Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5447
  • Last Modified:

Some email is being delayed then returned

My domain cannot send email to yahoo.com addresses.  Same for ymail.com.  It is delayed and later rejected.  I also get immediate returns from wv.usda.gov and us.schindler.com.  I have attached the respective error messages.  You can tell which is which by the domains.  I have checked my domain name and IP in lots of rbl's and dnsbl.  Everything comes back fine.  I emailed yahoo's postmaster but don't expect a response soon.  Email is relayed from my exchange 2003 box through my barracuda networks spam firewall 300.
The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < spam.marchwestin.com #4.0.0 X-Spam-Firewall; connect to d.mx.mail.yahoo.com[66.196.82.7]:    server refused mail service>
 
 
The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < spam.marchwestin.com #5.0.0 X-Spam-Firewall; host secmf01.schindler.com[12.31.12.91] said:    550 Error: content rejected (in reply to end of DATA command)>
 
 
 
The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < spam.marchwestin.com #5.0.0 X-Spam-Firewall; host    kcc-mail-edge1.fsc.usda.gov[165.221.105.70] said: 550 Denied by policy. (in    reply to end of DATA command)>

Open in new window

0
waterskiwv
Asked:
waterskiwv
  • 6
  • 6
  • 2
2 Solutions
 
AkhaterCommented:
2 questions

1) can your ip be black/grey listed

2) do you have a PTR record pointing the the IP you are sending emails from ?

0
 
Hypercat (Deb)Commented:
These could be caused by the fact that you domain does not have a PTR (rDNS) record in your public DNS zone.  This is particularly true based on the fact that yahoo.com and the usgov email servers are rejecting your mail, since they are definitely going to be checking for a PTR record as an anti-spam measure.  Contact your ISP, or log on to the control panel for your public DNS hosting company if you can, and add a PTR record for your mail server's IP address, pointing back to the actual host name of that server.  The host name MUST match the host name as shown in the email header that shows on each email you send out.
0
 
waterskiwvAuthor Commented:
IP is not black or grey listed.
There are ptr records for both my mail server and spam filter.  
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
AkhaterCommented:
Well if you are unable to send to Yahoo and AOL chances are it is because you don't have a PTR record

Some mail servers will check for a PTR record for the IP trying to send email to prevent spam.

Assuming you are sending from IP1 you will need to

create an A record pointing, say, smtp-out.yourcompany.com to IP1

and then a PTR record poitning

IP1 to smtp-out.yourcompany.com

hope it helps
0
 
Hypercat (Deb)Commented:
@waterskiwv - then your domain name is not marchwestin.com?  Because the email server for that domain does not have a public PTR record.  I made an assumption about that domain name, so if it isn't yours, I apologize.  Unless you have control of your public DNS zone, there's no way for you to be sure that there is a valid PTR record without doing an nslookup on it.  Even if you at one time had one, it could have been mistakenly removed - I've had this happen with some ISP's.  So, I recommend double-checking it even if you think it's already there, as this is the most common cause of the behavior you are seeing.
0
 
Hypercat (Deb)Commented:
OK - I did another lookup on marchwestin.com just now and it did show a PTR record.  I'm wondering if it's something that's intermittent - depending upon which of your ISP's DNS servers responds, because the lookup I did yesterday definitely showed that there was no PTR found.
0
 
Hypercat (Deb)Commented:
Or, is it possible that some of your mail is being sent with a different header?
0
 
waterskiwvAuthor Commented:
I called ISP yesterday and they verified that there was a PTR record.  Below is source info from my barracuda after attempting to send another email to yahoo this morning...  Does the Message-ID have anything to do with it?  That is the internal server address that shows externally as exchange.marchwestin.com.  
 
X-ASG-Debug-ID: 1238597373-01bd00a00000-tu7sTC
X-Barracuda-URL: http://spam.marchwestin.com:8000/cgi-bin/mark.cgi
X-Barracuda-Orig-Rcpt: emothedog@yahoo.com
Received: from exchange.marchwestin.com (localhost [127.0.0.1])
by spam.marchwestin.com (Spam Firewall) with ESMTP id C62104FE2AB
for <emothedog@yahoo.com>; Wed,  1 Apr 2009 10:49:33 -0400 (EDT)
Received: from exchange.marchwestin.com (exchange.marchwestin.com [69.43.35.20]) by spam.marchwestin.com with ESMTP id 056ir2JEiJIiu3fm for <emothedog@yahoo.com>; Wed, 01 Apr 2009 10:49:33 -0400 (EDT)
X-Barracuda-Envelope-From: tsmith@marchwestin.com
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C9B2D8.F579D378"
X-ASG-Orig-Subj: test from tom at march westin
Subject: test from tom at march westin
Date: Wed, 1 Apr 2009 10:49:02 -0400
Message-ID: <8ABF7EF92F458A43954436F029F126BD01C693B8@mail.domain.marchwestin.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: test from tom at march westin
Thread-Index: Acmy2P+yP+I4iqFQQPaGq0/aDbSg/w==
From: "Tom Smith" <tsmith@marchwestin.com>
To: <emothedog@yahoo.com>
X-Barracuda-Connect: exchange.marchwestin.com[69.43.35.20]
X-Barracuda-Start-Time: 1238597373
X-Barracuda-Virus-Scanned: by Barracuda Spam Firewall at marchwestin.com

 
0
 
waterskiwvAuthor Commented:
Mail header shows "marchwestin.com" and not "exchange.marchwestin.com" or "spam.marchwestin.com".  
Here is a copy/paste of a mail header received by gmail.

fromTom Smith <tsmith@marchwestin.com>
to genericemail@gmail.com
date Fri, Mar 6, 2009 at 4:37 PM
subject check header
mailed-by marchwestin.com
0
 
Hypercat (Deb)Commented:
Can you please check the complete mail header?  The best way to do this would be if you have an external email address - send yourself an email from your internal address to the external address.  Then when you receive the email, look at the header by right-clicking on the message and going to Message Options in Outlook or if you're using Outlook Express, I think you have to go to the properties of the message.  Anyway, what you need to see is the "received from" line in the header that looks something like this:
Received: from [sendingemailserver].com ([sending IP address]) by receivingemailserver.com with Microsoft SMTPSVC(6.0.3790.3959);
The [sendingemailserver].com in your case needs to be "spam.marchwestin.com" in order for the PTR to resolve correctly.

 
0
 
waterskiwvAuthor Commented:
The sending mail server is "marchwestin.com".  You think that should be spam.marchwestin.com?  In my comment above you see the header from gmail.  I'll try and get a header from someone that uses Outlook or OE and post.  Thanks.
 
0
 
waterskiwvAuthor Commented:
From groupwise...

Return-path: <tsmith@marchwestin.com>
Received: from mx15.wvu.edu ([157.182.232.227])
      by WVUGW14.wvu.edu with ESMTP; Wed, 01 Apr 2009 14:24:42 -0400
Received: from mx15.wvu.edu (localhost [127.0.0.1])
      by localhost (Postfix) with SMTP id DB50724CD
      for <nicholas.mick@mail.wvu.edu>; Wed,  1 Apr 2009 14:24:42 -0400 (EDT)
Received: from spam.marchwestin.com (spam.marchwestin.com [69.43.35.21])
      by mx15.wvu.edu (Postfix) with ESMTP id E109424DD
      for <nicholas.mick@mail.wvu.edu>; Wed,  1 Apr 2009 14:24:18 -0400 (EDT)
X-ASG-Debug-ID: 1238610151-73dd00380000-pQBxhk
X-Barracuda-URL: http://spam.marchwestin.com:8000/cgi-bin/mark.cgi 
Received: from exchange.marchwestin.com (localhost [127.0.0.1])
      by spam.marchwestin.com (Spam Firewall) with ESMTP id 428B733DA25
      for <nicholas.mick@mail.wvu.edu>; Wed,  1 Apr 2009 14:22:31 -0400 (EDT)
Received: from exchange.marchwestin.com (exchange.marchwestin.com [69.43.35.20]) by spam.marchwestin.com with ESMTP id t7PHwADHQGkFwpi5 for <nicholas.mick@mail.wvu.edu>; Wed, 01 Apr 2009 14:22:31 -0400 (EDT)
X-Barracuda-Envelope-From: tsmith@marchwestin.com
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed;
      boundary="----_=_NextPart_001_01C9B2F6.B520C170"
X-ASG-Orig-Subj: copy and send me back the header info from this email.
Subject: copy and send me back the header info from this email.
Date: Wed, 1 Apr 2009 14:21:54 -0400
Message-ID: <8ABF7EF92F458A43954436F029F126BD01C694A0@mw-mail.mwwv.marchwestin.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator: <8ABF7EF92F458A43954436F029F126BD01C694A0@mw-mail.mwwv.marchwestin.com>
Thread-Topic: copy and send me back the header info from this email.
Thread-Index: Acmy9rvgq2Bjik9KTmiiJzsMeWTFIQ==
From: "Tom Smith" <tsmith@marchwestin.com>
To: <nicholas.mick@mail.wvu.edu>
X-Barracuda-Connect: exchange.marchwestin.com[69.43.35.20]
X-Barracuda-Start-Time: 1238610151
X-Barracuda-Virus-Scanned: by Barracuda Spam Firewall at marchwestin.com
X-PMX-Version: 5.5.0.356843, Antispam-Engine: 2.6.1.350677, Antispam-Data: 2009.4.1.180423
X-WVU-PMX-SCORE: Gauge=IIIIIII, Probability=8%, Report='BODY_SIZE_6000_6999 0, BODY_SIZE_7000_LESS 0, TO_NO_NAME 0, __CT 0, __CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0, __CTYPE_MULTIPART_MIXED 0, __HAS_MSGID 0, __IMS_MSGID 0, __MIME_VERSION 0, __SANE_MSGID 0'
 
This is a multi-part message in MIME format.
0
 
Hypercat (Deb)Commented:
<<Received: from spam.marchwestin.com (spam.marchwestin.com [69.43.35.21]) by mx15.wvu.edu (Postfix) with ESMTP id E109424DD >>
Ignoring the bouncing around within the wvu.edu domain, this indicates that your header does advertise the email as coming from spam.marchwestin.com at that IP address.  So, it would seem that your PTR record is correct and this shouldn't be causing any problems. Unless, as I mentioned above, there is some problem with the DNS servers where occasionally they don't respond promptly with the correct PTR information.  Is there any way you can determine whether the problem domains ALWAYS return your marchwestin.com emails or only sometimes?
One thing of note is that in the log of the rejection from the schindler.com domain, it refers to a rejection of the content of the email.  This could be a spam content filter that found something in the text of the email that caused it to be rejected.  That would certainly be beyond your control.
0
 
waterskiwvAuthor Commented:
It appears that about half of all messages have started getting through to Yahoo as of 1 or 2 AM today.  I still haven't found anything wrong on my end of things and haven't received any response since giving more information to the Yahoo postmasters the evening of the 31st.  I'll go ahead and award pts and if I ever find out what the problem or solution was I'll add another comment.
Thanks.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 6
  • 6
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now