• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 931
  • Last Modified:

exchange with poor sbrs

We are receiving this error when sending email to a domain: 554 Your access to this mail system from 189.206.196.3 has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.
I contact http://www.senderbase.org support and they ask me to check this:
Your mail server is demonstrating suspicious behavior and we suggest that you investigate/fix the following:

* rDNS points to a fully qualified domain name (FQDN)
* rDNS points to a domain which matches the HELO FQDN
* rDNS points to a domain which matches the sender domain or a domain which matches the parent domain

To this end, one of the HELO string we are seeing "tssimx.com" which is not an exact match to the PTR of the IP 189.206.196.3  (mail.tssimx.com).  This contravenes RFC2821, section 4.1.1.1 which states, "These [HELO] commands are used to identify the SMTP client to the SMTP server. The argument field contains the fully-qualified domain name of the SMTP client if one is available." I would suggest speaking with your provider about this if they are really using an improperly formatted HELO string.

Here are some helpful/informative links:
http://searchsoa.techtarget.com/sDefinition/0,,sid26_gci214425,00.html
http://kb.iu.edu/data/aiuv.html
http://en.wikipedia.org/wiki/List_of_Internet_TLDs 

My server FQDN is exactly as in my dns host records.

I didn't find anything wrong on my DNS's . What exactly should i check? where is exactly "the HELO string we are seeing "tssimx.com""?

Thanks in advance
0
jtsokanis
Asked:
jtsokanis
2 Solutions
 
Norm DickinsonGuruCommented:
You may be using a shared hosting provider that has other websites hosted at the same IP range (first two or three segments of the IP address is the same) and it may be the one with the bad reputation. You might want to consider dedicated hosting with a more reputable firm if that is the case.
0
 
suriyaehnopCommented:
The MTA Poor reputation mean the receiver indicating that your mail server sending a lof od spam mail. Your sender reputation at senderbase.org is poor. You can check here: http://www.senderbase.org/senderbase_queries/detailip?search_string=189.206.196.3

Now, you need identify if there a spam mail being from this IP:189.206.196.3. If you subcribe services with ISP, please inform that about the issue
0
 
Norm DickinsonGuruCommented:
You could have one machine on your network infected with a Trojan or some other malware that is sending out spam without your knowledge. It could even be from an end user device which is allowed to connect to a wifi hot spot. The solution is in two stages - solve the source of the problem by eliminating the spam or questionable traffic, and then obtain a new IP address and keep it clean.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Simon Butler (Sembee)ConsultantCommented:
External sites testing Exchange 2007/2010 servers will see different information to what a server that you are sending email to will see, because Exchange gives two different results depending on Inbound or Outbound email. Therefore failing on that result is a red herring and the response from Senderbase is close to useless.

The address on the question (189.206.196.3) is not on any other blacklists, so it is just Senderbase reputation. If you were sending out spam then you would get listed elsewhere.

The server answering on 189.206.196.3 isn't Exchange. It is something else I don't recognise. Are you sending email out via that same device, or direct?

Simon.
0
 
Norm DickinsonGuruCommented:
You may also be able to simply contact the intended recipients and have them "whitelist" your IP address instead of relying on Senderbase's general listing as a reason to block your server. If you only have one or two intended recipient domains that use Senderbase, this is not much of a job for them.
0
 
jtsokanisAuthor Commented:
thanks, this is an exchange 2003 server with websense email filter and symantec for exchange. Let me check with websense about this issue, and I'll reply to you.
0
 
jtsokanisAuthor Commented:
We' are sending email directly to the server with IP 189.206.196.3
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now