One user, suddenly getting email bounce backs from a specific .com

tjwo94
tjwo94 used Ask the Experts™
on
I have the owner of a company suddenly getting returned mail whenever sending to a specific .com

Other users in the office are sending to the this .com fine and are using the same settings as the owner.

He can send and recieve fine to and from everyone else.

I thought at first, perhaps his smtp settings needed to be adjusted and did so, however, this did not fix his issue. He is using Windows Live Mail, POP3 settings.

This is the bounceback info I get after changing his smtp to his local ISP smtp settings:


Reporting-MTA: dns; mta11.charter.net
Arrival-Date: Thu, 24 May 2012 11:57:48 -0400
Received-From-MTA: dns; imp09 (10.20.200.9)

Final-Recipient: RFC822; <user1@domain.com>
Action: failed
Status: 5.3.0
Remote-MTA: dns; domain.com.inbound10.mxlogic.net (208.65.144.2)
Diagnostic-Code: smtp; 554 Denied [c7a5ebf4.0.34734.00-2353.58856.p01c11m116.mxlogic.net] (Mode: normal)

Final-Recipient: RFC822; <user2@domain.com>
Action: failed
Status: 5.3.0
Remote-MTA: dns; domain.com.inbound10.mxlogic.net (208.65.144.2)
Diagnostic-Code: smtp; 554 Denied [c7a5ebf4.0.34734.00-2353.58856.p01c11m116.mxlogic.net] (Mode: normal)


And

This Message was undeliverable due to the following reason:

Your message was not delivered because the destination computer refused to accept it (the error message is reproduced below).  This type of error is usually due to a mis-configured account or mail delivery system on the destination computer; however, it could be caused by your message since some mail systems refuse messages with invalid header information, or if they are too large.

Your message was rejected by
domain.com.inbound10.mxlogic.net for the following reason:

     Denied [c7a5ebf4.0.34734.00-2353.58856.p01c11m116.mxlogic.net] (Mode:
normal)

The following recipients did not receive this message:

     <user1@domain.com>
     <user2@domain.com>
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Almost sounds like the receiving mail server has a manual setting to reject mail from this sender. Could also be related to the content of the email that's being sent - it's too large, or has a disallowed attachment file type - but I expect you've tested with a plain old test mail.

Only other thing I can think is if the sender's email address contains non-standard characters that are recognized by the sending mail system, but not by the receiving mail system. That wouldn't explain why this started suddenly, though.

Can you verify that other senders can successfully send mail to user1@domain.com and user2@domain.com? Maybe those addresses are no longer valid at the destination, and the destination mail server is (correctly) not responding with a specific "invalid address" NDR?

Author

Commented:
I have tested with a plain empty message with the same result. The user1 and user2 emails he is attempting to send to are indeed valid.

As far as I can tell from a few tests/searches online it is not an IP Blacklist issue, though, that would affect the other senders in his office as well.

Unless there is another avenue to explore, im stumped. I have already instructed the recipients to contact there mail host to verify if the individual email is being blocked for some reason.
Commented:
Yeah, I was thinking more along the lines of what, in Exchange 2010, would be a transport rule, looking like, "Any mail from owner@yourcompany.com, reject it."

Sounds like the recipients are expecting and desirous of these emails that are being bounced, so who knows why that got dropped in there. Maybe some time recently some spammer started sending out garbage with your owner's email address in the From field, and the email admin there stopped it the wrong way. If that's true, though, it suggests that such a spammer may have gotten into your owner's business or personal mailbox, and extracted recipient addresses from it. Possibly even sent such spam from the compromised mailbox rather than separately, and spoofing the From address. That's not unheard of, and worth examining.

But I think you're right in that you need to involve the recipient server admin to figure out on what basis they're rejecting the mail.
Aaah, mxlogic, great at stopping spam, unfortunately a high level of false positives.

Last month a friend of mine started working at a company that uses mxlogic and they were denying email at the TCP level from my email servers, servers that have reverse DNS, a domain with spf records etc. I had to ring somebody to get the block removed...

I'd suggest setting up a gmail account and trying that, but his IP address could have been blacklisted and the associated with his email address etc etc

Author

Commented:
I have to agree this clearly looks like an issue of his email being filtered out or blocked altogether. I made the .com aware everything is fine on his end and like it or not they will just have to investigate who and or how they have him blocked on theirs. Appreciate the help!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial