Solved

#0.0.0 smtp; 554 Denied (Mode: normal) Error with outbound mail

Posted on 2010-09-02
6
3,692 Views
Last Modified: 2012-05-10
This past week we have had several users report problems they are having sending mail to some external recipients. The e-mails to these senders are always returned with the error: "Undeliverable: Delivery failure (recipient e-mail address)" in the subject line and this in the body: "The following recipient(s) cannot be reached:

      recipients e-mail address on 9/2/2010 8:36 AM
            The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < dnsnameofmymodusgateserver #0.0.0 smtp; 554 Denied (Mode: normal)>"

We are using Microsoft Exchange 2003 and we have a Vircom ModusGate server in front of that to provide mail filtering.  When I pour through my OPR logs on the ModusGate server, I see the following logs of the outgoing mail transaction:

Incoming SMTP call from 192.168.0.49 (internal IP of my exchange server) at 08:36:17.
Reverse DNS Lookup for 192.168.0.49 initiated at 08:36:17.
Reverse DNS Lookup for 192.168.0.49 completed at 08:36:17.
Address 192.168.0.49 resolves to myexchangeservername.
<<< 220 mymodusgateservername modusGate ESMTP Receiver Version 5.0.916.0 Ready
>>> EHLO myexchangeservername
<<< 250-mymodusgateservername
250-SIZE 31457280
250-ETRN
250-ENHANCEDSTATUSCODES
250-X-IMS 5 -1
250-DSN
250-VRFY
250-AUTH LOGIN
250-AUTH=LOGIN
250 8BITMIME
>>> MAIL FROM:<mye-mailaddress> SIZE=15273
SPF query for mye-mailaddress from myexchangeservername initiated at 08:36:17.
SPF query for mye-mailaddress completed at 08:36:17 with the following result none (mymodusgateservername: domain of mye-mailaddress does not designate any permitted senders).
<<< 250 2.0.0 mye-mailaddress OK
>>> RCPT TO:<recipientaddress1>
<<< 250 2.0.0 recipientaddress1 OK
>>> RCPT TO:<recipientaddress2>
<<< 250 2.0.0 recipientaddress2 OK
>>> DATA
<<< 354 Ready for data
The recipient <recipientaddress1> is auto-trusted for mailbox <mye-mailaddress>.
The recipient <recipientaddress2> is auto-trusted for mailbox <mye-mailaddress>.
<<< 250 2.0.0 Message received OK [id=B0019795511@mymodusgateservername]
Message B0019795511@mymodusgateservername received at 08:36:17 from myexchangeservername (myexchangeservername

[192.168.0.49]).
Size: 15269 bytes
Return-path: mye-mailaddress
"Recipients: recipientaddress1, recipientaddress2, "
>>> QUIT
<<< 221 2.0.0 mymodusgateservername closing
Incoming SMTP call from myexchangeservername completed at 08:36:17.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG has been detected.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG is being scanned for attachments.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG has been scanned and is clean.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG is being virus scanned.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG has been scanned and is clean.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG has been scanned and whitelisted for recipient <ssymons>
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG has been scanned and whitelisted for recipient <cmiller>
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG was scanned for spam and no actions were taken.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG is being scanned for policies.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG was scanned for policy violations and no actions were taken.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The domain harkinsbuilders.com was not found on the SURBL server multi.surbl.org.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
Message B0019795511.MSG has been moved and/or renamed to C:\Program Files\Vircom\modusGate\spool\incoming\B00\1979\B0019795511.MSG
---- MODUSCAN log entry made at 09/02/2010 08:36:17
Message B0019795511.ASY has been moved and/or renamed to C:\Program Files\Vircom\modusGate\spool\incoming\B00\1979\B0019795511.RCP
---- SMTPDS log entry made at 09/02/2010 08:36:17
Message C:\Program Files\Vircom\modusGate\spool\incoming\B00\1979\B0019795511.MSG has been moved to C:\Program Files\Vircom\modusGate\spool\holding\B00\1979\B0019795511.MSG.
---- MODUSCAN log entry made at 09/02/2010 08:36:19
SMTP client starting work on C:\PROGRAM FILES\VIRCOM\MODUSGATE\SPOOL\DOMAINS\HCGH.ORG\B0019795511.RCP
Connected to remotemailserverip:25
"Received ""220 remotemailservername ESMTP mxl_mta-6.7.0-1 [77928940.239720.00-2314]; Thu, 02 Sep 2010 06:36:21 -0600 (MDT); NO UCE, INBOUND\r\n"""
"Sending ""EHLO mymodusgateservername\r\n"""
"Received ""250-remotemailservername\r\n250-SIZE 0\r\n250-STARTTLS\r\n250-SUBMITTER\r\n250 PIPELINING\r\n"""
"Sending ""MAIL FROM:<mye-mailaddress> SIZE=15372\r\n"""
"Received ""250 Sender Ok\r\n"""
"Sending ""RCPT TO:<recipientaddress2>\r\n"""
"Received ""250 recipientaddress2 ok (RCPTMode: normal/deferred)\r\n"""
"Sending ""DATA\r\n"""
"Received ""354 Start mail input; end with <CRLF>.<CRLF>\r\n"""
"Final dot sent, read 15372 and sent 15372 bytes"
"Received ""554 Denied (Mode: normal)\r\n"""
"Sending ""QUIT\r\n"""

I am unable to tell exactly what is going on here or where else I should be looking to troubleshoot this.  Everyday it seems like another user is reporting this same issue with a different recipient so I'd like to get it figured out before the users start revolting.  I have sent e-mails to these recipients from my GMail account and they go through fine.  

I appreciate any help that can be provided.
Thanks
-Chris
0
Comment
Question by:HarkinsIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 32

Expert Comment

by:endital1097
ID: 33586901
you gave a lot of good information, thanks

looking at the inbound session you posted everything looks good until after the message was submitted

you won't see this if your system is on a blacklist or they are refusing connections from you
"Received ""220 remotemailservername ESMTP mxl_mta-6.7.0-1 [77928940.239720.00-2314]; Thu, 02 Sep 2010 06:36:21 -0600 (MDT); NO UCE, INBOUND\r\n"""

the recipient was valid
"Received ""250 recipientaddress2 ok (RCPTMode: normal/deferred)\r\n"""

the system is accepting your message
"Sending ""DATA\r\n"""
"Received ""354 Start mail input; end with <CRLF>.<CRLF>\r\n"""
"Final dot sent, read 15372 and sent 15372 bytes"

at this point the message must have failed some policy on the recipient's end like message size
"Received ""554 Denied (Mode: normal)\r\n"""


0
 
LVL 12

Expert Comment

by:FDiskWizard
ID: 33586907
My best guess, is that the receiving end is blocking the emails in some fashion or another.
Is it multiple external domains? Maybe you or you ISP got on a blacklist?

I've dealt with one company who's ISP kept getting blacklisted because one of their customers was sneding SPAM.

Send an email to a Gmail account, and look at the headers to see if anything odd shows up.
Or better yet, email one of the domains that had an issue...
Try to get a server admin on the phone at one of the external domains... that would really expedite resolving your issues if they can confirm emails getting through or being blocked..

0
 

Author Comment

by:HarkinsIT
ID: 33587220
@endital1097 - So I guess it does indeed appear to be a problem on the recipients end?  That would be nice but not sure my users would be happy with that.    :-)

@FDiskWizard - Yes, we are having this problem with a few different external domains/e-mail addresses.  I have heard that it can be tough to confirm that your e-mail address is on a blacklist or not since there are so many of them and some companies maintain their own blacklists.  That certainly makes it more difficult to troubleshoot.  

I will see if I can get in touch with an Admin at one of the "problem" companies.  Thanks for the advise....

-Chris
0
MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

 
LVL 12

Accepted Solution

by:
FDiskWizard earned 250 total points
ID: 33589063
Yes. Sometimes they do add to their block list; by country, etc... I've talked to a number of admins with other companies and got them straight ;-)
Just talking to one person might clue you in on WHY some are getting blocked. Have fun!
0
 
LVL 32

Assisted Solution

by:endital1097
endital1097 earned 250 total points
ID: 33589294
i just think that the one instance you provided it is a policy on the recipient's system
your log showed the message was submitted successfully before it was rejected
0
 

Author Comment

by:HarkinsIT
ID: 33616930
Oddly enough, the problem seems to have cleared up on it's own.  Very odd.  Oh well, hopefully it doesn't happen again.  Thanks to you both for your assistance.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question