Solved

Some email is being delayed then returned

Posted on 2009-03-31
14
5,058 Views
Last Modified: 2012-05-06
My domain cannot send email to yahoo.com addresses.  Same for ymail.com.  It is delayed and later rejected.  I also get immediate returns from wv.usda.gov and us.schindler.com.  I have attached the respective error messages.  You can tell which is which by the domains.  I have checked my domain name and IP in lots of rbl's and dnsbl.  Everything comes back fine.  I emailed yahoo's postmaster but don't expect a response soon.  Email is relayed from my exchange 2003 box through my barracuda networks spam firewall 300.
The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < spam.marchwestin.com #4.0.0 X-Spam-Firewall; connect to d.mx.mail.yahoo.com[66.196.82.7]:    server refused mail service>
 
 
The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < spam.marchwestin.com #5.0.0 X-Spam-Firewall; host secmf01.schindler.com[12.31.12.91] said:    550 Error: content rejected (in reply to end of DATA command)>
 
 
 
The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < spam.marchwestin.com #5.0.0 X-Spam-Firewall; host    kcc-mail-edge1.fsc.usda.gov[165.221.105.70] said: 550 Denied by policy. (in    reply to end of DATA command)>

Open in new window

0
Comment
Question by:waterskiwv
  • 6
  • 6
  • 2
14 Comments
 
LVL 49

Assisted Solution

by:Akhater
Akhater earned 50 total points
ID: 24033608
2 questions

1) can your ip be black/grey listed

2) do you have a PTR record pointing the the IP you are sending emails from ?

0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 24033623
These could be caused by the fact that you domain does not have a PTR (rDNS) record in your public DNS zone.  This is particularly true based on the fact that yahoo.com and the usgov email servers are rejecting your mail, since they are definitely going to be checking for a PTR record as an anti-spam measure.  Contact your ISP, or log on to the control panel for your public DNS hosting company if you can, and add a PTR record for your mail server's IP address, pointing back to the actual host name of that server.  The host name MUST match the host name as shown in the email header that shows on each email you send out.
0
 

Author Comment

by:waterskiwv
ID: 24033724
IP is not black or grey listed.
There are ptr records for both my mail server and spam filter.  
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 49

Expert Comment

by:Akhater
ID: 24033757
Well if you are unable to send to Yahoo and AOL chances are it is because you don't have a PTR record

Some mail servers will check for a PTR record for the IP trying to send email to prevent spam.

Assuming you are sending from IP1 you will need to

create an A record pointing, say, smtp-out.yourcompany.com to IP1

and then a PTR record poitning

IP1 to smtp-out.yourcompany.com

hope it helps
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 24039679
@waterskiwv - then your domain name is not marchwestin.com?  Because the email server for that domain does not have a public PTR record.  I made an assumption about that domain name, so if it isn't yours, I apologize.  Unless you have control of your public DNS zone, there's no way for you to be sure that there is a valid PTR record without doing an nslookup on it.  Even if you at one time had one, it could have been mistakenly removed - I've had this happen with some ISP's.  So, I recommend double-checking it even if you think it's already there, as this is the most common cause of the behavior you are seeing.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 24039708
OK - I did another lookup on marchwestin.com just now and it did show a PTR record.  I'm wondering if it's something that's intermittent - depending upon which of your ISP's DNS servers responds, because the lookup I did yesterday definitely showed that there was no PTR found.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 24039761
Or, is it possible that some of your mail is being sent with a different header?
0
 

Author Comment

by:waterskiwv
ID: 24040130
I called ISP yesterday and they verified that there was a PTR record.  Below is source info from my barracuda after attempting to send another email to yahoo this morning...  Does the Message-ID have anything to do with it?  That is the internal server address that shows externally as exchange.marchwestin.com.  
 
X-ASG-Debug-ID: 1238597373-01bd00a00000-tu7sTC
X-Barracuda-URL: http://spam.marchwestin.com:8000/cgi-bin/mark.cgi
X-Barracuda-Orig-Rcpt: emothedog@yahoo.com
Received: from exchange.marchwestin.com (localhost [127.0.0.1])
by spam.marchwestin.com (Spam Firewall) with ESMTP id C62104FE2AB
for <emothedog@yahoo.com>; Wed,  1 Apr 2009 10:49:33 -0400 (EDT)
Received: from exchange.marchwestin.com (exchange.marchwestin.com [69.43.35.20]) by spam.marchwestin.com with ESMTP id 056ir2JEiJIiu3fm for <emothedog@yahoo.com>; Wed, 01 Apr 2009 10:49:33 -0400 (EDT)
X-Barracuda-Envelope-From: tsmith@marchwestin.com
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C9B2D8.F579D378"
X-ASG-Orig-Subj: test from tom at march westin
Subject: test from tom at march westin
Date: Wed, 1 Apr 2009 10:49:02 -0400
Message-ID: <8ABF7EF92F458A43954436F029F126BD01C693B8@mail.domain.marchwestin.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: test from tom at march westin
Thread-Index: Acmy2P+yP+I4iqFQQPaGq0/aDbSg/w==
From: "Tom Smith" <tsmith@marchwestin.com>
To: <emothedog@yahoo.com>
X-Barracuda-Connect: exchange.marchwestin.com[69.43.35.20]
X-Barracuda-Start-Time: 1238597373
X-Barracuda-Virus-Scanned: by Barracuda Spam Firewall at marchwestin.com

 
0
 

Author Comment

by:waterskiwv
ID: 24040164
Mail header shows "marchwestin.com" and not "exchange.marchwestin.com" or "spam.marchwestin.com".  
Here is a copy/paste of a mail header received by gmail.

fromTom Smith <tsmith@marchwestin.com>
to genericemail@gmail.com
date Fri, Mar 6, 2009 at 4:37 PM
subject check header
mailed-by marchwestin.com
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 24040379
Can you please check the complete mail header?  The best way to do this would be if you have an external email address - send yourself an email from your internal address to the external address.  Then when you receive the email, look at the header by right-clicking on the message and going to Message Options in Outlook or if you're using Outlook Express, I think you have to go to the properties of the message.  Anyway, what you need to see is the "received from" line in the header that looks something like this:
Received: from [sendingemailserver].com ([sending IP address]) by receivingemailserver.com with Microsoft SMTPSVC(6.0.3790.3959);
The [sendingemailserver].com in your case needs to be "spam.marchwestin.com" in order for the PTR to resolve correctly.

 
0
 

Author Comment

by:waterskiwv
ID: 24041764
The sending mail server is "marchwestin.com".  You think that should be spam.marchwestin.com?  In my comment above you see the header from gmail.  I'll try and get a header from someone that uses Outlook or OE and post.  Thanks.
 
0
 

Author Comment

by:waterskiwv
ID: 24042237
From groupwise...

Return-path: <tsmith@marchwestin.com>
Received: from mx15.wvu.edu ([157.182.232.227])
      by WVUGW14.wvu.edu with ESMTP; Wed, 01 Apr 2009 14:24:42 -0400
Received: from mx15.wvu.edu (localhost [127.0.0.1])
      by localhost (Postfix) with SMTP id DB50724CD
      for <nicholas.mick@mail.wvu.edu>; Wed,  1 Apr 2009 14:24:42 -0400 (EDT)
Received: from spam.marchwestin.com (spam.marchwestin.com [69.43.35.21])
      by mx15.wvu.edu (Postfix) with ESMTP id E109424DD
      for <nicholas.mick@mail.wvu.edu>; Wed,  1 Apr 2009 14:24:18 -0400 (EDT)
X-ASG-Debug-ID: 1238610151-73dd00380000-pQBxhk
X-Barracuda-URL: http://spam.marchwestin.com:8000/cgi-bin/mark.cgi 
Received: from exchange.marchwestin.com (localhost [127.0.0.1])
      by spam.marchwestin.com (Spam Firewall) with ESMTP id 428B733DA25
      for <nicholas.mick@mail.wvu.edu>; Wed,  1 Apr 2009 14:22:31 -0400 (EDT)
Received: from exchange.marchwestin.com (exchange.marchwestin.com [69.43.35.20]) by spam.marchwestin.com with ESMTP id t7PHwADHQGkFwpi5 for <nicholas.mick@mail.wvu.edu>; Wed, 01 Apr 2009 14:22:31 -0400 (EDT)
X-Barracuda-Envelope-From: tsmith@marchwestin.com
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed;
      boundary="----_=_NextPart_001_01C9B2F6.B520C170"
X-ASG-Orig-Subj: copy and send me back the header info from this email.
Subject: copy and send me back the header info from this email.
Date: Wed, 1 Apr 2009 14:21:54 -0400
Message-ID: <8ABF7EF92F458A43954436F029F126BD01C694A0@mw-mail.mwwv.marchwestin.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator: <8ABF7EF92F458A43954436F029F126BD01C694A0@mw-mail.mwwv.marchwestin.com>
Thread-Topic: copy and send me back the header info from this email.
Thread-Index: Acmy9rvgq2Bjik9KTmiiJzsMeWTFIQ==
From: "Tom Smith" <tsmith@marchwestin.com>
To: <nicholas.mick@mail.wvu.edu>
X-Barracuda-Connect: exchange.marchwestin.com[69.43.35.20]
X-Barracuda-Start-Time: 1238610151
X-Barracuda-Virus-Scanned: by Barracuda Spam Firewall at marchwestin.com
X-PMX-Version: 5.5.0.356843, Antispam-Engine: 2.6.1.350677, Antispam-Data: 2009.4.1.180423
X-WVU-PMX-SCORE: Gauge=IIIIIII, Probability=8%, Report='BODY_SIZE_6000_6999 0, BODY_SIZE_7000_LESS 0, TO_NO_NAME 0, __CT 0, __CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0, __CTYPE_MULTIPART_MIXED 0, __HAS_MSGID 0, __IMS_MSGID 0, __MIME_VERSION 0, __SANE_MSGID 0'
 
This is a multi-part message in MIME format.
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 450 total points
ID: 24050885
<<Received: from spam.marchwestin.com (spam.marchwestin.com [69.43.35.21]) by mx15.wvu.edu (Postfix) with ESMTP id E109424DD >>
Ignoring the bouncing around within the wvu.edu domain, this indicates that your header does advertise the email as coming from spam.marchwestin.com at that IP address.  So, it would seem that your PTR record is correct and this shouldn't be causing any problems. Unless, as I mentioned above, there is some problem with the DNS servers where occasionally they don't respond promptly with the correct PTR information.  Is there any way you can determine whether the problem domains ALWAYS return your marchwestin.com emails or only sometimes?
One thing of note is that in the log of the rejection from the schindler.com domain, it refers to a rejection of the content of the email.  This could be a spam content filter that found something in the text of the email that caused it to be rejected.  That would certainly be beyond your control.
0
 

Author Comment

by:waterskiwv
ID: 24051515
It appears that about half of all messages have started getting through to Yahoo as of 1 or 2 AM today.  I still haven't found anything wrong on my end of things and haven't received any response since giving more information to the Yahoo postmasters the evening of the 31st.  I'll go ahead and award pts and if I ever find out what the problem or solution was I'll add another comment.
Thanks.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question