mikeabc27
asked on
Blacklisted by uceprotectl3
A client has asked me to look at an email problem on a SBS 2008 network.
Two users have had their emails bounce back for a couple of weeks from one certain domain, while another user gets through ok.
I checked for blacklisted and see that they have one listing from uceprotect showing as Level 3.
They have McAfee Viruscan Enterprise v8.5 for Antivirus and Antispyware on the server, so I am going to run a full scan. However, should I make any changes to the DNS settings on the server?
Also, what is the quickest way to get this entry removed - that doesn't involve improving the German economy?
Thanks,
Mike
Two users have had their emails bounce back for a couple of weeks from one certain domain, while another user gets through ok.
I checked for blacklisted and see that they have one listing from uceprotect showing as Level 3.
They have McAfee Viruscan Enterprise v8.5 for Antivirus and Antispyware on the server, so I am going to run a full scan. However, should I make any changes to the DNS settings on the server?
Also, what is the quickest way to get this entry removed - that doesn't involve improving the German economy?
Thanks,
Mike
Also, check http://www.mxtoolbox.com/SuperTool.aspx for your clients IP address
I would hope that no-one blocks at UCEPROTECT Level 3 as this is essentially blocking by an ISP.
You may have other problems that my article may highlight (ignore the blacklist check):
https://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Problems-sending-mail-to-one-or-more-external-domains.html
You may have other problems that my article may highlight (ignore the blacklist check):
https://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Problems-sending-mail-to-one-or-more-external-domains.html
ASKER
Hi Jake,
I did originally get the blacklist report from mxtoolbox. Using the supertool and entering blacklist:mydomain.co.uk gives me a completely different IP which is totally clean.
Anyway the mxrecord IP shows and tests as level 3 and I get the following report from our own fixed IP:
Your ISP BT-UK-AS BTnet UK Regional network/AS2856 is UCEPROTECT-Level3 listed for hosting a total of 21254 abusers. See: Detail
Return codes were: 127.0.0.2
I did originally get the blacklist report from mxtoolbox. Using the supertool and entering blacklist:mydomain.co.uk gives me a completely different IP which is totally clean.
Anyway the mxrecord IP shows and tests as level 3 and I get the following report from our own fixed IP:
Your ISP BT-UK-AS BTnet UK Regional network/AS2856 is UCEPROTECT-Level3 listed for hosting a total of 21254 abusers. See: Detail
Return codes were: 127.0.0.2
Can you post the NDR that the users get that can't send - that might help solve the problem.
Oh dear - BT! My favourite!! : (
I have a customer that picked up a new IP address that was blacklisted on 3 different sites. They are getting a clean one soon.
They may be allocating you a Statically Assigned Dynamic IP (an IP from a Pool of Dynamic IPs that you get all the time).
I would call BT (0845 600 7020) and ask for a clean IP address.
I have a customer that picked up a new IP address that was blacklisted on 3 different sites. They are getting a clean one soon.
They may be allocating you a Statically Assigned Dynamic IP (an IP from a Pool of Dynamic IPs that you get all the time).
I would call BT (0845 600 7020) and ask for a clean IP address.
ASKER
What version of Outlook are the problem users using? 2007 by any chance?
Are the okay users also using 2007?
Have you installed all Windows Updates / Office Updates for the problem machines?
Are the okay users also using 2007?
Have you installed all Windows Updates / Office Updates for the problem machines?
This doesn't look good: -
Diagnostic information for administrators:
Generating server: OURSERVER.ourdomain.local
Tony@recipient.co.uk
server.other.co.uk #550 relay not permitted ##
That would indicate that the recipient and sender aren't on the server that you are communicating with. I appreciate your desire for privacy but it makes it harder for us to troubleshoot with you.
Have you tried sending a manual SMTP message to the intended recipient?
Not sure it's an IP issue. [quote]Two users have had their emails bounce back for a couple of weeks from one certain domain, while another user gets through ok.[end quote] if it were and IP blacklist issue, nothing would get through.
Diagnostic information for administrators:
Generating server: OURSERVER.ourdomain.local
Tony@recipient.co.uk
server.other.co.uk #550 relay not permitted ##
That would indicate that the recipient and sender aren't on the server that you are communicating with. I appreciate your desire for privacy but it makes it harder for us to troubleshoot with you.
Have you tried sending a manual SMTP message to the intended recipient?
Not sure it's an IP issue. [quote]Two users have had their emails bounce back for a couple of weeks from one certain domain, while another user gets through ok.[end quote] if it were and IP blacklist issue, nothing would get through.
@jakethecatuk - I am not convinced that it is a Blacklisting issue - it sounds more Computer / Outlook related to me.
ASKER
Yes, Outlook 2007 on ALL. I'm getting one of the problem users to check Windows and Office all updated. He will then try a resend.
Sorry for confusion -
OURSERVER.ourdomain.local - self explanatory
Dave.ourdomain.co.uk - sender
Tony@recipient.co.uk - address dave is sending to
server.other.co.uk - second receiving server for recipient.co.uk - their first one has a dose of what ours has.
Sorry for confusion -
OURSERVER.ourdomain.local - self explanatory
Dave.ourdomain.co.uk - sender
Tony@recipient.co.uk - address dave is sending to
server.other.co.uk - second receiving server for recipient.co.uk - their first one has a dose of what ours has.
Not convinced it's an Outlook problem - 'server.other.co.uk #550 relay not permitted ##' is not an Outlook error message.
Mike - can I suggest you try a manual SMTP send using telnet to see what happens. Let me know if you need the syntax.
Mike - can I suggest you try a manual SMTP send using telnet to see what happens. Let me know if you need the syntax.
See where you're coming from Alan...but as the users are connected to an SBS, they should be communicating via Exchange for all their sending/receiving.
However, it's worth a check to make sure.
However, it's worth a check to make sure.
Of course - the alternative is that the recipient is blocking particular users at your site and not others!
[quote]Of course - the alternative is that the recipient is blocking particular users at your site and not others![end quote]
I was making an observation about Exchange and SBS based on the OP's original post - is sarchasm really necessary Alan?
I was making an observation about Exchange and SBS based on the OP's original post - is sarchasm really necessary Alan?
One sure-fire method to test is to use Telnet to the recipient server from a command prompt and test sending from your good users and your bad users:
telnet mail.theirdomain.com 25
ehlo yourdomain.com
mail from:<gooduser@yourdomain.
rcpt to:<recipient@theirdomain.
Await response and note
Quit
telnet mail.theirdomain.com 25
ehlo yourdomain.com
mail from:<baduser@yourdomain.c
rcpt to:<recipient@theirdomain.
Await response and note
Quit
telnet mail.theirdomain.com 25
ehlo yourdomain.com
mail from:<gooduser@yourdomain.
rcpt to:<recipient@theirdomain.
Await response and note
Quit
telnet mail.theirdomain.com 25
ehlo yourdomain.com
mail from:<baduser@yourdomain.c
rcpt to:<recipient@theirdomain.
Await response and note
Quit
Didn't see your post before posting mine and was not being sarcastic. Just writing down a thought : )
One thing to add to Alan's post - make sure you try the manual SMTP test (telnet) from the SBS server - not the users PC.
ASKER
Jake - I tried "telnet server.other.co.uk 25" and this tries but fails. I tried it from my own network and that connects.
It shouldn't make any difference where you telnet from - but It won't hurt either. NAT will make the IP appear to be the same at the recipient end.
Firewall might block outbound SMTP Alan - hence my suggestion.
However, Mike is getting an error when trying to telnet out.
Mike - is your SBS server configured to use a smart host for e-mail?
However, Mike is getting an error when trying to telnet out.
Mike - is your SBS server configured to use a smart host for e-mail?
Just to confirm - you tried to telnet from your problem server network and no connection and then you tried from your own network and made a connection?
If so - they are specifically blocking your IP.
If so - they are specifically blocking your IP.
Good point.
ASKER
If I telnet from server it works fine. So can't be IP.
I'll have a quick look at firewall and check to confirm they are sending out directly.
I'll have a quick look at firewall and check to confirm they are sending out directly.
ASKER
Yes, mail is going out directly.
OK - so what results did you get from the SBS server when you followed Alan's telnet commands?
Can you complete the telnet tests as per my previous post please.
Do they all work, or just some?
Do they all work, or just some?
ASKER
Sorry Alan, scrolled down too quickly and missed that post.
Just to clarify, I'm working on MY own network and connected remotely to the clients with the problem. I've 2 remote sessions open, one to a new problem computer and the other to their server.
Their server CAN telnet and I will continue with your tests and advise, however, the problem computer fails at the first line with a Connect failed msg.
Also, I am now told the one good PC has had an NDR with the same msg.
Just to clarify, I'm working on MY own network and connected remotely to the clients with the problem. I've 2 remote sessions open, one to a new problem computer and the other to their server.
Their server CAN telnet and I will continue with your tests and advise, however, the problem computer fails at the first line with a Connect failed msg.
Also, I am now told the one good PC has had an NDR with the same msg.
[quote]Their server CAN telnet and I will continue with your tests and advise, however, the problem computer fails at the first line with a Connect failed msg.
Also, I am now told the one good PC has had an NDR with the same msg.[end quote]
That's good - it means the firewall is blocking all SMTP traffic that doesn't come from the SBS server.
Also, I am now told the one good PC has had an NDR with the same msg.[end quote]
That's good - it means the firewall is blocking all SMTP traffic that doesn't come from the SBS server.
The telnet failing from the client is probably due to good security on the firewall as jakethecatuk pointed out. Nothing to get worried about.
ASKER
OK testing from the server:
telnet mail.theirdomain.com 25
OK
ehlo mydomain.co.uk
250-mail.theirdomain.co.uk
250-size xxxxxx
250-pipelining
250-auth cram-mds
250-starttls
250-help
mail from:<gooduser@mydomain.co
500 unrecognised command
rct to:<recipient@theirdomain.
503 sender not yet given
telnet mail.theirdomain.com 25
OK
ehlo mydomain.co.uk
250-mail.theirdomain.co.uk
250-size xxxxxx
250-pipelining
250-auth cram-mds
250-starttls
250-help
mail from:<gooduser@mydomain.co
500 unrecognised command
rct to:<recipient@theirdomain.
503 sender not yet given
did you put a 'space' between 'from:' and '<gooduser@mydoamin.co.uk>
Please also replace "gooduser" with an appropriate user that is not having trouble sending to the remote domain - just in case you are not.
ASKER
Have tried with and without the space and get the same 500 message
try losing the < and > - I've seen thjat some servers don't like them.
so, mail from: billg@microsoft.com
so, mail from: billg@microsoft.com
ASKER
I'm just going to try the same tests on my server
Try the following:
telnet mail.theirdomain.com 25
ehlo yourdomain.com
starttls
mail from:<gooduser@yourdomain.
rcpt to:<recipient@theirdomain.
Await response and note
Quit
telnet mail.theirdomain.com 25
ehlo yourdomain.com
starttls
mail from:<baduser@yourdomain.c
rcpt to:<recipient@theirdomain.
Await response and note
Quit
telnet mail.theirdomain.com 25
ehlo yourdomain.com
starttls
mail from:<gooduser@yourdomain.
rcpt to:<recipient@theirdomain.
Await response and note
Quit
telnet mail.theirdomain.com 25
ehlo yourdomain.com
starttls
mail from:<baduser@yourdomain.c
rcpt to:<recipient@theirdomain.
Await response and note
Quit
You may need to enable Mutual TLS on your Send Connector.
Open up Exchange Management Console> Organization Configuration> Hub Transport> Send Connectors> Windows SBS Internet Send Connector Properties.
Click on the Network Tab and tick "Enable Domain Security (Mutual Auth TLS).
Restart your Microsoft Exchange Transport service and then try sending out mail to this domain again.
Open up Exchange Management Console> Organization Configuration> Hub Transport> Send Connectors> Windows SBS Internet Send Connector Properties.
Click on the Network Tab and tick "Enable Domain Security (Mutual Auth TLS).
Restart your Microsoft Exchange Transport service and then try sending out mail to this domain again.
Alan - is it a good idea to make those changes? The OP only has problems sending to one organisation. Making those changes could cause problems sending to other domains.
The remote end has it enabled and this end presumably does not - so enabling it will allow TLS to be used when needed and not when it is not.
Worst case - turn it back off again if it causes problems with other domains.
Worst case - turn it back off again if it causes problems with other domains.
ASKER
OK, if we can take it back a few posts, as I got stuck on another issue.
Tested using the STARTTLS, but this kept bombing out.
So tried without, and a bad user and got 250s all the way up to rcpt to: which returned a 550 relay not permitted,
Tested using the STARTTLS, but this kept bombing out.
So tried without, and a bad user and got 250s all the way up to rcpt to: which returned a 550 relay not permitted,
if you got 550 on rcpt to: then the server you are connected to seems to think that the mailbox used on rcpt to: is not hosted with them.
you might want to give the IT team a call a the remote company and have a chat with them.
you might want to give the IT team a call a the remote company and have a chat with them.
It does seem to be a problem at their end with them not liking you.
What Service Pack / Rollup is your Exchange 2007 on? It might be a bug that has been fixed.
What Service Pack / Rollup is your Exchange 2007 on? It might be a bug that has been fixed.
ASKER
Open up Exchange Management Console> Organization Configuration> Hub Transport> Send Connectors> Windows SBS Internet Send Connector Properties.
Send Connectors box is empty - no properties
Send Connectors box is empty - no properties
Do you have a send connector listed under the Send Connector Tab?
ASKER
Exchange Server v08.01.0240.006, 2007 without SPs.
Nothing listed under Send Connectors tab - get msg "Active Directory server.ourdomain.co.uk is not available. Error message: A local error occurred. It was running "get-sendconnector"
Nothing listed under Send Connectors tab - get msg "Active Directory server.ourdomain.co.uk is not available. Error message: A local error occurred. It was running "get-sendconnector"
Okay - not helpful.
Please can you run the Exchange Best Practices Analyzer from the Tools section of Exchange Management Console and see if that throws anything up as being wrong. Something is.
Please can you run the Exchange Best Practices Analyzer from the Tools section of Exchange Management Console and see if that throws anything up as being wrong. Something is.
ASKER
Alan - Here's the log the Analzyer regerated
test01.txt
test01.txt
Thanks - did you migrate from SBS2003 by any chance?
Also - did you disable IPv6 on this SBS box? If you did - you need to re-enable it.
Also - did you disable IPv6 on this SBS box? If you did - you need to re-enable it.
ASKER
No, OEM installation of SBS 2008 Std to Fujitsu server.
There is only one NIC on this server and IPv6 box is ticked.
There is only one NIC on this server and IPv6 box is ticked.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Final comment indicates the points were to be split.
If this is not the case then the authors final comment is a valuable solution that should be added to the PAQ rather than deleted.
If this is not the case then the authors final comment is a valuable solution that should be added to the PAQ rather than deleted.
ASKER
Happy to add it dematzer, but I was disappointed not to hear anything further.
I just felt that your comment was actually the solution and rather than delete the question accept your own answer so that others can benefit from it in the future?
If your happy to do this then simply select the Accept as Solution next to your comment just above my last one.
If your happy to do this then simply select the Accept as Solution next to your comment just above my last one.
ASKER
Thanks dematzer
They will do a few checks and remove the entry provided they can. If they can't, they will advise you what to do.
However, if you showing as level 3 at uceprotect then it's your ISP's IP range that has the problem.
What listing was reported at uceprotect?