Extreme Bad IP Profile - mail being rejected

radgears
radgears used Ask the Experts™
on
I am trying to resolve an issue that has me baffled at this point. Mail from our local Time Warner customers is being kicked back to them with the below message. We are not experiencing mail issues from other users that I know of. The piece that has me confused is that the mail is bypassing our first 2 MX records and going to our 3rd MX record in preference and they are kicking it back with the error below.
I have logging turned and can see that the mail server is blocking other mail, can’t understand why the Time Warner mail would be routed differently.  I do see that the received from : address looks to be an internal IP subset.
Any help would be greatly appreciated….
This message was created automatically by the mail system (ecelerity).
 
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
 
>>> rxfornell@domain.com (after MAIL FROM): 554 5.7.1 Extreme Bad IP Profile
451 4.7.1 Please try again later
Open Attachment: []    
------ This is a copy of the original message, including all headers. ------
 
Return-Path: <rxfornell@new.rr.com>
Authentication-Results:  hrndva-omtalb.mail.rr.com
smtp.user=rxfornell@new.rr.com; auth=pass (LOGIN)
X-Authority-Analysis: v=2.0 cv=XbcLPfF5 c=1 sm=0 a=IkcTkHD0fZMA:10
a=Q3mcu49mCGWB822kEq0A:9 a=QEXdDO2ut3YA:10 a=N7/zD/GSoOFc6njiPQeb7A==:117
X-Cloudmark-Score: 0
Received: from [10.128.132.160] ([10.128.132.160:61574] helo=hrndva-web09-z02)
      by hrndva-oedge02.mail.rr.com (envelope-from <rxfornell@new.rr.com>)
      (ecelerity 2.2.3.46 r()) with ESMTPA
      id C8/37-03505-1861C8F4; Mon, 16 Apr 2012 12:54:25 +0000
Message-ID: <20120416125425.6RCTX.219774.root@hrndva-web09-z02>
Date: Mon, 16 Apr 2012 7:54:25 -0500
From:  <rxfornell@new.rr.com>
To: rxfornell@domain.com
Subject: C
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
Sensitivity: Normal
X-Originating-IP:



Arrival-Date: Fri, 13 Apr 2012 12:56:44 +0000
Reporting-MTA: dns; hrndva-oedge01.mail.rr.com

Last-Attempt-Date: Fri, 13 Apr 2012 12:56:44 +0000
Status: 5.7.1
Remote-MTA: dns; globala.mxsave.com
Diagnostic-Code: smtp; 554 5.7.1 Extreme Bad IP Profile
451 4.7.1 Please try again later
Action: failed
Final-Recipient: rfc822; rxfornell@domain.com
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Tony JohncockLead Technical Architect
Commented:
Misconfiguration at the receivers end, I feel.

It appears to be this product (ASSP or @SSP):

http://sourceforge.net/apps/phpbb/assp/viewtopic.php?f=10&t=1106&p=4233&hilit=554+5.7.1+Extreme+Bad+IP+Profile#p4233

Suggest you pop along to www.mxtoolbox.com for your own peace of mind and in the domain box (you'll see what I mean), type

blacklist:yourdomain.com

It'll then run a blacklist check for you and highlight if you are on any lists. I feel you probably won't be though.

Commented:
As for the message itself, it is most likely an issue on the recipient domain.
Ref: http://www.petri.co.il/forums/showthread.php?t=47365

As for the MX routing using the third server. can you either post your external DNS configuration showing MX entries and applicable Host A Records, or provide the domain name in question so we can take a look?

Author

Commented:
OK below I have included the nslookup results, the first 2 MX records are for our server, there are 2 records due to a blacklist issue back in February. By adding the 20 record my intention was to still allow mail to flow to the domain. Not sure if that resolved anything back then but I ran the Blacklist from MX Toolbox and the domain came back clean.

npscorp.com      MX preference = 10, mail exchanger = mail.npscorp.com
npscorp.com      internet address = 69.163.248.163
npscorp.com      nameserver = ns20.worldnic.com
npscorp.com      MX preference = 20, mail exchanger = smtp.npscorp.com
npscorp.com      MX preference = 70, mail exchanger = globalb.mxsave.com
npscorp.com      MX preference = 60, mail exchanger = globala.mxsave.com
npscorp.com      nameserver = ns19.worldnic.com
npscorp.com
      primary name server = NS19.WORLDNIC.COM
      responsible mail addr = namehost.WORLDNIC.COM
      serial  = 112041216
      refresh = 10800 (3 hours)
      retry   = 3600 (1 hour)
      expire  = 604800 (7 days)
      default TTL = 3600 (1 hour)
smtp.npscorp.com      internet address = 66.84.175.110
mail.npscorp.com      internet address = 66.84.175.99
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

Commented:
Do you have a SPF record configured as well?

Author

Commented:
No SPF record, we did at one time but when Norlight was bought out by Windstream. Windstream did not support txt records??

Author

Commented:
Follow up to the last post, I have since moved our DNS to Network solutions but never did readd the SPF record.

Author

Commented:
Well for some reason mail started flowing from Time Warner a few days ago but has stopped again. First bit of text is Internet headers from when it flows correctly, second is the returned meesage. Any help resolving this would be greatly appreciated....
The is nothing in our Receive log that this ever hits our MX 10 record, this mail for some reason goes to our 3 preference MX record???

1)
X-Ninja-PIM: Scanned by Ninja
X-Ninja-Antispam: Policy 1 - Allowed - Allowed Senders (Policy) - 0,0,0 (0)
X-Ninja-Antispam-Rule-Matched: Allowed Senders (Policy) rule matched: Sender
 address is "RFORNELL@NEW.RR.COM"
X-Ninja-AttachmentFiltering: (no action)
Received: from smtp4.mailbagger.com (130.94.122.150) by
 NPSSVRVM002.corp.npscorp.com (192.168.1.16) with Microsoft SMTP Server (TLS)
 id 14.2.283.3; Tue, 17 Apr 2012 10:42:55 -0500
Received: from hrndva-omtalb.mail.rr.com (gsmtp5.mailbagger.com [10.0.1.25])
      by smtp4.mailbagger.com (8.13.8/8.13.8) with ESMTP id q3HFhr58028722      for
 <rfornell@npscorp.com>; Tue, 17 Apr 2012 08:43:53 -0700
Received: from hrndva-omtalb.mail.rr.com ([71.74.56.122]
 helo=hrndva-omtalb.mail.rr.com)      by gsmtp5.mailbagger.com with ESMTP (2.0.1);
 17 Apr 2012 08:43:54 -0700
Authentication-Results: hrndva-omtalb.mail.rr.com smtp.user=rfornell@new.rr.com; auth=pass (LOGIN)
X-Authority-Analysis: v=2.0 cv=V/z/IJbi c=1 sm=0 a=IkcTkHD0fZMA:10 a=I2Np0q7I6Ar5wt7K4xQA:9 a=QEXdDO2ut3YA:10 a=N7/zD/GSoOFc6njiPQeb7A==:117
X-Cloudmark-Score: 0
Received: from [10.128.132.160] ([10.128.132.160:39613] helo=hrndva-web09-z02)
      by hrndva-oedge04.mail.rr.com (envelope-from <rfornell@new.rr.com>)
      (ecelerity 2.2.3.46 r()) with ESMTPA      id 18/69-13145-B2F8D8F4; Tue, 17 Apr
 2012 15:41:31 +0000
Message-ID: <20120417154131.JCHWC.238735.root@hrndva-web09-z02>
Date: Tue, 17 Apr 2012 15:41:31 +0000
From: <rfornell@new.rr.com>
To: <rfornell@npscorp.com>
Subject: Test Mail Flow 22
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
Sensitivity: Normal
X-Originating-IP:
X-Assp-Version: 2.0.1(3.0.23) on gsmtp5.mailbagger.com
X-Assp-Delay: not delayed (gripvalue low: 0.00); 17 Apr 2012
      08:43:54 -0700
X-Assp-Message-Score: -5 (71.74.56 in griplist (0.00))
X-Assp-Message/IP-Score: -10 (SPF pass)
X-Assp-Bayes-Confidence: 0.43446
X-Assp-Envelope-From: rfornell@new.rr.com
Return-Path: rfornell@new.rr.com
X-MS-Exchange-Organization-AuthSource: NPSSVRVM002.corp.npscorp.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-AVStamp-Mailbox: SYMANTEC;445710592;0;info


2) Returned Mail to Time Warner
This message was created automatically by the mail system (ecelerity).
 
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
 
>>> rfornell@npscorp.com (after MAIL FROM): 554 5.7.1 Extreme Bad IP Profile
451 4.7.1 Please try again later
Open Attachment: []    
------ This is a copy of the original message, including all headers. ------
 
Return-Path: <rfornell@new.rr.com>
Authentication-Results:  hrndva-omtalb.mail.rr.com
smtp.user=rfornell@new.rr.com; auth=pass (LOGIN)
X-Authority-Analysis: v=2.0 cv=MNHiabll c=1 sm=0 a=05ChyHeVI94A:10
a=IkcTkHD0fZMA:10 a=U3jkrm2M6lN2YGeFaOYA:9 a=QEXdDO2ut3YA:10
a=N7/zD/GSoOFc6njiPQeb7A==:117
X-Cloudmark-Score: 0
Received: from [10.128.132.160] ([10.128.132.160:39217] helo=hrndva-web09-z02)
      by hrndva-oedge01.mail.rr.com (envelope-from <rfornell@new.rr.com>)
      (ecelerity 2.2.3.46 r()) with ESMTPA
      id 6E/13-02828-877189F4; Wed, 25 Apr 2012 15:25:44 +0000
Message-ID: <20120425152544.5TVEZ.23487.root@hrndva-web09-z02>
Date: Wed, 25 Apr 2012 15:25:44 +0000
From:  <rfornell@new.rr.com>
To: rfornell@npscorp.com
Subject: Test Mail Flow 25
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
Sensitivity: Normal
X-Originating-IP:
 
Test Mail Flow 25
 Reporting-MTA: dns; hrndva-oedge01.mail.rr.com
Arrival-Date: Wed, 25 Apr 2012 15:27:45 +0000

Last-Attempt-Date: Wed, 25 Apr 2012 15:27:45 +0000
Action: failed
Final-Recipient: rfc822; rfornell@npscorp.com
Status: 5.7.1
Remote-MTA: dns; globala.mxsave.com
Diagnostic-Code: smtp; 554 5.7.1 Extreme Bad IP Profile
451 4.7.1 Please try again later
Commented:
This was the response from Time Warner after several weeks of not being able to receive email from them, a few days later mail started flowing properly. So it was on their end.

From my postmaster
 
 
ISPAlliance increased the rate limits and currently white listed our offending
outbound IPs so our queues have a chance to drain.  They will be removing those
IPs from their white list today and re-evaluating the situation.
We started delivering mail to them around 2100 on 5/15.

Author

Commented:
It was my orignal assumption being that mail was flowing from all other domains that it was a Time Warner issue.
Tony JohncockLead Technical Architect

Commented:
Glad it's finally (!) being resolved by them - took them long enough to acknowledge.

Thank you for the points.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial