• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 959
  • Last Modified:

exchange with poor sbrs

We are receiving this error when sending email to a domain: 554 Your access to this mail system from 189.206.196.3 has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.
I contact http://www.senderbase.org support and they ask me to check this:
Your mail server is demonstrating suspicious behavior and we suggest that you investigate/fix the following:

* rDNS points to a fully qualified domain name (FQDN)
* rDNS points to a domain which matches the HELO FQDN
* rDNS points to a domain which matches the sender domain or a domain which matches the parent domain

To this end, one of the HELO string we are seeing "tssimx.com" which is not an exact match to the PTR of the IP 189.206.196.3  (mail.tssimx.com).  This contravenes RFC2821, section 4.1.1.1 which states, "These [HELO] commands are used to identify the SMTP client to the SMTP server. The argument field contains the fully-qualified domain name of the SMTP client if one is available." I would suggest speaking with your provider about this if they are really using an improperly formatted HELO string.

Here are some helpful/informative links:
http://searchsoa.techtarget.com/sDefinition/0,,sid26_gci214425,00.html
http://kb.iu.edu/data/aiuv.html
http://en.wikipedia.org/wiki/List_of_Internet_TLDs 

My server FQDN is exactly as in my dns host records.

I didn't find anything wrong on my DNS's . What exactly should i check? where is exactly "the HELO string we are seeing "tssimx.com""?

Thanks in advance
0
jtsokanis
Asked:
jtsokanis
2 Solutions
 
Norm DickinsonGuruCommented:
You may be using a shared hosting provider that has other websites hosted at the same IP range (first two or three segments of the IP address is the same) and it may be the one with the bad reputation. You might want to consider dedicated hosting with a more reputable firm if that is the case.
0
 
suriyaehnopCommented:
The MTA Poor reputation mean the receiver indicating that your mail server sending a lof od spam mail. Your sender reputation at senderbase.org is poor. You can check here: http://www.senderbase.org/senderbase_queries/detailip?search_string=189.206.196.3

Now, you need identify if there a spam mail being from this IP:189.206.196.3. If you subcribe services with ISP, please inform that about the issue
0
 
Norm DickinsonGuruCommented:
You could have one machine on your network infected with a Trojan or some other malware that is sending out spam without your knowledge. It could even be from an end user device which is allowed to connect to a wifi hot spot. The solution is in two stages - solve the source of the problem by eliminating the spam or questionable traffic, and then obtain a new IP address and keep it clean.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Simon Butler (Sembee)ConsultantCommented:
External sites testing Exchange 2007/2010 servers will see different information to what a server that you are sending email to will see, because Exchange gives two different results depending on Inbound or Outbound email. Therefore failing on that result is a red herring and the response from Senderbase is close to useless.

The address on the question (189.206.196.3) is not on any other blacklists, so it is just Senderbase reputation. If you were sending out spam then you would get listed elsewhere.

The server answering on 189.206.196.3 isn't Exchange. It is something else I don't recognise. Are you sending email out via that same device, or direct?

Simon.
0
 
Norm DickinsonGuruCommented:
You may also be able to simply contact the intended recipients and have them "whitelist" your IP address instead of relying on Senderbase's general listing as a reason to block your server. If you only have one or two intended recipient domains that use Senderbase, this is not much of a job for them.
0
 
jtsokanisAuthor Commented:
thanks, this is an exchange 2003 server with websense email filter and symantec for exchange. Let me check with websense about this issue, and I'll reply to you.
0
 
jtsokanisAuthor Commented:
We' are sending email directly to the server with IP 189.206.196.3
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell┬« is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now