Some email is being delayed then returned

My domain cannot send email to yahoo.com addresses.  Same for ymail.com.  It is delayed and later rejected.  I also get immediate returns from wv.usda.gov and us.schindler.com.  I have attached the respective error messages.  You can tell which is which by the domains.  I have checked my domain name and IP in lots of rbl's and dnsbl.  Everything comes back fine.  I emailed yahoo's postmaster but don't expect a response soon.  Email is relayed from my exchange 2003 box through my barracuda networks spam firewall 300.
The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < spam.marchwestin.com #4.0.0 X-Spam-Firewall; connect to d.mx.mail.yahoo.com[66.196.82.7]:    server refused mail service>
 
 
The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < spam.marchwestin.com #5.0.0 X-Spam-Firewall; host secmf01.schindler.com[12.31.12.91] said:    550 Error: content rejected (in reply to end of DATA command)>
 
 
 
The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < spam.marchwestin.com #5.0.0 X-Spam-Firewall; host    kcc-mail-edge1.fsc.usda.gov[165.221.105.70] said: 550 Denied by policy. (in    reply to end of DATA command)>

Open in new window

waterskiwvAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Hypercat (Deb)Connect With a Mentor Commented:
<<Received: from spam.marchwestin.com (spam.marchwestin.com [69.43.35.21]) by mx15.wvu.edu (Postfix) with ESMTP id E109424DD >>
Ignoring the bouncing around within the wvu.edu domain, this indicates that your header does advertise the email as coming from spam.marchwestin.com at that IP address.  So, it would seem that your PTR record is correct and this shouldn't be causing any problems. Unless, as I mentioned above, there is some problem with the DNS servers where occasionally they don't respond promptly with the correct PTR information.  Is there any way you can determine whether the problem domains ALWAYS return your marchwestin.com emails or only sometimes?
One thing of note is that in the log of the rejection from the schindler.com domain, it refers to a rejection of the content of the email.  This could be a spam content filter that found something in the text of the email that caused it to be rejected.  That would certainly be beyond your control.
0
 
AkhaterConnect With a Mentor Commented:
2 questions

1) can your ip be black/grey listed

2) do you have a PTR record pointing the the IP you are sending emails from ?

0
 
Hypercat (Deb)Commented:
These could be caused by the fact that you domain does not have a PTR (rDNS) record in your public DNS zone.  This is particularly true based on the fact that yahoo.com and the usgov email servers are rejecting your mail, since they are definitely going to be checking for a PTR record as an anti-spam measure.  Contact your ISP, or log on to the control panel for your public DNS hosting company if you can, and add a PTR record for your mail server's IP address, pointing back to the actual host name of that server.  The host name MUST match the host name as shown in the email header that shows on each email you send out.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
waterskiwvAuthor Commented:
IP is not black or grey listed.
There are ptr records for both my mail server and spam filter.  
0
 
AkhaterCommented:
Well if you are unable to send to Yahoo and AOL chances are it is because you don't have a PTR record

Some mail servers will check for a PTR record for the IP trying to send email to prevent spam.

Assuming you are sending from IP1 you will need to

create an A record pointing, say, smtp-out.yourcompany.com to IP1

and then a PTR record poitning

IP1 to smtp-out.yourcompany.com

hope it helps
0
 
Hypercat (Deb)Commented:
@waterskiwv - then your domain name is not marchwestin.com?  Because the email server for that domain does not have a public PTR record.  I made an assumption about that domain name, so if it isn't yours, I apologize.  Unless you have control of your public DNS zone, there's no way for you to be sure that there is a valid PTR record without doing an nslookup on it.  Even if you at one time had one, it could have been mistakenly removed - I've had this happen with some ISP's.  So, I recommend double-checking it even if you think it's already there, as this is the most common cause of the behavior you are seeing.
0
 
Hypercat (Deb)Commented:
OK - I did another lookup on marchwestin.com just now and it did show a PTR record.  I'm wondering if it's something that's intermittent - depending upon which of your ISP's DNS servers responds, because the lookup I did yesterday definitely showed that there was no PTR found.
0
 
Hypercat (Deb)Commented:
Or, is it possible that some of your mail is being sent with a different header?
0
 
waterskiwvAuthor Commented:
I called ISP yesterday and they verified that there was a PTR record.  Below is source info from my barracuda after attempting to send another email to yahoo this morning...  Does the Message-ID have anything to do with it?  That is the internal server address that shows externally as exchange.marchwestin.com.  
 
X-ASG-Debug-ID: 1238597373-01bd00a00000-tu7sTC
X-Barracuda-URL: http://spam.marchwestin.com:8000/cgi-bin/mark.cgi
X-Barracuda-Orig-Rcpt: emothedog@yahoo.com
Received: from exchange.marchwestin.com (localhost [127.0.0.1])
by spam.marchwestin.com (Spam Firewall) with ESMTP id C62104FE2AB
for <emothedog@yahoo.com>; Wed,  1 Apr 2009 10:49:33 -0400 (EDT)
Received: from exchange.marchwestin.com (exchange.marchwestin.com [69.43.35.20]) by spam.marchwestin.com with ESMTP id 056ir2JEiJIiu3fm for <emothedog@yahoo.com>; Wed, 01 Apr 2009 10:49:33 -0400 (EDT)
X-Barracuda-Envelope-From: tsmith@marchwestin.com
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C9B2D8.F579D378"
X-ASG-Orig-Subj: test from tom at march westin
Subject: test from tom at march westin
Date: Wed, 1 Apr 2009 10:49:02 -0400
Message-ID: <8ABF7EF92F458A43954436F029F126BD01C693B8@mail.domain.marchwestin.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: test from tom at march westin
Thread-Index: Acmy2P+yP+I4iqFQQPaGq0/aDbSg/w==
From: "Tom Smith" <tsmith@marchwestin.com>
To: <emothedog@yahoo.com>
X-Barracuda-Connect: exchange.marchwestin.com[69.43.35.20]
X-Barracuda-Start-Time: 1238597373
X-Barracuda-Virus-Scanned: by Barracuda Spam Firewall at marchwestin.com

 
0
 
waterskiwvAuthor Commented:
Mail header shows "marchwestin.com" and not "exchange.marchwestin.com" or "spam.marchwestin.com".  
Here is a copy/paste of a mail header received by gmail.

fromTom Smith <tsmith@marchwestin.com>
to genericemail@gmail.com
date Fri, Mar 6, 2009 at 4:37 PM
subject check header
mailed-by marchwestin.com
0
 
Hypercat (Deb)Commented:
Can you please check the complete mail header?  The best way to do this would be if you have an external email address - send yourself an email from your internal address to the external address.  Then when you receive the email, look at the header by right-clicking on the message and going to Message Options in Outlook or if you're using Outlook Express, I think you have to go to the properties of the message.  Anyway, what you need to see is the "received from" line in the header that looks something like this:
Received: from [sendingemailserver].com ([sending IP address]) by receivingemailserver.com with Microsoft SMTPSVC(6.0.3790.3959);
The [sendingemailserver].com in your case needs to be "spam.marchwestin.com" in order for the PTR to resolve correctly.

 
0
 
waterskiwvAuthor Commented:
The sending mail server is "marchwestin.com".  You think that should be spam.marchwestin.com?  In my comment above you see the header from gmail.  I'll try and get a header from someone that uses Outlook or OE and post.  Thanks.
 
0
 
waterskiwvAuthor Commented:
From groupwise...

Return-path: <tsmith@marchwestin.com>
Received: from mx15.wvu.edu ([157.182.232.227])
      by WVUGW14.wvu.edu with ESMTP; Wed, 01 Apr 2009 14:24:42 -0400
Received: from mx15.wvu.edu (localhost [127.0.0.1])
      by localhost (Postfix) with SMTP id DB50724CD
      for <nicholas.mick@mail.wvu.edu>; Wed,  1 Apr 2009 14:24:42 -0400 (EDT)
Received: from spam.marchwestin.com (spam.marchwestin.com [69.43.35.21])
      by mx15.wvu.edu (Postfix) with ESMTP id E109424DD
      for <nicholas.mick@mail.wvu.edu>; Wed,  1 Apr 2009 14:24:18 -0400 (EDT)
X-ASG-Debug-ID: 1238610151-73dd00380000-pQBxhk
X-Barracuda-URL: http://spam.marchwestin.com:8000/cgi-bin/mark.cgi 
Received: from exchange.marchwestin.com (localhost [127.0.0.1])
      by spam.marchwestin.com (Spam Firewall) with ESMTP id 428B733DA25
      for <nicholas.mick@mail.wvu.edu>; Wed,  1 Apr 2009 14:22:31 -0400 (EDT)
Received: from exchange.marchwestin.com (exchange.marchwestin.com [69.43.35.20]) by spam.marchwestin.com with ESMTP id t7PHwADHQGkFwpi5 for <nicholas.mick@mail.wvu.edu>; Wed, 01 Apr 2009 14:22:31 -0400 (EDT)
X-Barracuda-Envelope-From: tsmith@marchwestin.com
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed;
      boundary="----_=_NextPart_001_01C9B2F6.B520C170"
X-ASG-Orig-Subj: copy and send me back the header info from this email.
Subject: copy and send me back the header info from this email.
Date: Wed, 1 Apr 2009 14:21:54 -0400
Message-ID: <8ABF7EF92F458A43954436F029F126BD01C694A0@mw-mail.mwwv.marchwestin.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator: <8ABF7EF92F458A43954436F029F126BD01C694A0@mw-mail.mwwv.marchwestin.com>
Thread-Topic: copy and send me back the header info from this email.
Thread-Index: Acmy9rvgq2Bjik9KTmiiJzsMeWTFIQ==
From: "Tom Smith" <tsmith@marchwestin.com>
To: <nicholas.mick@mail.wvu.edu>
X-Barracuda-Connect: exchange.marchwestin.com[69.43.35.20]
X-Barracuda-Start-Time: 1238610151
X-Barracuda-Virus-Scanned: by Barracuda Spam Firewall at marchwestin.com
X-PMX-Version: 5.5.0.356843, Antispam-Engine: 2.6.1.350677, Antispam-Data: 2009.4.1.180423
X-WVU-PMX-SCORE: Gauge=IIIIIII, Probability=8%, Report='BODY_SIZE_6000_6999 0, BODY_SIZE_7000_LESS 0, TO_NO_NAME 0, __CT 0, __CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0, __CTYPE_MULTIPART_MIXED 0, __HAS_MSGID 0, __IMS_MSGID 0, __MIME_VERSION 0, __SANE_MSGID 0'
 
This is a multi-part message in MIME format.
0
 
waterskiwvAuthor Commented:
It appears that about half of all messages have started getting through to Yahoo as of 1 or 2 AM today.  I still haven't found anything wrong on my end of things and haven't received any response since giving more information to the Yahoo postmasters the evening of the 31st.  I'll go ahead and award pts and if I ever find out what the problem or solution was I'll add another comment.
Thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.