Issues with recipients to receive our Emails

We are using a SBS 2003 with a Microsoft Exchange server.
In front we have a Sonic Fire Wall TZ 170SP.
We are experiencing issues with Comcast customers to receive our emails.
I called Comcast and our carrier ATT and both sites are telling me that they dont block our Emails.
I dont know were to start to look for issues. All other non Comcast customers ~4000 have no issues with receiving our mails.

&@comcast.net on 11.06.2008 12:31
            Could not deliver the message in the time limit specified.  Please retry or contact your administrator.
            <rima-system.net #4.4.7>

Would you have any guide lines?
RISYMIKEAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hugh FraserConsultantCommented:
Is it all Comcast subscribers, or just some? Is it a reproducible problem?

The error sounds like a connectivity issue. Can you include a full message header of a returned message so we can see the hops. This my provide a clue as to how far the message gets.
0
RISYMIKEAuthor Commented:
Hello,

It would be any Comcast subscriber and you can duplicate the error any time.

Microsoft Mail Internet Headers Version 2.0
From: postmaster@rima-system.net
To: M.Legac@rima-system.net
Date: Wed, 11 Jun 2008 12:30:43 -0400
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
      boundary="9B095B5ADSN=_01C8BB7821935B8500000D7Drima?system.net"
X-DSNContext: 7ce717b1 - 1391 - 00000002 - C00402D1
Message-ID: <mrvoGdKO80000007a@rima-system.net>
Subject: Delivery Status Notification (Failure)

--9B095B5ADSN=_01C8BB7821935B8500000D7Drima?system.net
Content-Type: text/plain; charset=unicode-1-1-utf-7

--9B095B5ADSN=_01C8BB7821935B8500000D7Drima?system.net
Content-Type: message/delivery-status

--9B095B5ADSN=_01C8BB7821935B8500000D7Drima?system.net
Content-Type: message/rfc822

Content-class: urn:content-classes:message
Subject: RE: Group Health Insurance for Florida
MIME-Version: 1.0
Content-Type: multipart/mixed;
      boundary="----_=_NextPart_001_01C8CA4B.F2620F89"
Date: Mon, 9 Jun 2008 12:14:51 -0400
Message-ID: <DBC1098A0982E745B5E28CF323AE3A251EB161@rsa-server>
X-MimeOLE: Produced By Microsoft Exchange V6.5
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Thread-Topic: Group Health Insurance for Florida
Thread-Index: AcjCgQDsaKkTmyh4QniPosEkERzdQQFj7CdAAIoa2AA=
References: <354CD5F2974D794481B9F8E3BCE82EC5E78636@win2kexc.rimasystem.com>
From: "Mark Legac" <M.Legac@rima-system.net>
To: "Thao Tran" <ttran@rimasystem.com>
Cc: <mmrpenrose@comcast.net>

------_=_NextPart_001_01C8CA4B.F2620F89
Content-Type: text/plain;
      charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

------_=_NextPart_001_01C8CA4B.F2620F89
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit

Received:  from SGS5310.rimasystem.com ([206.111.47.230]) by rima-system.net with Microsoft SMTPSVC(6.0.3790.3959); Tue, 29 Apr 2008 18:32:55 -0400
Received:  from win2kexc.rimasystem.com by SGS5310.rimasystem.com          via smtpd (for adsl-067-033-037-253.sip.asm.bellsouth.net [67.33.37.253]) with ESMTP; Tue, 29 Apr 2008 16:29:36 -0700
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
      charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: FW: FW: Mark Legac's group health insurance
Date: Tue, 29 Apr 2008 18:32:35 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Message-ID: <354CD5F2974D794481B9F8E3BCE82EC591C4E4@win2kexc.rimasystem.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: FW: FW: Mark Legac's group health insurance
Thread-Index: AcipXLOPZD5UUMaQRHG8QcTsqU6OIgA66NTg
X-Priority: 1
Priority: Urgent
Importance: high
From: "Thao Tran" <ttran@rimasystem.com>
To: <mmrpenrose@comcast.net>
Cc: "Mark Legac" <M.Legac@rima-system.net>


------_=_NextPart_001_01C8CA4B.F2620F89--

--9B095B5ADSN=_01C8BB7821935B8500000D7Drima?system.net--
0
Hugh FraserConsultantCommented:
The address for rimasystem.com (206.111.47.230) that send out mail is listed on several spam runtime blocking lists.  See:

http://www.topwebhosts.org/tools/dnsbl.php?query=206.111.47.230&submit=Query

If comcast's checking them, this may be the reason for the delivery failure, although the message doesn't really suggest that. It's worth a check.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

RISYMIKEAuthor Commented:
This is a good idea,
Sometimes I receive a spam Email from myself with the correct email address.
Would you have any suggestions what action I could take to solve the issue with the spam and get unlisted from those sites?

Thanks

Mike
0
Hugh FraserConsultantCommented:
You can be listed because you're a source of the spam or a relay. The rbl sites will tell you why, and often have test pages that will check the current status of your site.

The solution is to correct the problem. Some sites will need to be notified to have you re-try, while other will detect it themselves.

Ultimately, you will need to identify the source of the problem. Check mail server and firewall logs to see if you have a spam source within your organization. if needed, put a traffic monitoring tool like ntop outside your firewall so that you can see network traffic. If it turns out you are creating spam, do the standard steps. AV, anti-spam, and rootkit tests on all your machines.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Hugh FraserConsultantCommented:
BTW, spam email frm yourself doesn't mean you're sending it. Email addresses are harvested by spammers and spam software, and used as the source address of email (spam's a one-way message... they don't want a reply). If you look at the headers of a spam message, you will see the true source of the message. Often, it's just a PC on someones desk that's part of a botnet, so there's not a lot you can do. But you can define some simple rules on a mail gateway, like refusing any inbound mail that's from an internal email domain.
0
RISYMIKEAuthor Commented:
We have to do our work now and test our system
0
RISYMIKEAuthor Commented:
Hello,

I visited the websites and the IP 206.111.47.230 as our domain  67.33.37.253 is not listed

206.111.47.230.ptr.us.xo.net(206.111.47.230)
JIPPG's Relay Blackhole List Project (shortrbl)....Not Listed
JIPPG's Relay Blackhole List Project(abuse)....Not Listed
dr. Jrgen Mash's DNSbnl no-more-funn....Not Listed
easynet.nl Proxies/Blackholes Explanation....Not Listed
cbl.abuseat.org....Not Listed
dnsbl.delink.net....Not Listed
spam.wytnij.to....Not Listed
spamguard.leadmon.net....Not Listed
Distributed Sender Boycott List....Not Listed
/dev/null.dk/....Not Listed
blackholes.intersil.net....Not Listed
blackholes.five-ten-sg.com....Not Listed
Leadmon.Net's SpamGuard Listings....Not Listed
Wirehub Internet DNSBL....Not Listed
Domain Name System Real-time Black List(DNSRBL)....Not Listed

I think this is not the right way.

I was reading about some issues with the reverse lookup on an IP address.
But I have know idea if this would go any were.
0
RISYMIKEAuthor Commented:
I think 206.111.47.230 is our Singapore office.
Our external address from our US office is 67.33.37.253 which is also not listed as spam
0
Hugh FraserConsultantCommented:
The mail message came from 206.111.47.230. If the site receiving it (rima-system.net) used one of the RBL, it might have refused the message.

Received:  from SGS5310.rimasystem.com ([206.111.47.230]) by rima-system.net with Microsoft SMTPSVC(6.0.3790.3959); Tue, 29 Apr 2008 18:32:55 -0400
Received:  from win2kexc.rimasystem.com by SGS5310.rimasystem.com          via smtpd (for adsl-067-033-037-253.sip.asm.bellsouth.net [67.33.37.253]) with ESMTP; Tue, 29 Apr 2008 16:29:36 -0700

If you think this isn't correct, there may some wierdness in your email routing. But it definitely came form this address.
0
RISYMIKEAuthor Commented:
Thanks I will some more home work about the routing.

Mike
0
RISYMIKEAuthor Commented:
This a Test mail which I sent on Friday

Microsoft Mail Internet Headers Version 2.0
From: postmaster@rima-system.net
To: m.volbeding@rima-system.net
Date: Sun, 16 Nov 2008 15:13:38 -0500
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
      boundary="9B095B5ADSN=_01C92F126C9724B20000115Arima?system.net"
X-DSNContext: 7ce717b1 - 1391 - 00000002 - C00402D1
Message-ID: <GTuAyHsjC00000010@rima-system.net>
Subject: Delivery Status Notification (Failure)

--9B095B5ADSN=_01C92F126C9724B20000115Arima?system.net
Content-Type: text/plain; charset=unicode-1-1-utf-7

--9B095B5ADSN=_01C92F126C9724B20000115Arima?system.net
Content-Type: message/delivery-status

--9B095B5ADSN=_01C92F126C9724B20000115Arima?system.net
Content-Type: message/rfc822

Content-class: urn:content-classes:message
Subject: test mail
MIME-Version: 1.0
Content-Type: multipart/alternative;
      boundary="----_=_NextPart_001_01C94695.1F49ADC6"
Date: Fri, 14 Nov 2008 15:11:03 -0500
x-mimeole: Produced By Microsoft Exchange V6.5
Message-ID: <DBC1098A0982E745B5E28CF323AE3A25250113@rsa-server>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: test mail
Thread-Index: AclGlR6w9kZZZ7rvQXC8XKIT2M5gxw==
From: "Mike Volbeding" <m.volbeding@rima-system.net>
To: <mmrpenrose@comcast.net>

------_=_NextPart_001_01C94695.1F49ADC6
Content-Type: text/plain;
      charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

------_=_NextPart_001_01C94695.1F49ADC6
Content-Type: text/html;
      charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


------_=_NextPart_001_01C94695.1F49ADC6--

--9B095B5ADSN=_01C92F126C9724B20000115Arima?system.net--
0
Hugh FraserConsultantCommented:
The definitive way to tell if this is an RBL issue is to check the mail logs on rima-system.net. It's MX record points to mail.rima-system.net (67.33.37.253).
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.