HarkinsIT
asked on
#0.0.0 smtp; 554 Denied (Mode: normal) Error with outbound mail
This past week we have had several users report problems they are having sending mail to some external recipients. The e-mails to these senders are always returned with the error: "Undeliverable: Delivery failure (recipient e-mail address)" in the subject line and this in the body: "The following recipient(s) cannot be reached:
recipients e-mail address on 9/2/2010 8:36 AM
The e-mail system was unable to deliver the message, but did not report a specific reason. Check the address and try again. If it still fails, contact your system administrator.
< dnsnameofmymodusgateserver
We are using Microsoft Exchange 2003 and we have a Vircom ModusGate server in front of that to provide mail filtering. When I pour through my OPR logs on the ModusGate server, I see the following logs of the outgoing mail transaction:
Incoming SMTP call from 192.168.0.49 (internal IP of my exchange server) at 08:36:17.
Reverse DNS Lookup for 192.168.0.49 initiated at 08:36:17.
Reverse DNS Lookup for 192.168.0.49 completed at 08:36:17.
Address 192.168.0.49 resolves to myexchangeservername.
<<< 220 mymodusgateservername modusGate ESMTP Receiver Version 5.0.916.0 Ready
>>> EHLO myexchangeservername
<<< 250-mymodusgateservername
250-SIZE 31457280
250-ETRN
250-ENHANCEDSTATUSCODES
250-X-IMS 5 -1
250-DSN
250-VRFY
250-AUTH LOGIN
250-AUTH=LOGIN
250 8BITMIME
>>> MAIL FROM:<mye-mailaddress> SIZE=15273
SPF query for mye-mailaddress from myexchangeservername initiated at 08:36:17.
SPF query for mye-mailaddress completed at 08:36:17 with the following result none (mymodusgateservername: domain of mye-mailaddress does not designate any permitted senders).
<<< 250 2.0.0 mye-mailaddress OK
>>> RCPT TO:<recipientaddress1>
<<< 250 2.0.0 recipientaddress1 OK
>>> RCPT TO:<recipientaddress2>
<<< 250 2.0.0 recipientaddress2 OK
>>> DATA
<<< 354 Ready for data
The recipient <recipientaddress1> is auto-trusted for mailbox <mye-mailaddress>.
The recipient <recipientaddress2> is auto-trusted for mailbox <mye-mailaddress>.
<<< 250 2.0.0 Message received OK [id=B0019795511@mymodusgateservername]
Message B0019795511@mymodusgateservername received at 08:36:17 from myexchangeservername (myexchangeservername
[192.168.0.49]).
Size: 15269 bytes
Return-path: mye-mailaddress
"Recipients: recipientaddress1, recipientaddress2, "
>>> QUIT
<<< 221 2.0.0 mymodusgateservername closing
Incoming SMTP call from myexchangeservername completed at 08:36:17.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The domain harkinsbuilders.com was not found on the SURBL server multi.surbl.org.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
Message B0019795511.MSG has been moved and/or renamed to C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:17
Message B0019795511.ASY has been moved and/or renamed to C:\Program Files\Vircom\modusGate\spo
---- SMTPDS log entry made at 09/02/2010 08:36:17
Message C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:19
SMTP client starting work on C:\PROGRAM FILES\VIRCOM\MODUSGATE\SPO
Connected to remotemailserverip:25
"Received ""220 remotemailservername ESMTP mxl_mta-6.7.0-1 [77928940.239720.00-2314];
"Sending ""EHLO mymodusgateservername\r\n"""
"Received ""250-remotemailservername\r\n250-SIZE 0\r\n250-STARTTLS\r\n250-S
"Sending ""MAIL FROM:<mye-mailaddress> SIZE=15372\r\n"""
"Received ""250 Sender Ok\r\n"""
"Sending ""RCPT TO:<recipientaddress2>\r\n"""
"Received ""250 recipientaddress2 ok (RCPTMode: normal/deferred)\r\n"""
"Sending ""DATA\r\n"""
"Received ""354 Start mail input; end with <CRLF>.<CRLF>\r\n"""
"Final dot sent, read 15372 and sent 15372 bytes"
"Received ""554 Denied (Mode: normal)\r\n"""
"Sending ""QUIT\r\n"""
I am unable to tell exactly what is going on here or where else I should be looking to troubleshoot this. Everyday it seems like another user is reporting this same issue with a different recipient so I'd like to get it figured out before the users start revolting. I have sent e-mails to these recipients from my GMail account and they go through fine.
I appreciate any help that can be provided.
Thanks
-Chris
recipients e-mail address on 9/2/2010 8:36 AM
The e-mail system was unable to deliver the message, but did not report a specific reason. Check the address and try again. If it still fails, contact your system administrator.
< dnsnameofmymodusgateserver
We are using Microsoft Exchange 2003 and we have a Vircom ModusGate server in front of that to provide mail filtering. When I pour through my OPR logs on the ModusGate server, I see the following logs of the outgoing mail transaction:
Incoming SMTP call from 192.168.0.49 (internal IP of my exchange server) at 08:36:17.
Reverse DNS Lookup for 192.168.0.49 initiated at 08:36:17.
Reverse DNS Lookup for 192.168.0.49 completed at 08:36:17.
Address 192.168.0.49 resolves to myexchangeservername.
<<< 220 mymodusgateservername modusGate ESMTP Receiver Version 5.0.916.0 Ready
>>> EHLO myexchangeservername
<<< 250-mymodusgateservername
250-SIZE 31457280
250-ETRN
250-ENHANCEDSTATUSCODES
250-X-IMS 5 -1
250-DSN
250-VRFY
250-AUTH LOGIN
250-AUTH=LOGIN
250 8BITMIME
>>> MAIL FROM:<mye-mailaddress> SIZE=15273
SPF query for mye-mailaddress from myexchangeservername initiated at 08:36:17.
SPF query for mye-mailaddress completed at 08:36:17 with the following result none (mymodusgateservername: domain of mye-mailaddress does not designate any permitted senders).
<<< 250 2.0.0 mye-mailaddress OK
>>> RCPT TO:<recipientaddress1>
<<< 250 2.0.0 recipientaddress1 OK
>>> RCPT TO:<recipientaddress2>
<<< 250 2.0.0 recipientaddress2 OK
>>> DATA
<<< 354 Ready for data
The recipient <recipientaddress1> is auto-trusted for mailbox <mye-mailaddress>.
The recipient <recipientaddress2> is auto-trusted for mailbox <mye-mailaddress>.
<<< 250 2.0.0 Message received OK [id=B0019795511@mymodusgateservername]
Message B0019795511@mymodusgateservername received at 08:36:17 from myexchangeservername (myexchangeservername
[192.168.0.49]).
Size: 15269 bytes
Return-path: mye-mailaddress
"Recipients: recipientaddress1, recipientaddress2, "
>>> QUIT
<<< 221 2.0.0 mymodusgateservername closing
Incoming SMTP call from myexchangeservername completed at 08:36:17.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The domain harkinsbuilders.com was not found on the SURBL server multi.surbl.org.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
Message B0019795511.MSG has been moved and/or renamed to C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:17
Message B0019795511.ASY has been moved and/or renamed to C:\Program Files\Vircom\modusGate\spo
---- SMTPDS log entry made at 09/02/2010 08:36:17
Message C:\Program Files\Vircom\modusGate\spo
---- MODUSCAN log entry made at 09/02/2010 08:36:19
SMTP client starting work on C:\PROGRAM FILES\VIRCOM\MODUSGATE\SPO
Connected to remotemailserverip:25
"Received ""220 remotemailservername ESMTP mxl_mta-6.7.0-1 [77928940.239720.00-2314];
"Sending ""EHLO mymodusgateservername\r\n"""
"Received ""250-remotemailservername\r\n250-SIZE 0\r\n250-STARTTLS\r\n250-S
"Sending ""MAIL FROM:<mye-mailaddress> SIZE=15372\r\n"""
"Received ""250 Sender Ok\r\n"""
"Sending ""RCPT TO:<recipientaddress2>\r\n"""
"Received ""250 recipientaddress2 ok (RCPTMode: normal/deferred)\r\n"""
"Sending ""DATA\r\n"""
"Received ""354 Start mail input; end with <CRLF>.<CRLF>\r\n"""
"Final dot sent, read 15372 and sent 15372 bytes"
"Received ""554 Denied (Mode: normal)\r\n"""
"Sending ""QUIT\r\n"""
I am unable to tell exactly what is going on here or where else I should be looking to troubleshoot this. Everyday it seems like another user is reporting this same issue with a different recipient so I'd like to get it figured out before the users start revolting. I have sent e-mails to these recipients from my GMail account and they go through fine.
I appreciate any help that can be provided.
Thanks
-Chris
My best guess, is that the receiving end is blocking the emails in some fashion or another.
Is it multiple external domains? Maybe you or you ISP got on a blacklist?
I've dealt with one company who's ISP kept getting blacklisted because one of their customers was sneding SPAM.
Send an email to a Gmail account, and look at the headers to see if anything odd shows up.
Or better yet, email one of the domains that had an issue...
Try to get a server admin on the phone at one of the external domains... that would really expedite resolving your issues if they can confirm emails getting through or being blocked..
Is it multiple external domains? Maybe you or you ISP got on a blacklist?
I've dealt with one company who's ISP kept getting blacklisted because one of their customers was sneding SPAM.
Send an email to a Gmail account, and look at the headers to see if anything odd shows up.
Or better yet, email one of the domains that had an issue...
Try to get a server admin on the phone at one of the external domains... that would really expedite resolving your issues if they can confirm emails getting through or being blocked..
ASKER
@endital1097 - So I guess it does indeed appear to be a problem on the recipients end? That would be nice but not sure my users would be happy with that. :-)
@FDiskWizard - Yes, we are having this problem with a few different external domains/e-mail addresses. I have heard that it can be tough to confirm that your e-mail address is on a blacklist or not since there are so many of them and some companies maintain their own blacklists. That certainly makes it more difficult to troubleshoot.
I will see if I can get in touch with an Admin at one of the "problem" companies. Thanks for the advise....
-Chris
@FDiskWizard - Yes, we are having this problem with a few different external domains/e-mail addresses. I have heard that it can be tough to confirm that your e-mail address is on a blacklist or not since there are so many of them and some companies maintain their own blacklists. That certainly makes it more difficult to troubleshoot.
I will see if I can get in touch with an Admin at one of the "problem" companies. Thanks for the advise....
-Chris
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Oddly enough, the problem seems to have cleared up on it's own. Very odd. Oh well, hopefully it doesn't happen again. Thanks to you both for your assistance.
looking at the inbound session you posted everything looks good until after the message was submitted
you won't see this if your system is on a blacklist or they are refusing connections from you
"Received ""220 remotemailservername ESMTP mxl_mta-6.7.0-1 [77928940.239720.00-2314];
the recipient was valid
"Received ""250 recipientaddress2 ok (RCPTMode: normal/deferred)\r\n"""
the system is accepting your message
"Sending ""DATA\r\n"""
"Received ""354 Start mail input; end with <CRLF>.<CRLF>\r\n"""
"Final dot sent, read 15372 and sent 15372 bytes"
at this point the message must have failed some policy on the recipient's end like message size
"Received ""554 Denied (Mode: normal)\r\n"""