Solved

#550 5.7.1 Relaying denied

Posted on 2009-05-19
19
4,097 Views
Last Modified: 2012-05-07
We are on Exchange 07 our server uses the smtp connector and pop protical to send mail through our email host provider whcih in turn sends the email to the recipient. I did it this way because our IP address kept getting a poor sender rateing when we managed the mail flow our sleves. Ok anyway some of our email gets rejected by other servers and I have no idea why. Please look at the two following examples to see why we maybe blocked:

Delivery has failed to these recipients or distribution lists:

cclark@astro-interior.com
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.

The following organization rejected your message: smtp1.mailbagger.com.

  _____  

Sent by Microsoft Exchange Server 2007







Diagnostic information for administrators:

Generating server: SER0004.parrish.local

cclark@astro-interior.com
smtp1.mailbagger.com #550 5.7.1 <cclark@astro-interior.com>... Relaying denied ##

Original message headers:

Received: from SER0004.parrish.local ([fe80::101:40d6:c0de:8f24]) by
 SER0004.parrish.local ([fe80::101:40d6:c0de:8f24%10]) with mapi; Tue, 19 May
 2009 16:15:42 -0400
From: Craig Rice <crice@parrishconstruction.com>
To: "cclark@astro-interior.com" <cclark@astro-interior.com>
Date: Tue, 19 May 2009 16:15:41 -0400
Subject: test
Thread-Topic: test
Thread-Index: AcnYvpUBtd6fzzxyRqKXkxEF9nMLzw==
Message-ID: <52E161A3A051EB41AB37C2D5ACD880400C299DBDD1@SER0004.parrish.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative;
      boundary="_000_52E161A3A051EB41AB37C2D5ACD880400C299DBDD1SER0004parris_"
MIME-Version: 1.0

Delivery has failed to these recipients or distribution lists:

westonrice@gapsusa.com
A problem occurred during the delivery of this message. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message later, or provide the following diagnostic text to your system administrator.







Diagnostic information for administrators:

Generating server: d8.spamh.com

westonrice@gapsusa.com
#< #5.4.6 SMTP; 554 5.4.6 Too many hops> #SMTP#

Original message headers:

Received: from mail.gaps4cars.com (lbh-s.spamh.com [70.85.110.114])
      by d8.spamh.com (8.14.2/8.14.2) with ESMTP id n4IGhrnV008671
      for <westonrice@gapsusa.com>; Mon, 18 May 2009 12:43:53 -0400
Received: from gaps02.gapsal.local ([209.168.201.138] RDNS failed) by mail.gaps4cars.com with Microsoft SMTPSVC(6.0.3790.3959);
       Mon, 18 May 2009 09:33:51 -0700
Received: from m11.spamh.com ([209.62.48.200]) by gaps02.gapsal.local with Microsoft SMTPSVC(6.0.3790.3959);
       Mon, 18 May 2009 11:07:54 -0500
Received: from mail.gaps4cars.com (lbh-s.spamh.com [70.85.110.114])
      by m11.spamh.com (8.14.1/8.14.1) with ESMTP id n4IGMsu8011847
      for <westonrice@gapsusa.com>; Mon, 18 May 2009 12:22:54 -0400
Received: from gaps02.gapsal.local ([209.168.201.138] RDNS failed) by mail.gaps4cars.com with Microsoft SMTPSVC(6.0.3790.3959);
       Mon, 18 May 2009 09:12:51 -0700
Received: from L8.SPAMH.COM ([67.225.140.158]) by gaps02.gapsal.local with Microsoft SMTPSVC(6.0.3790.3959);
       Mon, 18 May 2009 10:46:47 -0500
Received: from mail.gaps4cars.com (lbh-s.spamh.com [70.85.110.114])
      by L8.SPAMH.COM (8.14.1/8.14.1) with ESMTP id n4IG1kW2013853
      for <westonrice@gapsusa.com>; Mon, 18 May 2009 12:01:46 -0400
Received: from gaps02.gapsal.local ([209.168.201.138] RDNS failed) by mail.gaps4cars.com with Microsoft SMTPSVC(6.0.3790.3959);
       Mon, 18 May 2009 08:51:44 -0700
Received: from L7.SPAMH.COM ([67.225.140.157]) by gaps02.gapsal.local with Microsoft SMTPSVC(6.0.3790.3959);
       Mon, 18 May 2009 10:26:37 -0500
Received: from mail.gaps4cars.com (lbz.spamh.com [174.36.1.72])
      by L7.SPAMH.COM (8.14.1/8.14.1) with ESMTP id n4IFfYxN021812
      for <westonrice@gapsusa.com>; Mon, 18 May 2009 11:41:38 -0400
Received: from gaps02.gapsal.local ([209.168.201.138] RDNS failed) by mail.gaps4cars.com with Microsoft SMTPSVC(6.0.3790.3959);
       Mon, 18 May 2009 08:31:32 -0700
Received: from a4.spamh.com ([208.43.128.148]) by gaps02.gapsal.local with Microsoft SMTPSVC(6.0.3790.3959);
       Mon, 18 May 2009 10:06:28 -0500
Received: from mail.gaps4cars.com (lbl.spamh.com [209.62.48.203])
      by a4.spamh.com (8.14.2/8.14.2) with ESMTP id n4IFLRrl002394
      for <westonrice@gapsusa.com>; Mon, 18 May 2009 11:21:27 -0400
Received: from gaps02.gapsal.local ([209.168.201.138] RDNS failed) by mail.gaps4cars.com with Microsoft SMTPSVC(6.0.3790.3959);
       Mon, 18 May 2009 08:11:26 -0700
Received: from t6.spamh.com ([72.9.231.226]) by gaps02.gapsal.local with Microsoft SMTPSVC(6.0.3790.3959);
       Mon, 18 May 2009 09:46:19 -0500
Received: from mail.gaps4cars.com (lbl.spamh.com [209.62.48.203])
      by t6.spamh.com (8.14.1/8.14.1) with ESMTP id n4IF1HMn013293
      for <westonrice@gapsusa.com>; Mon, 18 May 2009 11:01:18 -0400
Received: from gaps02.gapsal.local ([209.168.201.138] RDNS failed) by mail.gaps4cars.com with Microsoft SMTPSVC(6.0.3790.3959);
       Mon, 18 May 2009 07:50:16 -0700
Received: from a6.spamh.com ([67.228.91.94]) by gaps02.gapsal.local with Microsoft SMTPSVC(6.0.3790.3959);
       Mon, 18 May 2009 09:24:55 -0500
Received: from mail.gaps4cars.com (lbh-s.spamh.com [70.85.110.114])
      by a6.spamh.com (8.14.2/8.14.2) with ESMTP id n4IEdtpK015416
      for <westonrice@gapsusa.com>; Mon, 18 May 2009 10:39:55 -0400
Received: from gaps02.gapsal.local ([209.168.201.138] RDNS failed) by mail.gaps4cars.com with Microsoft SMTPSVC(6.0.3790.3959);
       Mon, 18 May 2009 07:39:54 -0700
Received: from d8.spamh.com ([208.43.89.138]) by gaps02.gapsal.local with Microsoft SMTPSVC(6.0.3790.3959);
       Mon, 18 May 2009 09:24:51 -0500
Received: from mail.gaps4cars.com (lbz.spamh.com [174.36.1.72])
      by d8.spamh.com (8.14.2/8.14.2) with ESMTP id n4IEdpGg029615
      for <westonrice@gapsusa.com>; Mon, 18 May 2009 10:39:52 -0400
Received: from gaps02.gapsal.local ([209.168.201.138] RDNS failed) by mail.gaps4cars.com with Microsoft SMTPSVC(6.0.3790.3959);
       Mon, 18 May 2009 07:39:51 -0700
Received: from l4.spamh.com ([72.52.237.156]) by gaps02.gapsal.local with Microsoft SMTPSVC(6.0.3790.3959);
       Mon, 18 May 2009 09:24:47 -0500
Received: from remote.parrishconstruction.com (lbo.spamh.com [67.228.158.171])
      by l4.spamh.com (8.14.1/8.14.1) with ESMTP id n4IEdkQg007785
      for <westonrice@gapsusa.com>; Mon, 18 May 2009 10:39:47 -0400
Received: from SER0004.parrish.local ([fe80::101:40d6:c0de:8f24]) by
 SER0004.parrish.local ([fe80::101:40d6:c0de:8f24%10]) with mapi; Mon, 18 May
 2009 10:33:30 -0400
From: Craig Rice <crice@parrishconstruction.com>
To: "weston.rice@gapsusa.com" <westonrice@gapsusa.com>
Date: Mon, 18 May 2009 10:33:29 -0400
Subject: This weekend
Thread-Topic: This weekend
Thread-Index: AcnXxZy/HaNAHOT7Sai8G9V5BMS3Aw==
Message-ID: <52E161A3A051EB41AB37C2D5ACD880400C23BD34C7@SER0004.parrish.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain
MIME-Version: 1.0
X-SpamH-CheckIP: 207.71.206.38
X-SpamH-CheckIP: 207.71.206.38
X-SpamH-CheckIP: 207.71.206.38
X-SpamH-CheckIP: 174.36.1.72
X-SpamH-CheckIP: 207.71.206.38
X-SpamH-CheckIP: 207.71.206.38
X-SpamH-CheckIP: 207.71.206.38
X-SpamH-CheckIP: 207.71.206.38
X-SpamH-CheckIP: 207.144.53.19
X-SpamH-Recipient: westonrice@gapsusa.com
X-SpamH-Recipient: westonrice@gapsusa.com
X-SpamH-Recipient: westonrice@gapsusa.com
X-SpamH-Recipient: westonrice@gapsusa.com
X-SpamH-Recipient: westonrice@gapsusa.com
X-SpamH-Recipient: westonrice@gapsusa.com
X-SpamH-Recipient: westonrice@gapsusa.com
X-SpamH-Recipient: westonrice@gapsusa.com
X-SpamH-Recipient: westonrice@gapsusa.com
X-SpamH-ID: d8.spamh.com-n4IGhrnV008671
X-SpamH-ID: m11.spamh.com-n4IGMsu8011847
X-SpamH-ID: l8.spamh.com-n4IG1kW2013853
X-SpamH-ID: l7.spamh.com-n4IFfYxN021812
X-SpamH-ID: a4.spamh.com-n4IFLRrl002394
X-SpamH-ID: t6.spamh.com-n4IF1HMn013293
X-SpamH-ID: a6.spamh.com-n4IEdtpK015416
X-SpamH-ID: d8.spamh.com-n4IEdpGg029615
X-SpamH-ID: l4.spamh.com-n4IEdkQg007785
X-OriginalArrivalTime: 18 May 2009 14:24:47.0925 (UTC) FILETIME=[65DC0650:01C9D7C4]
0
Comment
Question by:criceparrish
  • 9
  • 6
  • 4
19 Comments
 

Author Comment

by:criceparrish
ID: 24426619
By the way I have closed my open relay because of hackers, but can this cause us to not be verified?
0
 
LVL 35

Expert Comment

by:Bembi
ID: 24426809
So, let me say the following.

The first possibility is, that you are still blacklisted, if your server was open for relay for a while. Nevertheless, as you send mails via your provider, this is more an issue of the provider than with your server. Check both of them.

Some links:
http://www.robtex.com/rbl/
http://openrbl.org/query
--> Also try sender reputation here...

or all together
http://spamlinks.net/filter-dnsbl-lookup.htm#general-sites

What may happen:
You are blacklisted for some less relevant blacklisters and your recipient servers uses such lists.
Your provider is blacklisted and the recipient server is checking this.

Exchange 2007 has also a Sender ID and Sender Reputation filter. Both of them are not really reliable. If the recipient server is also an exchange server 2007, it may be affected bay this.

"Relay rejected" is usually initiated by the recipient server for an reason, usually a activated filter your mail hits, maybe a blacklist, sender id , sender reputation issue or just you are blocked by them. This has to be clarified with the recipient, as only they can tell you, which filter rules denies your mail.

The "error occured" may happen for several reasons. This is unspecific. Maybe the server is temporarily not available or any other error has occured during transfer. What I can see here is the IP6 address (from SER0004.parrish.local ([fe80::101:40d6:c0de:8f24]) by ...), which maybe a problem for some gateways. This may be the reason.

The third issue "too many hops" is as the message said. Mail servers can analyse the hop count (the number of relay server between the source and the target). If there are too much servers touched, one of the servers will deny the message.  The real reason for the last message is a mail loop. You find the same IP addresses and names more than once. The mail is circulation between the servers and after the hop count is reached, the last server stops this loop. This is a self protection functionality of most servers to stop cirtulation mails. In fact, a configuration failure on one of the servers.
 
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24426861
The message has looped. It hasn't given a reason why though.

The loop looks like it is not with your server. Therefore the loop is out of your control.

It goes from the antispam service in to the network of the recipient, then between two servers and back to the antispam server, who tries to send it back in again. Eventually it is rejected for too many hops.

Simon.
0
 

Author Comment

by:criceparrish
ID: 24431909
Bembi you menitoned something about the IPV6 name, what exactly would you think is wrong with that. I checked all the links you suggested and couldn't find anything that would be causing a problem, but I am new at this and not always sure what I am looking at. Our IP address is 207.144.53.19 what do you think?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24432237
You can't do anything about the IPv6 name as that is an internal reference when the message passes through Transport. It cannot be changed.

That wouldn't cause the loop. The loop is outside of your server.

The first NDR also appears to be outside of your control, because it is not your server in the NDR. It is mailbagger.com.

Simon.
0
 
LVL 35

Expert Comment

by:Bembi
ID: 24436674
I interpreted your question as three different problems.

If this is really the same mail, the mail loop is the first you should try to solve. As the loop happens on these gapsxxx.com machines, there is a misconfiguration there and I think you have no really option, what you can do with the exception of informing the admin there.

The IP6 address was simply a hint, that this may be a source of error, if subsequent systems try to do something with this identification, but can not handle IP6 addresses, especially as it seems the be, that there is a spam tool involved beside a EX 2003 machine on target side. The IP6 address is shown as your SER0004.parrish.local is configured with an IP6 address.

The last protocol set shows (not see before my first mail), that your sender indentification is accepeted with the IP6 address so far, so this is is not the issue for this case (last protocol sequence).
0
 

Author Comment

by:criceparrish
ID: 24442034
What about the SPF record, could this be causing a problem? What should that record be (remote.parrishconstruction.com) and how do I set it up?
0
 

Author Comment

by:criceparrish
ID: 24442511
It seems to be just one user really having a problem with getting mail out. Any suggestions?
0
 
LVL 35

Expert Comment

by:Bembi
ID: 24442619
As stated, the last log sequence is definitely a mail loop. As long as this exists, you can do nothing, it is on the remote site. As mail loops are always logical configuration failures, you can only check, if this is triggert by your domain or by a single user. If only a single user is affekted, it cannot have something to do with your server like SPF or whatever.

What I assume is, that the target system has a virus or spam filter, which sends detected mails into this loop. This does not affect normal mail flow, but only the mails, the target detects for any reasons. The mail header definitely states, the the mail as left your system.

What may simply be, that the target system simply detects a word or letter combination inside the name or signature of the user.

The only suggestion is, to talk to the administrator of the target system.



0
Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 

Author Comment

by:criceparrish
ID: 24443782
How about this one then?

Diagnostic information for administrators:

Generating server: SER0004.parrish.local

saranna.charping@baldwin.k12.ga.us
smtp.baldwin.k12.ga.us #554 Service unavailable; Client host [remote.parrishconstruction.com] blocked by bl.spamcop.net; fe80::101:40d6:c0de:8f24 ##

Original message headers:

Received: from SER0004.parrish.local ([fe80::101:40d6:c0de:8f24]) by
 SER0004.parrish.local ([fe80::101:40d6:c0de:8f24%10]) with mapi; Thu, 21 May
 2009 09:13:49 -0400
From: David Nolan <dnolan@parrishconstruction.com>
To: "Saranna Charping (saranna.charping@baldwin.k12.ga.us)"
      <saranna.charping@baldwin.k12.ga.us>
Date: Thu, 21 May 2009 09:13:47 -0400
Subject: FW: Meeting - Owner/Architect/CM 4 - 5-11-2009
Thread-Topic: Meeting - Owner/Architect/CM 4 - 5-11-2009
Thread-Index: AcnT9eeab2TAIMWWR9yzX3lOYRkLBQGIAYeA
Message-ID: <19A0B80B3AF4FF4691A129F2E4B5A15805D4FD47@SER0004.parrish.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/mixed;
      boundary="_002_19A0B80B3AF4FF4691A129F2E4B5A15805D4FD47SER0004parrishl_"
MIME-Version: 1.0
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24443862
That one is completely obvious. You are on spamcop's blacklist. You need to look at why and get yourself de-listed.

Simon.
0
 

Author Comment

by:criceparrish
ID: 24444124
Ok I guess I have somewhat found part of the issue, Our internal IP addresses seem to be blacklisted example mine is 172.20.148.151, but our external IP address is not blacklisted 207.144.53.19 I did not think our internal IP effected this at all? Any idea how to fix this?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24444676
Your internal IP address has nothing to do with it because 172.x.x.x is a private IP address.

All blacklisting is looking at is the IP address the connection is being made from.

Simon.
0
 

Author Comment

by:criceparrish
ID: 24444727
So the 207.144.53.19 our external IP, but I can't see where that IP is blacklisted anywhere?
0
 
LVL 35

Expert Comment

by:Bembi
ID: 24444992
This depends a little bit on the target system.
You are right, the sender IP should not really take care, especially as it is a private address 172.16.xx.xx - 172.32.xx.xx
As this is private, there is no way to resolve it as everybody can have it. Therefore they never should be listed anywhere.

Only your public IP may play a role, and also only then, if no additional mail relay (i.e. ISP) is used.
Nevertheless I have seen issues in Exchange 2007 / TMG, where some of the Spam protection mechanism are not working as expected. As I said, SenderID and sender reputation may be an issue. The issue here is realy, that the sender address is checked instaed of the relevant mail relay server. Therefore I had to put some single senders onto my whitelist.  

Your domain and IP looks good so far, checked it against some meta databases with no results, including Spamcop. It maybe, that some of the blacklister will temporarly list some domains if  they are used for faked mail floods.

I come back to IP6:
As I said, I've seen that some Exchange / TMP functions are dealing with the direct senders address (which should not be), you cant be sure, what the recipient will do with that. IP6 may be supported by newer systems, but currently it is not more that a definitition and everything else than a standard.
What is really going on on the recipient system, you never have any influence to it. The systems works as far as all components are fully supporting it and as far as all affected systems are well configured.  Using IP6 multibles possibly reason for errors.

If there is no really reason, why you deal with IP6 addresse, you may decide to fall back to IP4 and remote IP6 addresses and definitons.
0
 

Author Comment

by:criceparrish
ID: 24445241
You can't just turn off IP6 in SBS 08 it will jack it all up, I know first had because Microsoft support already tried that and it caused all types of problems. Is there nothing I can physicaly do to correct this? Why is the one user having all the problems?
0
 
LVL 35

Expert Comment

by:Bembi
ID: 24445363
OK, that may be a reason. I know that some services has problems without IP6.
But as you can see, even MS is unsure about its own IP6 implementation. Most of the services which are part of Win2008 will run without IP6, including Exchange. But SBS has a little more relationships to it.

The main information source is always the recipeint system. As far as you get such errors, you should check this with the recipient administrator. He can tell you excactly, why a mail bounces or why not, as he as access to the logs. And bouncing is initiated by the recipient system.

You can now fish in the sea of possibly reasons, but to get an real idea about the resons you may contact one of the recipients to get an idea.

One option maybe to send some mails from different senders (including your problem sender) to a public mail account, you have access to. There you can check the header of the mails to find out, if there are any differences, which may be able to trigger spam tools on recipient systems.
0
 

Author Comment

by:criceparrish
ID: 24445799
Food for thought! Some of our users can send me a test email to a ymail account and it will come into my spam box and some can send an email that will come into the standard inbox. This user that I am having the most trouble with can respond to any email but can not origanate an email to some contacts.Is it possible that there is a setting in outlook that needs changed?
0
 
LVL 35

Accepted Solution

by:
Bembi earned 500 total points
ID: 24449150
Everything you get incoming is dependend from your own system. If some of your incoming mails are declared as spam, others not, than either your Exchange or your Outlook is filtering this mail. There are several mechanism for that, but you have a white- and a blacklist in Outlook to overwrite the decision of Outlook / Exchange. Exchange has a value called SCL (spam confidencial level), and dependend from the setting of the email, it is declared as spam or not.  Outlook has a similar functionality and you can change the sensibility of this filter in outlook from low to high.

The client uses the global address list (from exchange) if available and any additional contacts folder, which is enabled for acting as addressbook. Also a local addressbook maybe present, used by older outlook versions or outlook express. It just maybe, that there are wrong addresses anywhere. Additionally outlook has its own address cache, where every typed address is stored and autocompleted during typing. If there are some wrong addresses stored, the client may take over these wrong addresses.

You just should check the address in the address line before the mail is sent and verify, the address is valid. It may help to kill this local cache. Have a look here for all outlook switches
http://www.outlook-tips.net/archives/2003/20031009.htm
0

Featured Post

Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now