#0.0.0 smtp; 554 Denied (Mode: normal) Error with outbound mail

This past week we have had several users report problems they are having sending mail to some external recipients. The e-mails to these senders are always returned with the error: "Undeliverable: Delivery failure (recipient e-mail address)" in the subject line and this in the body: "The following recipient(s) cannot be reached:

      recipients e-mail address on 9/2/2010 8:36 AM
            The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < dnsnameofmymodusgateserver #0.0.0 smtp; 554 Denied (Mode: normal)>"

We are using Microsoft Exchange 2003 and we have a Vircom ModusGate server in front of that to provide mail filtering.  When I pour through my OPR logs on the ModusGate server, I see the following logs of the outgoing mail transaction:

Incoming SMTP call from 192.168.0.49 (internal IP of my exchange server) at 08:36:17.
Reverse DNS Lookup for 192.168.0.49 initiated at 08:36:17.
Reverse DNS Lookup for 192.168.0.49 completed at 08:36:17.
Address 192.168.0.49 resolves to myexchangeservername.
<<< 220 mymodusgateservername modusGate ESMTP Receiver Version 5.0.916.0 Ready
>>> EHLO myexchangeservername
<<< 250-mymodusgateservername
250-SIZE 31457280
250-ETRN
250-ENHANCEDSTATUSCODES
250-X-IMS 5 -1
250-DSN
250-VRFY
250-AUTH LOGIN
250-AUTH=LOGIN
250 8BITMIME
>>> MAIL FROM:<mye-mailaddress> SIZE=15273
SPF query for mye-mailaddress from myexchangeservername initiated at 08:36:17.
SPF query for mye-mailaddress completed at 08:36:17 with the following result none (mymodusgateservername: domain of mye-mailaddress does not designate any permitted senders).
<<< 250 2.0.0 mye-mailaddress OK
>>> RCPT TO:<recipientaddress1>
<<< 250 2.0.0 recipientaddress1 OK
>>> RCPT TO:<recipientaddress2>
<<< 250 2.0.0 recipientaddress2 OK
>>> DATA
<<< 354 Ready for data
The recipient <recipientaddress1> is auto-trusted for mailbox <mye-mailaddress>.
The recipient <recipientaddress2> is auto-trusted for mailbox <mye-mailaddress>.
<<< 250 2.0.0 Message received OK [id=B0019795511@mymodusgateservername]
Message B0019795511@mymodusgateservername received at 08:36:17 from myexchangeservername (myexchangeservername

[192.168.0.49]).
Size: 15269 bytes
Return-path: mye-mailaddress
"Recipients: recipientaddress1, recipientaddress2, "
>>> QUIT
<<< 221 2.0.0 mymodusgateservername closing
Incoming SMTP call from myexchangeservername completed at 08:36:17.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG has been detected.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG is being scanned for attachments.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG has been scanned and is clean.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG is being virus scanned.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG has been scanned and is clean.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG has been scanned and whitelisted for recipient <ssymons>
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG has been scanned and whitelisted for recipient <cmiller>
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG was scanned for spam and no actions were taken.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG is being scanned for policies.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The file C:\Program Files\Vircom\modusGate\spool\invirus\B00\1979\B0019795511.MSG was scanned for policy violations and no actions were taken.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
The domain harkinsbuilders.com was not found on the SURBL server multi.surbl.org.
---- MODUSCAN log entry made at 09/02/2010 08:36:17
Message B0019795511.MSG has been moved and/or renamed to C:\Program Files\Vircom\modusGate\spool\incoming\B00\1979\B0019795511.MSG
---- MODUSCAN log entry made at 09/02/2010 08:36:17
Message B0019795511.ASY has been moved and/or renamed to C:\Program Files\Vircom\modusGate\spool\incoming\B00\1979\B0019795511.RCP
---- SMTPDS log entry made at 09/02/2010 08:36:17
Message C:\Program Files\Vircom\modusGate\spool\incoming\B00\1979\B0019795511.MSG has been moved to C:\Program Files\Vircom\modusGate\spool\holding\B00\1979\B0019795511.MSG.
---- MODUSCAN log entry made at 09/02/2010 08:36:19
SMTP client starting work on C:\PROGRAM FILES\VIRCOM\MODUSGATE\SPOOL\DOMAINS\HCGH.ORG\B0019795511.RCP
Connected to remotemailserverip:25
"Received ""220 remotemailservername ESMTP mxl_mta-6.7.0-1 [77928940.239720.00-2314]; Thu, 02 Sep 2010 06:36:21 -0600 (MDT); NO UCE, INBOUND\r\n"""
"Sending ""EHLO mymodusgateservername\r\n"""
"Received ""250-remotemailservername\r\n250-SIZE 0\r\n250-STARTTLS\r\n250-SUBMITTER\r\n250 PIPELINING\r\n"""
"Sending ""MAIL FROM:<mye-mailaddress> SIZE=15372\r\n"""
"Received ""250 Sender Ok\r\n"""
"Sending ""RCPT TO:<recipientaddress2>\r\n"""
"Received ""250 recipientaddress2 ok (RCPTMode: normal/deferred)\r\n"""
"Sending ""DATA\r\n"""
"Received ""354 Start mail input; end with <CRLF>.<CRLF>\r\n"""
"Final dot sent, read 15372 and sent 15372 bytes"
"Received ""554 Denied (Mode: normal)\r\n"""
"Sending ""QUIT\r\n"""

I am unable to tell exactly what is going on here or where else I should be looking to troubleshoot this.  Everyday it seems like another user is reporting this same issue with a different recipient so I'd like to get it figured out before the users start revolting.  I have sent e-mails to these recipients from my GMail account and they go through fine.  

I appreciate any help that can be provided.
Thanks
-Chris
HarkinsITAsked:
Who is Participating?
 
FDiskWizardConnect With a Mentor Commented:
Yes. Sometimes they do add to their block list; by country, etc... I've talked to a number of admins with other companies and got them straight ;-)
Just talking to one person might clue you in on WHY some are getting blocked. Have fun!
0
 
endital1097Commented:
you gave a lot of good information, thanks

looking at the inbound session you posted everything looks good until after the message was submitted

you won't see this if your system is on a blacklist or they are refusing connections from you
"Received ""220 remotemailservername ESMTP mxl_mta-6.7.0-1 [77928940.239720.00-2314]; Thu, 02 Sep 2010 06:36:21 -0600 (MDT); NO UCE, INBOUND\r\n"""

the recipient was valid
"Received ""250 recipientaddress2 ok (RCPTMode: normal/deferred)\r\n"""

the system is accepting your message
"Sending ""DATA\r\n"""
"Received ""354 Start mail input; end with <CRLF>.<CRLF>\r\n"""
"Final dot sent, read 15372 and sent 15372 bytes"

at this point the message must have failed some policy on the recipient's end like message size
"Received ""554 Denied (Mode: normal)\r\n"""


0
 
FDiskWizardCommented:
My best guess, is that the receiving end is blocking the emails in some fashion or another.
Is it multiple external domains? Maybe you or you ISP got on a blacklist?

I've dealt with one company who's ISP kept getting blacklisted because one of their customers was sneding SPAM.

Send an email to a Gmail account, and look at the headers to see if anything odd shows up.
Or better yet, email one of the domains that had an issue...
Try to get a server admin on the phone at one of the external domains... that would really expedite resolving your issues if they can confirm emails getting through or being blocked..

0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
HarkinsITAuthor Commented:
@endital1097 - So I guess it does indeed appear to be a problem on the recipients end?  That would be nice but not sure my users would be happy with that.    :-)

@FDiskWizard - Yes, we are having this problem with a few different external domains/e-mail addresses.  I have heard that it can be tough to confirm that your e-mail address is on a blacklist or not since there are so many of them and some companies maintain their own blacklists.  That certainly makes it more difficult to troubleshoot.  

I will see if I can get in touch with an Admin at one of the "problem" companies.  Thanks for the advise....

-Chris
0
 
endital1097Connect With a Mentor Commented:
i just think that the one instance you provided it is a policy on the recipient's system
your log showed the message was submitted successfully before it was rejected
0
 
HarkinsITAuthor Commented:
Oddly enough, the problem seems to have cleared up on it's own.  Very odd.  Oh well, hopefully it doesn't happen again.  Thanks to you both for your assistance.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.