Solved

help me interpret this NDR 5.7.0 smtp 550

Posted on 2009-07-06
17
2,755 Views
Last Modified: 2012-05-07
a user just got an ndr when trying to send an email the ndr looked like this:
The following recipient(s) cannot be reached:

      'recipeint' on 7/6/2009 9:42 AM
            The recipient could not be processed because it would violate the security policy in force
            <mail.mydomain.com #5.7.0 smtp;550 5.7.0 <recipient@xxx.com>... Local Policy Violation>


i have never seen this and can not find any info on this local security policy violation anywhere

my exchange serv is 2003 sp2 running on a server 2003 sp2 standard box. i also have gfi mailessentails and symantec MSMSE 6.0 running on the exchnage server
0
Comment
Question by:cfischer225
  • 8
  • 7
  • 2
17 Comments
 
LVL 6

Expert Comment

by:cmccall
ID: 24785819
Is the recipient local to your org or an external recipient?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24785843
It sounds like a GFI Mailessentials policy problem.  Don't know the product, but it is not a standard Exchange error message.
Can you whitelist the users domain?
Is the sender sending you an attachment that is too big?
Is the subject of the message triggering a policy?
Is there the usual unsubscribe wording in the message body that is triggering a policy?
Basically, check your GFI policies and ask the sender to fax you a copy of the email message in it's entireity so you can work out why it is being rejected.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24785861
Hold on a minute - GFI and Symantec MSMSE on the same box - two products doing the same job?  That is going to make live very interesting.
Sounds like you are doubling up on your security and this can be a problem.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24785930
GFI Mail Essentials (Anti-spam Solution for Exchange/SMTP/Lotus):
http://www.gfi.com/mes/?adv=69&loc=392
The most effective way to beat spammers at their game is to use the #1 anti-spam solution, GFI MailEssentials". We have over 80,000 customers, worldwide, and have won over 60 awards.
GFI MailEssentials features not one, but two anti-spam engines to give administrators an ultra high spam capture rate out-of-the-box with minimal configuration. Not only does it have one of the highest spam capture rates in the industry, over 99%, but it is also the market leader for reducing false positives and ships at the best price available.
Symantec Mail Security For Microsoft Exchange:
http://www.symantec.com/business/mail-security-for-microsoft-exchange
Symantec Mail Security 6.0 for Microsoft Exchange provides high-performance, integrated mail protection against virus threats, spam, and security risks while enforcing internal policies on Microsoft Exchange 2000/2003/2007 servers. SMS for Exchange now also supports Windows 2008 in addition to Windows 2000/2003. Symantec Premium AntiSpam subscription can be activated by purchasing a license key to provide best-of-breed spam prevention without additional on-going administration after initial setup.
I would go with one product or the other, but not both - don't know if others agree.  I suspect this may cause you untold problems, not to mention server resource issues.
0
 

Author Comment

by:cfischer225
ID: 24786008
the symantec is a message scanner the gfi is anti spam, they do two different jobs, not the same and i have never had a problem before

and the recipient is at an external domain

i just sent another user at the same dmoain an email and it went trough sucessfully.
0
 

Author Comment

by:cfischer225
ID: 24786044
let me clarify symantec scans attachments for viruses while gfi is strictly spam
0
 
LVL 6

Accepted Solution

by:
cmccall earned 300 total points
ID: 24786048
I believe this is on the recipients side.  Your mail server is returning the message because the other side won't accept it.  It returns that error message.  Most likely recipient filtering on the SPAM filter for the recipient.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24786057
Okay - if you are happy with both, then I'll keep quiet.
If you are sending though, there is a policy on your server in GFI or Symantec that you are violating.
You need to search through both packages and find the offending rule.
It won't necessarily be the domain, more the content.
0
Being driven mad by email signature updates?

Having to make a change to your users’ email signatures, yet again? Feel like your head is going to explode? Rely on an Exclaimer email signature management solution to make the process simple!

 

Author Comment

by:cfischer225
ID: 24786494
i am going to try and contact thier admin but its a huge company! pfizer.com
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24786553
I think the problem is at your end, not theirs.
Contacting their IT is not going to resolve the problem unless the NDR came from them and the way I am reading it is the NDR came from your own server.  Is this how you read it?
Alan
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 200 total points
ID: 24786596
Previous EE question suggests it might be a SPF problem:
http://www.experts-exchange.com/Networking/Protocols/Application_Protocols/Email/SMTP/Q_22918488.html
Please check your SPF on www.dnsstuff.com (Domain Report) and check to see if you have one, or if it is incorrectly setup.
0
 

Author Comment

by:cfischer225
ID: 24786743
spf looks good:

SPF records should also be published in DNS as type SPF records. This is new and most implementations do not support it yet.
No type SPF records found.

Checking to see if there is a valid SPF record.

Found v=spf1 record for pangaiapartners.com
v=spf1 mx -all

evaluating...
SPF record passed validation test with pySPF (Python SPF library)!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24786788
Okay - good to rule out.
What about the NDR - is that from your system or external system do you think?
0
 

Author Comment

by:cfischer225
ID: 24786806
also reverse dns points back to us.

like i mentioned we can send to other recipients in that domain but just not to this particular one and all i have is the ndr that i posted above plus an event log on the app log of the exch server which basicly gives the same info as the ndr. the ndr also happens within seconds of sending the mail as oppossed to one that sits in the queue for hours before my server generates it, which tells me that the reciveing server is rejecting it for some reason
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 24786856
Yes - agreed - was not sure if the NDR was from you or them, but your above comment ahs confirmed.  They are rejecting you.
Have you checked your IP on http://www.mxtoolbox.com/blacklists.aspx - you might be listed and they might be blocking you?
 
0
 

Author Comment

by:cfischer225
ID: 24787105
problem solved- the user no longer works at the company
i had my boss give him a ring and his voicemail said he was no longer around. which is wierd because when that is the case you would see an error message stating that user not found, or user not in directory or soemthing to that effect. anyway thanks for the help
0
 

Author Closing Comment

by:cfischer225
ID: 31600192
i gave cmccall mor epoints because he looked to the recipient initially
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now