Solved

exchange email being returned with "Client host rejected: Phishing" message

Posted on 2009-07-06
18
773 Views
Last Modified: 2012-05-07
I have an exchange  server running on sbs2003.  Today I've started receiving all email back similar to the following:

Your message did not reach some or all of the intended recipients.

      Subject:      RE: Test
      Sent:      7/6/2009 2:25 PM

The following recipient(s) could not be reached:

      Web Hosting on 7/6/2009 2:25 PM
            You do not have permission to send to this recipient.  For assistance, contact your system administrator.
            <888phantom.com #5.7.1 smtp;554 5.7.1 <unknown[75.160.160.33]>: Client host rejected: Phishing>

It was working fine yesterday and for the last couple years with my current settings.  My mail server/ip address doesn't appear on any black list servers.

My service is through qwest dsl.

They have been of no assistance thus far.

My domain is 888phantom.com & my static ip is 75.160.160.33
0
Comment
Question by:rjessop
  • 7
  • 6
  • 4
  • +1
18 Comments
 
LVL 13

Expert Comment

by:shadowlesss
Comment Utility
Is this occurring when you send out any email or just email to a certain email domain?
0
 
LVL 13

Expert Comment

by:shadowlesss
Comment Utility
I ran a DNS report and you do have a couple issues
2009-07-06-1642.png
0
 
LVL 13

Expert Comment

by:shadowlesss
Comment Utility
Your MX record must be a host name not an IP
0
 
LVL 27

Expert Comment

by:shauncroucher
Comment Utility
Your PTR (reverseDNS) record and your SMTP Banner should be fully qualified domain names not just a domain name. ie server.888phantom.com instead of 888phantom.com. Unless this is changed chances are that ALL AOL users at least will not be able to receive email from your server.

0
 

Author Comment

by:rjessop
Comment Utility
It is to all domains, and yes I got similar results from DNSSTUFF.com.  I don't know what to do about those errors, however I know that they have been present for the last couple years and it has worked fine (except for the last error - I"m not sure if that has been present or not).

I am receiving email to this exchange server just fine.

0
 
LVL 27

Expert Comment

by:shauncroucher
Comment Utility
DNS all ok? Do you use a smarthost to send mail outbound? If so, is the smarthost still ok?

1) See if you have an SMTP connector:
 
Open Exchange System Manager --> Connectors --> SMTP connector - if you see a connector here that relates to outgoing mail or SMTP, then this may be responsible for outgoing mail. Go to properties and the front page will show if you have a Smarthost entry. If you do, you are using a smarthost. If this is blank, go to step 2.
 
2) Next, check your SMTP bridgehead does not specify a smarthost entry. Open Exchange System Manager -> Servers --> [SERVERNAME] -> Protocols -> SMTP --> Default SMTP virtual server --> Properties --> Delivery --> Advanced --> Smarthost.
If there is an entry here, you are using a smarthost. If it is blank then you are using DNS.
0
 
LVL 13

Assisted Solution

by:shadowlesss
shadowlesss earned 25 total points
Comment Utility
You may also want to run the Microsoft Exchange Best Practices Analyzer and see what pops up.

http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-4BEE-4943-AC22-E2DDBD258DF3&displaylang=en

0
 

Author Comment

by:rjessop
Comment Utility
Under step 1 it shows Smallbusiness SMTP Connector and POP3 Connector Manager.  Properties of the SB SMTP Connector shows pop.mssl.qwest.net - is this my smarthost?  
0
 
LVL 27

Expert Comment

by:shauncroucher
Comment Utility
Yes. Check that they are still accepting email from you. My money is on the fact that this server no longer accepts mail from you. Contact qwest and ask them to verify or run a telnet test to the server and see if it accepts your mail.

Shaun

0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 27

Accepted Solution

by:
shauncroucher earned 450 total points
Comment Utility
Basic telnet testing to ensure mail can reach a destination mail server.
 
Note you cannot use backspace or delete when using telnet, if you make a spelling mistake, start the command again after the error is generated.
 
 
2) Log onto your Exchange server and open up a command prompt.
 
Type the following:
 
telnet pop.mssl.qwest.net 25
[Wait for 220 response]
 
EHLO 888phantom.com
[Wait for 250 response]
 
MAIL FROM:<ONE_OF_YOUR_EMAIL_ADDRESSES>
[Wait for 250 response]
 
RCPT TO:<[ANY EXTERNAL EMAIL ADDRESS]> (example: RCPT TO:news@bbc.co.uk)
[Wait for 250 response]
DATA
[Wait for 354 response]
This is a test message
.
(note the dot on its own to end the session)
 
You should now get a message that the email has been queued for delivery.

If not, then contact qwest.net OR you can use DNS to route mail, but not until you resolve those warnings identified by DNS testing, YOU WILL GET ISSUES if you switch to using DNS rather than smarthost at the moment.

Shaun
0
 
LVL 27

Expert Comment

by:shauncroucher
Comment Utility
Note you must place < > around email addresses when using telnet test

Shaun
0
 

Author Comment

by:rjessop
Comment Utility
I've done the tests as you described above and I get the same message "Client Host rejected: Phishing" when I type in rcpt to:<another one of my external emails>
0
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 25 total points
Comment Utility
If you are using a smart host then your ISP is rejecting your messages.
You will need to ask them why. However I would suspect that you have a compromised machine on your network. The ISP has detected it and is now blocking your access.

You need to find the machine and then remove it. It may well be your server that is being abused.
http://blog.sembee.co.uk/archive/2008/03/13/73.aspx

Simon.

0
 

Author Comment

by:rjessop
Comment Utility
Here is qwests response

<tech> Ok found what is going on...i am escalating this now.  Over the weekend our servers had some maintence done and as a result some how it looks to have turned off the mail relay you are allowed to have....the escalation i have sent will get that reversed as fast as we can.

0
 
LVL 27

Expert Comment

by:shauncroucher
Comment Utility
so it appears it was your smarthost providers blocking mail then.
0
 

Author Comment

by:rjessop
Comment Utility
Thanks, for all your help so far!

So I would still be interest in fixing the DNS report issues, but don't know how to go about that.  Anyone up to the task of guiding me through that?

Thanks,
0
 

Author Comment

by:rjessop
Comment Utility
OK.  to resolve the DNS issues listed above I did the following:  

1 - Changed the primary MX record from 75.160.160.33 to home.888phantom.com (an existing A name).  
2 - Had qwest update rDNS for 75.160.160.33 to resolve to home.888phantom.com.

Please let me know if what I did above is not correct or adviseable.  I host the exchange server, but don't host the website for that domain.
0
 

Author Closing Comment

by:rjessop
Comment Utility
Although qwest still hasn't fix my probelms, I was able to start using DNS to route my email.  If/when they get it resolved I can switch back to the smart host.

Thanks
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
how to add IIS SMTP to handle application/Scanner relays into office 365.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now