Issues with recipients to receive our Emails

We are using a SBS 2003 with a Microsoft Exchange server.
In front we have a Sonic Fire Wall TZ 170SP.
We are experiencing issues with Comcast customers to receive our emails.
I called Comcast and our carrier ATT and both sites are telling me that they dont block our Emails.
I dont know were to start to look for issues. All other non Comcast customers ~4000 have no issues with receiving our mails.

&@comcast.net on 11.06.2008 12:31
            Could not deliver the message in the time limit specified.  Please retry or contact your administrator.
            <rima-system.net #4.4.7>

Would you have any guide lines?
RISYMIKEAsked:
Who is Participating?
 
Hugh FraserConnect With a Mentor ConsultantCommented:
You can be listed because you're a source of the spam or a relay. The rbl sites will tell you why, and often have test pages that will check the current status of your site.

The solution is to correct the problem. Some sites will need to be notified to have you re-try, while other will detect it themselves.

Ultimately, you will need to identify the source of the problem. Check mail server and firewall logs to see if you have a spam source within your organization. if needed, put a traffic monitoring tool like ntop outside your firewall so that you can see network traffic. If it turns out you are creating spam, do the standard steps. AV, anti-spam, and rootkit tests on all your machines.
0
 
Hugh FraserConsultantCommented:
Is it all Comcast subscribers, or just some? Is it a reproducible problem?

The error sounds like a connectivity issue. Can you include a full message header of a returned message so we can see the hops. This my provide a clue as to how far the message gets.
0
 
RISYMIKEAuthor Commented:
Hello,

It would be any Comcast subscriber and you can duplicate the error any time.

Microsoft Mail Internet Headers Version 2.0
From: postmaster@rima-system.net
To: M.Legac@rima-system.net
Date: Wed, 11 Jun 2008 12:30:43 -0400
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
      boundary="9B095B5ADSN=_01C8BB7821935B8500000D7Drima?system.net"
X-DSNContext: 7ce717b1 - 1391 - 00000002 - C00402D1
Message-ID: <mrvoGdKO80000007a@rima-system.net>
Subject: Delivery Status Notification (Failure)

--9B095B5ADSN=_01C8BB7821935B8500000D7Drima?system.net
Content-Type: text/plain; charset=unicode-1-1-utf-7

--9B095B5ADSN=_01C8BB7821935B8500000D7Drima?system.net
Content-Type: message/delivery-status

--9B095B5ADSN=_01C8BB7821935B8500000D7Drima?system.net
Content-Type: message/rfc822

Content-class: urn:content-classes:message
Subject: RE: Group Health Insurance for Florida
MIME-Version: 1.0
Content-Type: multipart/mixed;
      boundary="----_=_NextPart_001_01C8CA4B.F2620F89"
Date: Mon, 9 Jun 2008 12:14:51 -0400
Message-ID: <DBC1098A0982E745B5E28CF323AE3A251EB161@rsa-server>
X-MimeOLE: Produced By Microsoft Exchange V6.5
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Thread-Topic: Group Health Insurance for Florida
Thread-Index: AcjCgQDsaKkTmyh4QniPosEkERzdQQFj7CdAAIoa2AA=
References: <354CD5F2974D794481B9F8E3BCE82EC5E78636@win2kexc.rimasystem.com>
From: "Mark Legac" <M.Legac@rima-system.net>
To: "Thao Tran" <ttran@rimasystem.com>
Cc: <mmrpenrose@comcast.net>

------_=_NextPart_001_01C8CA4B.F2620F89
Content-Type: text/plain;
      charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

------_=_NextPart_001_01C8CA4B.F2620F89
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit

Received:  from SGS5310.rimasystem.com ([206.111.47.230]) by rima-system.net with Microsoft SMTPSVC(6.0.3790.3959); Tue, 29 Apr 2008 18:32:55 -0400
Received:  from win2kexc.rimasystem.com by SGS5310.rimasystem.com          via smtpd (for adsl-067-033-037-253.sip.asm.bellsouth.net [67.33.37.253]) with ESMTP; Tue, 29 Apr 2008 16:29:36 -0700
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
      charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: FW: FW: Mark Legac's group health insurance
Date: Tue, 29 Apr 2008 18:32:35 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Message-ID: <354CD5F2974D794481B9F8E3BCE82EC591C4E4@win2kexc.rimasystem.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: FW: FW: Mark Legac's group health insurance
Thread-Index: AcipXLOPZD5UUMaQRHG8QcTsqU6OIgA66NTg
X-Priority: 1
Priority: Urgent
Importance: high
From: "Thao Tran" <ttran@rimasystem.com>
To: <mmrpenrose@comcast.net>
Cc: "Mark Legac" <M.Legac@rima-system.net>


------_=_NextPart_001_01C8CA4B.F2620F89--

--9B095B5ADSN=_01C8BB7821935B8500000D7Drima?system.net--
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Hugh FraserConsultantCommented:
The address for rimasystem.com (206.111.47.230) that send out mail is listed on several spam runtime blocking lists.  See:

http://www.topwebhosts.org/tools/dnsbl.php?query=206.111.47.230&submit=Query

If comcast's checking them, this may be the reason for the delivery failure, although the message doesn't really suggest that. It's worth a check.
0
 
RISYMIKEAuthor Commented:
This is a good idea,
Sometimes I receive a spam Email from myself with the correct email address.
Would you have any suggestions what action I could take to solve the issue with the spam and get unlisted from those sites?

Thanks

Mike
0
 
Hugh FraserConsultantCommented:
BTW, spam email frm yourself doesn't mean you're sending it. Email addresses are harvested by spammers and spam software, and used as the source address of email (spam's a one-way message... they don't want a reply). If you look at the headers of a spam message, you will see the true source of the message. Often, it's just a PC on someones desk that's part of a botnet, so there's not a lot you can do. But you can define some simple rules on a mail gateway, like refusing any inbound mail that's from an internal email domain.
0
 
RISYMIKEAuthor Commented:
We have to do our work now and test our system
0
 
RISYMIKEAuthor Commented:
Hello,

I visited the websites and the IP 206.111.47.230 as our domain  67.33.37.253 is not listed

206.111.47.230.ptr.us.xo.net(206.111.47.230)
JIPPG's Relay Blackhole List Project (shortrbl)....Not Listed
JIPPG's Relay Blackhole List Project(abuse)....Not Listed
dr. Jrgen Mash's DNSbnl no-more-funn....Not Listed
easynet.nl Proxies/Blackholes Explanation....Not Listed
cbl.abuseat.org....Not Listed
dnsbl.delink.net....Not Listed
spam.wytnij.to....Not Listed
spamguard.leadmon.net....Not Listed
Distributed Sender Boycott List....Not Listed
/dev/null.dk/....Not Listed
blackholes.intersil.net....Not Listed
blackholes.five-ten-sg.com....Not Listed
Leadmon.Net's SpamGuard Listings....Not Listed
Wirehub Internet DNSBL....Not Listed
Domain Name System Real-time Black List(DNSRBL)....Not Listed

I think this is not the right way.

I was reading about some issues with the reverse lookup on an IP address.
But I have know idea if this would go any were.
0
 
RISYMIKEAuthor Commented:
I think 206.111.47.230 is our Singapore office.
Our external address from our US office is 67.33.37.253 which is also not listed as spam
0
 
Hugh FraserConsultantCommented:
The mail message came from 206.111.47.230. If the site receiving it (rima-system.net) used one of the RBL, it might have refused the message.

Received:  from SGS5310.rimasystem.com ([206.111.47.230]) by rima-system.net with Microsoft SMTPSVC(6.0.3790.3959); Tue, 29 Apr 2008 18:32:55 -0400
Received:  from win2kexc.rimasystem.com by SGS5310.rimasystem.com          via smtpd (for adsl-067-033-037-253.sip.asm.bellsouth.net [67.33.37.253]) with ESMTP; Tue, 29 Apr 2008 16:29:36 -0700

If you think this isn't correct, there may some wierdness in your email routing. But it definitely came form this address.
0
 
RISYMIKEAuthor Commented:
Thanks I will some more home work about the routing.

Mike
0
 
RISYMIKEAuthor Commented:
This a Test mail which I sent on Friday

Microsoft Mail Internet Headers Version 2.0
From: postmaster@rima-system.net
To: m.volbeding@rima-system.net
Date: Sun, 16 Nov 2008 15:13:38 -0500
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
      boundary="9B095B5ADSN=_01C92F126C9724B20000115Arima?system.net"
X-DSNContext: 7ce717b1 - 1391 - 00000002 - C00402D1
Message-ID: <GTuAyHsjC00000010@rima-system.net>
Subject: Delivery Status Notification (Failure)

--9B095B5ADSN=_01C92F126C9724B20000115Arima?system.net
Content-Type: text/plain; charset=unicode-1-1-utf-7

--9B095B5ADSN=_01C92F126C9724B20000115Arima?system.net
Content-Type: message/delivery-status

--9B095B5ADSN=_01C92F126C9724B20000115Arima?system.net
Content-Type: message/rfc822

Content-class: urn:content-classes:message
Subject: test mail
MIME-Version: 1.0
Content-Type: multipart/alternative;
      boundary="----_=_NextPart_001_01C94695.1F49ADC6"
Date: Fri, 14 Nov 2008 15:11:03 -0500
x-mimeole: Produced By Microsoft Exchange V6.5
Message-ID: <DBC1098A0982E745B5E28CF323AE3A25250113@rsa-server>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: test mail
Thread-Index: AclGlR6w9kZZZ7rvQXC8XKIT2M5gxw==
From: "Mike Volbeding" <m.volbeding@rima-system.net>
To: <mmrpenrose@comcast.net>

------_=_NextPart_001_01C94695.1F49ADC6
Content-Type: text/plain;
      charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

------_=_NextPart_001_01C94695.1F49ADC6
Content-Type: text/html;
      charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


------_=_NextPart_001_01C94695.1F49ADC6--

--9B095B5ADSN=_01C92F126C9724B20000115Arima?system.net--
0
 
Hugh FraserConsultantCommented:
The definitive way to tell if this is an RBL issue is to check the mail logs on rima-system.net. It's MX record points to mail.rima-system.net (67.33.37.253).
0
All Courses

From novice to tech pro — start learning today.