it)?

You have 2 MX listed, internal.uswa.net and mail.uswa.net.  The IP address for internal points to just the domain (uswa.net) and not the full name.  is host4 the same as internal?

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

I think that I have found a possible source for your problems.
Since the server you are trying to access use some antispam called milter you should check this website to see what milter dose.
At this point I would be concerned about the call back technique described for milter sender.
Also I think that the main issue here is that your emails originate from a server that is not accessible
This is why you are getting "may be forged" in the warining, then probably your hostname/ip is passed to a grey list and your messages gets delayed by milter-gris.
I think that you should make all outgoing mail to look as originating from MAIL.uswa.net,
the INTERNAL.uswa.net MX record seems a little useless since the server can't be accessed (this unless it is there for a very good reason).
iliecz commented "the server you are trying to access use some antispam called milter."

1.  iliecz, the milter comes from winperz's relay provider's server
2.  milter is not an anti-spam per se, milter is a set of programmatic hooks for sendmail.

However, the problem:  The message is sending as uswa.net [], but coming from mail1.corpmailsvcs.com (  It is common practice to do what is called a reverse lookup (this is where the recipient's server check where you say your are coming (swa.net), but the IP address is from somewhere else (corpmailsvcs.com) and rejecting the message if the MX record, and the PTR record don't match.

I am curious, why are you relaying your e-mail through corpmailsvcs.com when you have a server (Internal) capable of sending mail? -T
winperezAuthor Commented:
thanks guys,

we made some changes on the sonicwall firewall
on the "Send Email (SMTP) we changed the source from "the webhosting IP" any

as i mentioned at the beginning of my question, we were able to send emails to all other domains except oxhp.com.  all your comments, especially the milter filter information were very helpful.

thank you all
winperezAuthor Commented:
According to my colleague, the reason for us relaying the emails through  corpmailsvcs.com  is that one time a hacker got to our system using the smtp port. would there be a way to secure the system from withing the sonicwall?

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now