Solved

Exchange 2003 can't send mail today to only 1 domain

Posted on 2011-02-25
26
2,301 Views
Last Modified: 2012-05-11
Yesterday user@abc.com could send to me no issues
today user@abc.com can not - they get an instant bounce back saying:
The following recipient(s) cannot be reached:
      'DE' on 2/25/2011 7:56 AM
            There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <Exchange.abc.com #5.5.0 smtp;553 IP: 123.123.123.123 blocked due to very high Spam ratio!>
What would cause this - it seems like it is not even leaving their server.
They (user@abc.com and the whole @abc.com domain) can send to any other address except my domain eg @gmail.com no issues.
They are not on a blacklist, I am not on a blacklist and their mail does not even hit my spam filter?
HELP!!!
0
Comment
Question by:Fragclub27
  • 14
  • 9
26 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34983706
Please have a read of my article and check their configuration and also both blacklist sites:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/A_2427-Problems-sending-mail-to-one-or-more-external-domains.html
0
 
LVL 1

Author Comment

by:Fragclub27
ID: 34983737
He is working 100% for all other domins
I am sending a receiving like I am setup for last 5 years - no changes
Yesterday around 4pm it stopped - he gets a NDR as soon as he sends to my email.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34983773
Yes - and no doubt you are receiving for all other domains - but that doesn't mean his domain / IP isn't blacklisted or has suddenly picked up a virus or is being abused as a result of an authenticated relay or similar.

If you would like me to check their domain for you - please post their domain name and if you know what it is - their sending IP address too - which I will hide to protect their identity.
0
 
LVL 1

Author Comment

by:Fragclub27
ID: 34983795
abuse.rfc-ignorant.org LISTED!
bogusmx.rfc-ignorant.org OK
dsn.rfc-ignorant.org OK
dynamic.rhs.mailpolice.com OK
l1.apews.org LISTED! See why

I am getting this - looks like he is listed!
Do you know what the apews is - I only know the larger ones
and abuse.rfc-ignorant.org
0
 
LVL 1

Author Comment

by:Fragclub27
ID: 34983800
How can I give you his domain and IP without posting it here on the forum?
Thanks!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34983820
APEWS is a blacklist site like the rest of them.

Extract from the FAQ section:
"APEWS identifies known spammers and spam operations, listing them right as they start, sometimes even before they start, spamming. Also, several of the other popular spam blocking systems have become bogged down due to an overload of requests, this lessens their effectiveness; as a result, APEWS was created to assist."

It is also worth checking them on www.senderbase.org

If your server is advising that they are sending out spam - then they will be sending out spam somehow.  You can easily be clean one minute and then blacklisted the next.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34983825
You can post it - I can then hide it - or click on my name in any of my comments and it will take you to my profile where you will find my email address.

Alan
0
 
LVL 12

Expert Comment

by:FDiskWizard
ID: 34983873
From your error, are you using SpamCop? Is it configured for auto SPAM detection/flagging? when x number of emails are sent?
Did you properly check their IP for blacklisting? Look at the last hop in the header, and look that up. Maybe it is passing through a shared SMTP relay say for instance hosted by an ISP?
ExampleSpammer.com also shares it possibly.. :)
I have ran into a situation like that. Not much we could do because that shared SMTP for outbound kept getting flagged as a spammer. and we weren't going to whitelist a beast like that.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34983914
They don't have Reverse DNS configured - which is a problem - it is just a Generic ISP Reverse DNS record.

That seems to be the only reason for being blacklisted.

Did they recently change IP Addresses?

0
 
LVL 1

Author Comment

by:Fragclub27
ID: 34983924
They (the IP I sent you) are using an online SPAM filter client but it is TrendMicro - I don't know if they use SpamCop - I would assume no.
The header seemed like junk to me - did not see much info that is why I think it is not even leaving his Exchange Server - because it bounces back instantly - 1-2 second dealy after sent button pressed.
Can I send you the header?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34983941
Sure - fire it over please.

The immediate bounce suggests an issue their end not yours, but they still are not RFC compliant.

I doubt that their inbound mail filtering plays any part in the problem.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34983993
The header only shows (to me) that the message failed - nothing more interesting.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 1

Author Comment

by:Fragclub27
ID: 34984072
yea - so wouldn't that mean it is not leaving his server?
Why would that be?
 even if on a blacklist you would think it would take 5-10 seconds vs the 1 second to get the NDR
Thanks a ton for all your help!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34984087
It would seem that way.

Can you ask him to send me a test email to my address in my profile - the it-eye one please.  I'll see if my server doesn't like his server.
0
 
LVL 1

Author Comment

by:Fragclub27
ID: 34984207
sent
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34984268
And received.

My server is showing a problem with the SPF record.
"Error checking the SPF policy of domain "theirdomain.net": SPF policy syntax error.  Source "theirdomain.net", message "Multiple SPF declarations were found with the same version." at character -1

Checking the SPF record - back shortly.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34984281
Seems there are two SPF records:

"v=spf1 ip4:99.189.xxx.xxx a mx a:Bronze.domain.net mx:domain.net include:sbcglobal.net ~all" [TTL=3600]
"v=spf1 mx -all" [TTL=3600]

That's going to cause problems.

More checking - back again.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 34984300
Okay - testing the initial SPF record - their SPF record check on http://www.kitterman.com/spf/validate.html passes happily.

Please ask them to remove the "v=spf1 mx -all" SPF record - it is causing problems.
0
 
LVL 1

Author Comment

by:Fragclub27
ID: 34984304
the whole IP address range has been listed on APEW so he is calling his ISP
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34984310
That's not going to help!

Their SPF record is going to be a problem too.
0
 
LVL 1

Author Comment

by:Fragclub27
ID: 34984358
can I hire you to call this guy and help him fix the issue - he does not know what to do or how to do it?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34984403
We are not allowed to accept offers of work via EE - it is against the T's & C's of the site, but there is nothing stopping you from contacting an Expert privately if they have a Hire-Me button on their profile or post their email address.
0
 
LVL 1

Author Closing Comment

by:Fragclub27
ID: 34984996
Thanks for all your help - I think we may have this fixed!
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34999010
The problem appears to be a listing in the Spam Appliance IP Reputation list which seems to have the remote IP Address recorded as High Risk, thus blocking all mail from it.

Manual de-listing required from http://www.commtouch.com/check-ip-reputation
0

Featured Post

Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
"Migrate" an SMTP relay receive connector to a new server using info from an old server.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now