Solved

User is unable to send email to external domain.

Posted on 2008-10-30
19
1,685 Views
Last Modified: 2013-11-30
Hi,

User complains that after sending an email she gets bounced email. I've attached a snapshot . Please refer it for details. Our end Exchange 2003 with latest patch installed.
0
Comment
Question by:anupam1983
  • 10
  • 6
  • 2
  • +1
19 Comments
 
LVL 17

Expert Comment

by:Andres Perales
ID: 22840927
I do not see an snapshot?
0
 

Author Comment

by:anupam1983
ID: 22840952
Here is the snapshot.
snapshots.bmp
0
 
LVL 3

Expert Comment

by:gke565
ID: 22840985
Your exchange server is set to only allow email relaying from authorized equipment or users.  The sender is using some type of SMTP server to send her email and your server is rejecting.  If the user has a valid need for this then add the server's IP address to your Exchange SMTP allowed relay.  This may be from her scanning something from a copier and using her return address.  All multi-function copiers that you want to allow to email need to be added to the SMTP allowed relay group.
0
 
LVL 17

Expert Comment

by:Andres Perales
ID: 22840988
Do an nslookup on that domain name, you will see that omni-industries.com does not exist, but omniindustries.com without the dash does, perhaps your have the wrong email address.
0
 

Author Comment

by:anupam1983
ID: 22841061
When I do NSLOOKUP for omni-industries.com, it resolves and gives Non-Authoritative answer with an IP address.

Also it has Anonymous access allowed (in SMTP VS properties section)
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22841487
Requesting you to paste the complete NDR rather than a screenshot.

Thanks.
0
 

Author Comment

by:anupam1983
ID: 22842811
Delivery has failed to these recipients or distribution lists:

athena.shi@omni-industries.com<mailto:athena.shi@omni-industries.com>
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.

helen.tian@omni-industries.com<mailto:helen.tian@omni-industries.com>
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.

The following organization rejected your message: [202.157.144.2].

________________________________
Sent by Microsoft Exchange Server 2007






Diagnostic information for administrators:

Generating server: bigfish.com

athena.shi@omni-industries.com
[202.157.144.2] #550 relaying blocked, read new mail, add 216.32.181.16 to forwarding or enable smtp authentication in y ##

helen.tian@omni-industries.com
[202.157.144.2] #550 relaying blocked, read new mail, add 216.32.181.16 to forwarding or enable smtp authentication in y ##

Original message headers:

Received: from mail211-wa4-R.bigfish.com (10.8.14.252) by  WA4EHSOBE006.bigfish.com (10.8.40.26) with Microsoft SMTP Server id  8.1.291.1; Tue, 28 Oct 2008 22:50:35 +0000
Received: from mail211-wa4 (localhost.localdomain [127.0.0.1])  by
 mail211-wa4-R.bigfish.com (Postfix) with ESMTP id C91D318082A2;        Tue, 28 Oct
 2008 22:50:34 +0000 (UTC)
X-BigFish: VS-67(zz9370Paf6W4015M1443R18c1K936fO3117K8c3I8d0R9371Pf4eMzzzz86benz2dh6bh43j61h)
X-Spam-TCS-SCL: 0:0
X-FB-SS: 5,
Received: by mail211-wa4 (MessageSwitch) id 122523422678941_23449; Tue, 28 Oct
 2008 22:50:26 +0000 (UCT)
Received: from frd01exsmtp01.ads.invitrogen.net (unknown [198.140.180.153])     by
 mail211-wa4.bigfish.com (Postfix) with ESMTP id B7D8014F8054;  Tue, 28 Oct
 2008 22:50:25 +0000 (UTC)
Received: from CBD01EXCMBX02.ads.invitrogen.net ([10.34.160.103]) by
 frd01exsmtp01.ads.invitrogen.net with Microsoft SMTPSVC(6.0.3790.1830);         Tue,
 28 Oct 2008 18:49:02 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="----_=_NextPart_001_01C9394F.5EBF2DCC"
Subject: RE: Oct 24 shipping notice
Date: Tue, 28 Oct 2008 15:49:00 -0700
Message-ID: <4938706BEAA558488F1EC4833CC9F1AD032E1159@CBD01EXCMBX02.ads.invitrogen.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Oct 24 shipping notice
Thread-Index: AckOEA9lkIj9du/sSJeAolLWFO5uFwAF+1wQABx8D6ABgJ1+EADDEBsgBtzZk0AAdFdJsADiFMvwAAIwCCAADj6sEAAQ/8RAAAAPb7AAAsamQAAFUdwwAAzQXRA=
From: "Drucas, Jeanine" <jeanine.drucas@invitrogen.com>
To: <athena.shi@omni-industries.com>
CC: <helen.tian@omni-industries.com>, "Ayach, Janet"
        <janet.ayach@invitrogen.com>, "Marian Roem (DHL US)" <marian.roem@dhl.com>,
        "Stacey Kwiat (DHL US)" <Stacey.Kwiat@dhl.com>
X-OriginalArrivalTime: 28 Oct 2008 22:49:02.0719 (UTC) FILETIME=[5FADB8F0:01C9394F]
Return-Path: jeanine.drucas@invitrogen.com

0
 

Author Comment

by:anupam1983
ID: 22842939
Hi,

Do you need any other information, then please let me know!

Thanks,
Anupam
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22844368
This is pretty interesting, when i tried to telnet to omni-industries.com using your domain reference i was allowed to drop an email.

However, it sounds a bit funny when i did a lookup for the ip address of IP ADDRESS 216.32.181.16 using the information below.

[202.157.144.2] #550 relaying blocked, read new mail, add 216.32.181.16 to forwarding or enable smtp authentication in y ##

helen.tian@omni-industries.com
[202.157.144.2] #550 relaying blocked, read new mail, add 216.32.181.16 to forwarding or enable smtp authentication in y ##

Look what i found.

http://www.projecthoneypot.org/ip_216.32.181.16
http://www.phishbucket.org/main/index.php?option=com_content&task=view&id=3583

Question of the Day: Does this IP range belong to your company ????
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:anupam1983
ID: 22845025
Wow! The first link was understandable to me, which says that 216.32.181.16 is used for spamming/dictionary attacks, correct?

What u did in the 2nd link was not clear to me. So if u can plz gimme some hints.

I am 99% sure this IP doesn't belong to us, since when I did NSLOOKUP I also got the same error (what u've recieved, #550) till yesterday. But today, without knowing anything Glenn, a colleague added OMNI-INDUSTRIES.com to allow sender list, then onwards after doing NSLOOKUP I am getting the following result:

Outbound-wa4.frontbridge.com
216.32.181.16

I've no idea what is cooking behind this scenario..Simply clueless..

Many Thanks,
Anupam
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22845133
You understood the first link perfectly fine.

I wanted to show you this............in the second link - this is similar to what you posted - right ??

Received: from 216.32.181.16  (EHLO WA4EHSOBE003.bigfish.com)
(216.32.181.16)
  by mta442.mail.re4.yahoo.com with SMTP; Fri, 04 Jul 2008 06:06:54 -0700
Received: from mail107-wa4-R.bigfish.com (10.8.14.252) by  WA4EHSOBE003.bigfish.com (10.8.40.23) with Microsoft SMTP Server id  8.1.240.5; Fri, 4 Jul 2008 13:06:28 +0000
Received: from mail107-wa4 (localhost.localdomain [127.0.0.1])    by
 mail107-wa4-R.bigfish.com (Postfix) with ESMTP id DE28511F0322;    Fri,
4 Jul
 2008 13:06:27 +0000 (UTC)
Received: by mail107-wa4 (MessageSwitch) id 1215176787577866_13146; Fri,  4  Jul 2008 13:06:27 +0000 (UCT)
Received: from mail8.uno.edu (mail8.uno.edu [137.30.242.55])    by
 mail107-wa4.bigfish.com (Postfix) with ESMTP id 2707E1198065;    Fri,  4 Jul
 2008 13:06:25 +0000 (UTC)
0
 

Author Comment

by:anupam1983
ID: 22845251
Ahaa! Oh my God! :O(  
U r absolutely right! So what do I do now? Have u ever faced this problem before??

But how come this IP address was being used by our internal client was using to send email to an external client????

Many Thanks,
Anupam
0
 
LVL 33

Accepted Solution

by:
Exchange_Geek earned 500 total points
ID: 22845340
I would suggest contact your ISP about this matter - second, contact the other domain and show them this report and ask them about how to get across this - seems they are getting hit by this pretty often.

I have come across SMTP Spoofing but then it seems that these emails are being sent across as legitimate so no counters for relaying in it (which i originally had a gut feeling)
0
 

Author Comment

by:anupam1983
ID: 22845427
Ok Master! I'll definitely do that. I guess this much information is more than sufficient for me. Further if I require some help I'll always look forward to you.

You are just fantastic! I know I am not elligible to assign you those marks, but still I've to.

Bye, take care......
Anupam
0
 

Author Closing Comment

by:anupam1983
ID: 31511656
You are just a Gem! Brilliant way of tracing a problem and extreme accuracy of finding out the root cause... GOD BLESS YOU!!

Billions of thanks!!!!!!!!!!!!
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22845489
glad to have assisted you, please feel free to post your queries at EE Forum, we would be there to always assist you.

Take Care.

God Bless.

0
 

Author Comment

by:anupam1983
ID: 22851849
Hi Master,

I've checked with my senior and he gave me this link http://www.trustedsource.org/query/frontbridge.com which shows it's an external domain and also the IP address is a valid one.
Here I am confused completely. Can you please help me out??

Thanks,
Anupam
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22853644
Buddy, i would still contact the other domain and ask them why such messages are being thrown at your emails.

0
 

Author Comment

by:anupam1983
ID: 22855110
Alright sir! As u advised we've spoke to other domain and our domain is now added to their allow sender list, I mean whitelist.

But the IP 216.32.181.16 is still confusing siince one report says it is used for spaming and the other one says its a valid IP for another external domain. This is where my confusion is.....
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now