tcbrd
asked on
Maill Security 6.0 Premium Antispam is blocking valid emails to one particular user
Running a small network on Windows Server 2003 hosting email via Exchange 2003, and using Symantec Mail Security 6.0 with Premium Antispam and with all the latest updates.
No problems with email communications since this was set up in 2007. But just since Monday one user is not receiving some specific external emails, and the people trying to email this person were getting bouncebacks with this data:
550 5.7.1 Requested action not taken: message refused
I have determined from the Mail Security Event Logs that at least some (hopefully all) affected emails are getting blocked by Maill Security's antispam filter. But I can't figure out why that would be. Some of the senders are people we've been in constant touch with for some time and some of their emails are going through to the affected user, and all emails seem to be going through to all other users. There is nothing onerous in the blocked emails - no attachments, no suspect message titles or text. A couple of the emails are from government domains. Although it wouldn't even make sense I checked to make sure our domain is not blacklisted, and it is not. Also, one of the emails was sent from a gmail account. I have sent a multitude of test emails from another gmail account to see if I can replicate the issue without success.
Am looking for any help in further troubleshooting this issue. Appreciate any and all input!
No problems with email communications since this was set up in 2007. But just since Monday one user is not receiving some specific external emails, and the people trying to email this person were getting bouncebacks with this data:
550 5.7.1 Requested action not taken: message refused
I have determined from the Mail Security Event Logs that at least some (hopefully all) affected emails are getting blocked by Maill Security's antispam filter. But I can't figure out why that would be. Some of the senders are people we've been in constant touch with for some time and some of their emails are going through to the affected user, and all emails seem to be going through to all other users. There is nothing onerous in the blocked emails - no attachments, no suspect message titles or text. A couple of the emails are from government domains. Although it wouldn't even make sense I checked to make sure our domain is not blacklisted, and it is not. Also, one of the emails was sent from a gmail account. I have sent a multitude of test emails from another gmail account to see if I can replicate the issue without success.
Am looking for any help in further troubleshooting this issue. Appreciate any and all input!
ASKER
Reverse DNS lookup on mail.mydomain.com successfully returned our external IP address. I went through the other tests and they all checked out except for mx:mail.mydomain.com which returned 'no records found' That doesn't seem right and I will doublecheck those records on the DNS server shortly.
If it does turn out that incorrect DNS settings are causing this issue - why would it result in event logs in Mail Security appearing to treat those incoming messages as spam?
If it does turn out that incorrect DNS settings are causing this issue - why would it result in event logs in Mail Security appearing to treat those incoming messages as spam?
ASKER
Update - I used a different tool - http://www.iptools.com - and the mx records do show up there. I found a somewhat old forum thread where it was noted that mxtoolbox doesn't always return the correct results for an mx lookup. Anyways, I think that my DNS records do check out - unless there's something further I should be testing.
Would greatly appreciate any help in how to approach this further. I would restate how odd it is to have only certain emails rejected and always when emailing the same user.
Would greatly appreciate any help in how to approach this further. I would restate how odd it is to have only certain emails rejected and always when emailing the same user.
ASKER
As an update, I have changed the settings on Mail Security so that instead of rejecting spam, it reroutes it to an AD mailbox set up for this purpose. I then put a message forwarding rule for the affected user's account. Now that user gets all of her email, of course she gets spam too. Fortunately there's not too much of it and it's a temporary solution.
Still lookingfor any ideas or an explanation on how vaild emails going to one particular user in a domain are intermittently getting tagged as spam with a rating of 90+ which Symantec claims is only mistaken 1 out of a million times. Thanks for any help. Also if I need to be wording this in any way that is more helpful I would be grateful for any direciont.
Still lookingfor any ideas or an explanation on how vaild emails going to one particular user in a domain are intermittently getting tagged as spam with a rating of 90+ which Symantec claims is only mistaken 1 out of a million times. Thanks for any help. Also if I need to be wording this in any way that is more helpful I would be grateful for any direciont.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm accepting my own comment since nobody else provided a solution and I did fix the issue and logged the notes for future reference.
Can you check the ptr records for your exchange server is configured properly on public DNS .
Please check in
http://www.mxtoolbox.com/>More>Reverse DNS lookup