[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3701
  • Last Modified:

#0.0.0 smtp; 554 Denied (Mode: normal) Error with outbound mail

This past week we have had several users report problems they are having sending mail to some external recipients. The e-mails to these senders are always returned with the error: "Undeliverable: Delivery failure (recipient e-mail address)" in the subject line and this in the body: "The following recipient(s) cannot be reached:

      recipients e-mail address on 9/2/2010 8:36 AM
            The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < dnsnameofmymodusgateserver #0.0.0 smtp; 554 Denied (Mode: normal)>"

We are using Microsoft Exchange 2003 and we have a Vircom ModusGate server in front of that to provide mail filtering.  When I pour through my OPR logs on the ModusGate server, I see the following logs of the outgoing mail transaction:

Incoming SMTP call from 192.168.0.49 (internal IP of my exchange server) at 08:36:17.
Reverse DNS Lookup for 192.168.0.49 initiated at 08:36:17.
Reverse DNS Lookup for 192.168.0.49 completed at 08:36:17.
Address 192.168.0.49 resolves to myexchangeservername.
<<< 220 mymodusgateservername modusGate ESMTP Receiver Version 5.0.916.0 Ready
>>> EHLO myexchangeservername
<<< 250-mymodusgateservername
250-SIZE 31457280
250-ETRN
250-ENHANCEDSTATUSCODES
250-X-IMS 5 -1
250-DSN
250-VRFY
250-AUTH LOGIN
250-AUTH=LOGIN
250 8BITMIME
>>> MAIL FROM:<mye-mailaddress> SIZE=15273
SPF query for mye-mailaddress from myexchangeservername initiated at 08:36:17.
SPF query for mye-mailaddress completed at 08:36:17 with the following result none (mymodusgateservername: domain of mye-mailaddress does not designate any permitted senders).
<<< 250 2.0.0 mye-mailaddress OK
>>> RCPT TO:<recipientaddress1>
<<< 250 2.0.0 recipientaddress1 OK
>>> RCPT TO:<recipientaddress2>
<<< 250 2.0.0 recipientaddress2 OK
>>> DATA
<<< 354 Ready for data
The recipient <recipientaddress1> is auto-trusted for mailbox <mye-mailaddress>.
The recipient <recipientaddress2> is auto-trusted for mailbox <mye-mailaddress>.
<<< 250 2.0.0 Message received OK [id=B0019795511@mymodusgateservername]
Message B0019795511@mymodusgateservername received at 08:36:17 from myexchangeservername (myexchangeservername

[192.168.0.49]).
Size: 15269 bytes
Return-path: mye-mailaddress
"Recipients: recipientaddress1, recipientaddress2, "
>>> QUIT
<<< 221 2.0.0 mymodusgateservername closing
Incoming SMTP call from myexchangeservername completed at 08:36:17.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG has been detected.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG is being scanned for attachments.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG has been scanned and is clean.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG is being virus scanned.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG has been scanned and is clean.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG has been scanned and whitelisted for recipient <ssymons>
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG has been scanned and whitelisted for recipient <cmiller>
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG was scanned for spam and no actions were taken.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG is being scanned for policies.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG was scanned for policy violations and no actions were taken.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The domain harkinsbuilders.com was not found on the SURBL server multi.surbl.org.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
Message B0019795511.MSG has been moved and/or renamed to C:\Program Files\Vircom\modusGate\spool\incoming\B00\1979\B0019795511.MSG
---- MODUSCAN log entry made at 09/02/2010 08:36:17
Message B0019795511.ASY has been moved and/or renamed to C:\Program Files\Vircom\modusGate\spool\incoming\B00\1979\B0019795511.RCP
---- SMTPDS log entry made at 09/02/2010 08:36:17
Message C:\Program Files\Vircom\modusGate\spool\incoming\B00\1979\B0019795511.MSG has been moved to C:\Program Files\Vircom\modusGate\spool\holding\B00\1979\B0019795511.MSG.
---- MODUSCAN log entry made at 09/02/2010 08:36:19
SMTP client starting work on C:\PROGRAM FILES\VIRCOM\MODUSGATE\SPOOL\DOMAINS\HCGH.ORG\B0019795511.RCP
Connected to remotemailserverip:25
"Received ""220 remotemailservername ESMTP mxl_mta-6.7.0-1 [77928940.239720.00-2314]; Thu, 02 Sep 2010 06:36:21 -0600 (MDT); NO UCE, INBOUND\r\n"""
"Sending ""EHLO mymodusgateservername\r\n"""
"Received ""250-remotemailservername\r\n250-SIZE 0\r\n250-STARTTLS\r\n250-SUBMITTER\r\n250 PIPELINING\r\n"""
"Sending ""MAIL FROM:<mye-mailaddress> SIZE=15372\r\n"""
"Received ""250 Sender Ok\r\n"""
"Sending ""RCPT TO:<recipientaddress2>\r\n"""
"Received ""250 recipientaddress2 ok (RCPTMode: normal/deferred)\r\n"""
"Sending ""DATA\r\n"""
"Received ""354 Start mail input; end with <CRLF>.<CRLF>\r\n"""
"Final dot sent, read 15372 and sent 15372 bytes"
"Received ""554 Denied (Mode: normal)\r\n"""
"Sending ""QUIT\r\n"""

I am unable to tell exactly what is going on here or where else I should be looking to troubleshoot this.  Everyday it seems like another user is reporting this same issue with a different recipient so I'd like to get it figured out before the users start revolting.  I have sent e-mails to these recipients from my GMail account and they go through fine.  

I appreciate any help that can be provided.
Thanks
-Chris
0
HarkinsIT
Asked:
HarkinsIT
  • 2
  • 2
  • 2
2 Solutions
 
endital1097Commented:
you gave a lot of good information, thanks

looking at the inbound session you posted everything looks good until after the message was submitted

you won't see this if your system is on a blacklist or they are refusing connections from you
"Received ""220 remotemailservername ESMTP mxl_mta-6.7.0-1 [77928940.239720.00-2314]; Thu, 02 Sep 2010 06:36:21 -0600 (MDT); NO UCE, INBOUND\r\n"""

the recipient was valid
"Received ""250 recipientaddress2 ok (RCPTMode: normal/deferred)\r\n"""

the system is accepting your message
"Sending ""DATA\r\n"""
"Received ""354 Start mail input; end with <CRLF>.<CRLF>\r\n"""
"Final dot sent, read 15372 and sent 15372 bytes"

at this point the message must have failed some policy on the recipient's end like message size
"Received ""554 Denied (Mode: normal)\r\n"""


0
 
FDiskWizardCommented:
My best guess, is that the receiving end is blocking the emails in some fashion or another.
Is it multiple external domains? Maybe you or you ISP got on a blacklist?

I've dealt with one company who's ISP kept getting blacklisted because one of their customers was sneding SPAM.

Send an email to a Gmail account, and look at the headers to see if anything odd shows up.
Or better yet, email one of the domains that had an issue...
Try to get a server admin on the phone at one of the external domains... that would really expedite resolving your issues if they can confirm emails getting through or being blocked..

0
 
HarkinsITAuthor Commented:
@endital1097 - So I guess it does indeed appear to be a problem on the recipients end?  That would be nice but not sure my users would be happy with that.    :-)

@FDiskWizard - Yes, we are having this problem with a few different external domains/e-mail addresses.  I have heard that it can be tough to confirm that your e-mail address is on a blacklist or not since there are so many of them and some companies maintain their own blacklists.  That certainly makes it more difficult to troubleshoot.  

I will see if I can get in touch with an Admin at one of the "problem" companies.  Thanks for the advise....

-Chris
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
FDiskWizardCommented:
Yes. Sometimes they do add to their block list; by country, etc... I've talked to a number of admins with other companies and got them straight ;-)
Just talking to one person might clue you in on WHY some are getting blocked. Have fun!
0
 
endital1097Commented:
i just think that the one instance you provided it is a policy on the recipient's system
your log showed the message was submitted successfully before it was rejected
0
 
HarkinsITAuthor Commented:
Oddly enough, the problem seems to have cleared up on it's own.  Very odd.  Oh well, hopefully it doesn't happen again.  Thanks to you both for your assistance.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now