jtsokanis
asked on
exchange with poor sbrs
We are receiving this error when sending email to a domain: 554 Your access to this mail system from 189.206.196.3 has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.
I contact http://www.senderbase.org support and they ask me to check this:
Your mail server is demonstrating suspicious behavior and we suggest that you investigate/fix the following:
* rDNS points to a fully qualified domain name (FQDN)
* rDNS points to a domain which matches the HELO FQDN
* rDNS points to a domain which matches the sender domain or a domain which matches the parent domain
To this end, one of the HELO string we are seeing "tssimx.com" which is not an exact match to the PTR of the IP 189.206.196.3 (mail.tssimx.com). This contravenes RFC2821, section 4.1.1.1 which states, "These [HELO] commands are used to identify the SMTP client to the SMTP server. The argument field contains the fully-qualified domain name of the SMTP client if one is available." I would suggest speaking with your provider about this if they are really using an improperly formatted HELO string.
Here are some helpful/informative links:
http://searchsoa.techtarget.com/sDefinition/0,,sid26_gci214425,00.html
http://kb.iu.edu/data/aiuv.html
http://en.wikipedia.org/wiki/List_of_Internet_TLDs
My server FQDN is exactly as in my dns host records.
I didn't find anything wrong on my DNS's . What exactly should i check? where is exactly "the HELO string we are seeing "tssimx.com""?
Thanks in advance
I contact http://www.senderbase.org support and they ask me to check this:
Your mail server is demonstrating suspicious behavior and we suggest that you investigate/fix the following:
* rDNS points to a fully qualified domain name (FQDN)
* rDNS points to a domain which matches the HELO FQDN
* rDNS points to a domain which matches the sender domain or a domain which matches the parent domain
To this end, one of the HELO string we are seeing "tssimx.com" which is not an exact match to the PTR of the IP 189.206.196.3 (mail.tssimx.com). This contravenes RFC2821, section 4.1.1.1 which states, "These [HELO] commands are used to identify the SMTP client to the SMTP server. The argument field contains the fully-qualified domain name of the SMTP client if one is available." I would suggest speaking with your provider about this if they are really using an improperly formatted HELO string.
Here are some helpful/informative links:
http://searchsoa.techtarget.com/sDefinition/0,,sid26_gci214425,00.html
http://kb.iu.edu/data/aiuv.html
http://en.wikipedia.org/wiki/List_of_Internet_TLDs
My server FQDN is exactly as in my dns host records.
I didn't find anything wrong on my DNS's . What exactly should i check? where is exactly "the HELO string we are seeing "tssimx.com""?
Thanks in advance
You may be using a shared hosting provider that has other websites hosted at the same IP range (first two or three segments of the IP address is the same) and it may be the one with the bad reputation. You might want to consider dedicated hosting with a more reputable firm if that is the case.
The MTA Poor reputation mean the receiver indicating that your mail server sending a lof od spam mail. Your sender reputation at senderbase.org is poor. You can check here: http://www.senderbase.org/senderbase_queries/detailip?search_string=189.206.196.3
Now, you need identify if there a spam mail being from this IP:189.206.196.3. If you subcribe services with ISP, please inform that about the issue
Now, you need identify if there a spam mail being from this IP:189.206.196.3. If you subcribe services with ISP, please inform that about the issue
You could have one machine on your network infected with a Trojan or some other malware that is sending out spam without your knowledge. It could even be from an end user device which is allowed to connect to a wifi hot spot. The solution is in two stages - solve the source of the problem by eliminating the spam or questionable traffic, and then obtain a new IP address and keep it clean.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks, this is an exchange 2003 server with websense email filter and symantec for exchange. Let me check with websense about this issue, and I'll reply to you.
ASKER
We' are sending email directly to the server with IP 189.206.196.3