Exchange 2003 can't send mail today to only 1 domain
Yesterday user@abc.com could send to me no issues
today user@abc.com can not - they get an instant bounce back saying:
The following recipient(s) cannot be reached:
'DE' on 2/25/2011 7:56 AM
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<Exchange.abc.com #5.5.0 smtp;553 IP: 123.123.123.123 blocked due to very high Spam ratio!>
What would cause this - it seems like it is not even leaving their server.
They (user@abc.com and the whole @abc.com domain) can send to any other address except my domain eg @gmail.com no issues.
They are not on a blacklist, I am not on a blacklist and their mail does not even hit my spam filter?
HELP!!!
today user@abc.com can not - they get an instant bounce back saying:
The following recipient(s) cannot be reached:
'DE' on 2/25/2011 7:56 AM
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<Exchange.abc.com #5.5.0 smtp;553 IP: 123.123.123.123 blocked due to very high Spam ratio!>
What would cause this - it seems like it is not even leaving their server.
They (user@abc.com and the whole @abc.com domain) can send to any other address except my domain eg @gmail.com no issues.
They are not on a blacklist, I am not on a blacklist and their mail does not even hit my spam filter?
HELP!!!
ASKER
He is working 100% for all other domins
I am sending a receiving like I am setup for last 5 years - no changes
Yesterday around 4pm it stopped - he gets a NDR as soon as he sends to my email.
I am sending a receiving like I am setup for last 5 years - no changes
Yesterday around 4pm it stopped - he gets a NDR as soon as he sends to my email.
Yes - and no doubt you are receiving for all other domains - but that doesn't mean his domain / IP isn't blacklisted or has suddenly picked up a virus or is being abused as a result of an authenticated relay or similar.
If you would like me to check their domain for you - please post their domain name and if you know what it is - their sending IP address too - which I will hide to protect their identity.
If you would like me to check their domain for you - please post their domain name and if you know what it is - their sending IP address too - which I will hide to protect their identity.
ASKER
abuse.rfc-ignorant.org LISTED!
bogusmx.rfc-ignorant.org OK
dsn.rfc-ignorant.org OK
dynamic.rhs.mailpolice.com
l1.apews.org LISTED! See why
I am getting this - looks like he is listed!
Do you know what the apews is - I only know the larger ones
and abuse.rfc-ignorant.org
bogusmx.rfc-ignorant.org OK
dsn.rfc-ignorant.org OK
dynamic.rhs.mailpolice.com
l1.apews.org LISTED! See why
I am getting this - looks like he is listed!
Do you know what the apews is - I only know the larger ones
and abuse.rfc-ignorant.org
ASKER
How can I give you his domain and IP without posting it here on the forum?
Thanks!
Thanks!
APEWS is a blacklist site like the rest of them.
Extract from the FAQ section:
"APEWS identifies known spammers and spam operations, listing them right as they start, sometimes even before they start, spamming. Also, several of the other popular spam blocking systems have become bogged down due to an overload of requests, this lessens their effectiveness; as a result, APEWS was created to assist."
It is also worth checking them on www.senderbase.org
If your server is advising that they are sending out spam - then they will be sending out spam somehow. You can easily be clean one minute and then blacklisted the next.
Extract from the FAQ section:
"APEWS identifies known spammers and spam operations, listing them right as they start, sometimes even before they start, spamming. Also, several of the other popular spam blocking systems have become bogged down due to an overload of requests, this lessens their effectiveness; as a result, APEWS was created to assist."
It is also worth checking them on www.senderbase.org
If your server is advising that they are sending out spam - then they will be sending out spam somehow. You can easily be clean one minute and then blacklisted the next.
You can post it - I can then hide it - or click on my name in any of my comments and it will take you to my profile where you will find my email address.
Alan
Alan
From your error, are you using SpamCop? Is it configured for auto SPAM detection/flagging? when x number of emails are sent?
Did you properly check their IP for blacklisting? Look at the last hop in the header, and look that up. Maybe it is passing through a shared SMTP relay say for instance hosted by an ISP?
ExampleSpammer.com also shares it possibly.. :)
I have ran into a situation like that. Not much we could do because that shared SMTP for outbound kept getting flagged as a spammer. and we weren't going to whitelist a beast like that.
Did you properly check their IP for blacklisting? Look at the last hop in the header, and look that up. Maybe it is passing through a shared SMTP relay say for instance hosted by an ISP?
ExampleSpammer.com also shares it possibly.. :)
I have ran into a situation like that. Not much we could do because that shared SMTP for outbound kept getting flagged as a spammer. and we weren't going to whitelist a beast like that.
They don't have Reverse DNS configured - which is a problem - it is just a Generic ISP Reverse DNS record.
That seems to be the only reason for being blacklisted.
Did they recently change IP Addresses?
That seems to be the only reason for being blacklisted.
Did they recently change IP Addresses?
ASKER
They (the IP I sent you) are using an online SPAM filter client but it is TrendMicro - I don't know if they use SpamCop - I would assume no.
The header seemed like junk to me - did not see much info that is why I think it is not even leaving his Exchange Server - because it bounces back instantly - 1-2 second dealy after sent button pressed.
Can I send you the header?
The header seemed like junk to me - did not see much info that is why I think it is not even leaving his Exchange Server - because it bounces back instantly - 1-2 second dealy after sent button pressed.
Can I send you the header?
Sure - fire it over please.
The immediate bounce suggests an issue their end not yours, but they still are not RFC compliant.
I doubt that their inbound mail filtering plays any part in the problem.
The immediate bounce suggests an issue their end not yours, but they still are not RFC compliant.
I doubt that their inbound mail filtering plays any part in the problem.
The header only shows (to me) that the message failed - nothing more interesting.
ASKER
yea - so wouldn't that mean it is not leaving his server?
Why would that be?
even if on a blacklist you would think it would take 5-10 seconds vs the 1 second to get the NDR
Thanks a ton for all your help!
Why would that be?
even if on a blacklist you would think it would take 5-10 seconds vs the 1 second to get the NDR
Thanks a ton for all your help!
It would seem that way.
Can you ask him to send me a test email to my address in my profile - the it-eye one please. I'll see if my server doesn't like his server.
Can you ask him to send me a test email to my address in my profile - the it-eye one please. I'll see if my server doesn't like his server.
ASKER
sent
And received.
My server is showing a problem with the SPF record.
"Error checking the SPF policy of domain "theirdomain.net": SPF policy syntax error. Source "theirdomain.net", message "Multiple SPF declarations were found with the same version." at character -1
Checking the SPF record - back shortly.
My server is showing a problem with the SPF record.
"Error checking the SPF policy of domain "theirdomain.net": SPF policy syntax error. Source "theirdomain.net", message "Multiple SPF declarations were found with the same version." at character -1
Checking the SPF record - back shortly.
Seems there are two SPF records:
"v=spf1 ip4:99.189.xxx.xxx a mx a:Bronze.domain.net mx:domain.net include:sbcglobal.net ~all" [TTL=3600]
"v=spf1 mx -all" [TTL=3600]
That's going to cause problems.
More checking - back again.
"v=spf1 ip4:99.189.xxx.xxx a mx a:Bronze.domain.net mx:domain.net include:sbcglobal.net ~all" [TTL=3600]
"v=spf1 mx -all" [TTL=3600]
That's going to cause problems.
More checking - back again.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
the whole IP address range has been listed on APEW so he is calling his ISP
That's not going to help!
Their SPF record is going to be a problem too.
Their SPF record is going to be a problem too.
ASKER
can I hire you to call this guy and help him fix the issue - he does not know what to do or how to do it?
We are not allowed to accept offers of work via EE - it is against the T's & C's of the site, but there is nothing stopping you from contacting an Expert privately if they have a Hire-Me button on their profile or post their email address.
ASKER
Thanks for all your help - I think we may have this fixed!
The problem appears to be a listing in the Spam Appliance IP Reputation list which seems to have the remote IP Address recorded as High Risk, thus blocking all mail from it.
Manual de-listing required from http://www.commtouch.com/check-ip-reputation
Manual de-listing required from http://www.commtouch.com/check-ip-reputation
https://www.experts-exchange.com/Software/Server_Software/Email_Servers/A_2427-Problems-sending-mail-to-one-or-more-external-domains.html