outbound Email issues, exchange 2003 - Rejected by content scanner (CMAE). See for an explanation.

Posted on 2013-06-04
Last Modified: 2013-06-08

I am having a few issues with email.

Some users have reported that they are not getting emails that they know have been sent. the user sending is not getting a bounce back .

The second and more important issue is when sending some emails, the users are getting bounce back

see below

We are using exchange 2003 and normally go outbound via a smarthost (BT) but due to some issues which Bt are fixing I have switch to use DNS for outbound emails.

as we don't normally use DNS i have not setup a reserve DNS lookup but will look at tonight.

Can some body explain exactly what steps need to be done to correctly setup

Inbound emails

We have a MX record setup, As far as i know this is all that is needed for incoming email

Outbound email

Using BT Smart Host

As far as i know i don need to setup anything as BT take care of all that

Using DNS

Setup RDNS which matches my Mx record
DO i need a SPF record setup at the domain level (this is an issue if i do as where the domain is hosted you cant set one up as it a shared hosting package with 1and

All there anything extra i need to setup in exchange ?

What is this ?

I have also noticed we keep intermittently being found on 1 blacklist site. the site is MAILSPIKE-BL. It only shows up on mxtoolbox and not any others i have tried and removes it self within a short period of time

********.com on Tue, 4 Jun 2013 18:18:31 +0100
   There was a SMTP communication problem with the recipient's email
server.  Please contact your system administrator.
   <******* #5.5.0 smtp;550 Rejected by content scanner (CMAE).
See for an explanation.
Fingerprint is <v=2.1 cv=RMeKQeS+ c=0 sm=0 tr=0 p=VwCCV9qUAAAA:8
a=9By/sdXPqd3qE83QUP8bfw==:117 a=9By/sdXPqd3qE83QUP8bfw==:17
a=fwJSd2CrC10A:10 a=mHgScw1XAAAA:8>>
Question by:MARKWILKY
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39220657
If you have no PTR then you will get email failures.
If you are on BT, then you will not get a PTR today, BT usually take anything between 48 and 36 hours to make the change. I would have requested as soon as you changed.

The URL that you have posted belongs to an outfit called Inty in Bristol. 
Never heard of them either. Looks like they are some kind of cloud reseller. The URL seems legit and it is nice for someone to actually send back some useful information.

The NDR shown would tend to indicate an issue with the actual content. That usually means you have a image based signature or something like that.


Author Comment

ID: 39220691
Thanks Simon

I have had a few clients now get these mailreport bounce backs

I have been looking at your blogs for last few hours, just checking if there anything i have missed but all seems fine apart form RDNS.

Do you need an SPF record at domain level or is a RDNs enough

it could be the image based signature.... How do you get round this issue as customers like to have there logos on bottom of email

is there any way to check some incoming emails that didn't arrive at end users mailbox. the customer also didn't receive any NDR. The customer resent in the morming and they came thought fine.

Once i setup the RDNS record is there anything else that needs setting up and is there any reason to use Bt smarthost for sending emails.
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 500 total points
ID: 39220708
There is no requirement to have an SPF record at all. It doens't help with your email delivery in any shape or form. Therefore if you aren't 100% sure on the settings, don't deploy one.

When it comes to images in the signatures, there is only one answer - don't do it. If you want email delivery to be 100% reliable then use plain text. I tolerate HTML as it is basically plain text, but logos are banned.
Quickest way to get that past people who want them is to ask if any of their biggest customers are using logos in their formal signatures (not personal signatures). You will not find one of them do, because of the bloat that it causes. All small businesses want to seem bigger than they are.

When it comes to inbound email, unless the item appears in message tracking there is nothing you can do. There are too many things between the sender and you to diagnose the problem as the sender. It is like getting a parcel delivered - until you sign for it you have no idea where it is.

Once you have a PTR then you could drop BT's smart host completely.

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.


Author Closing Comment

ID: 39220722
fast response from an exchange guru...Thanks

I also have a bes case open if you could look at that

thanks again...

Author Comment

ID: 39229614
HI Simon

We now have a RDNS record and we are sending via DNS and not smart host but getting a few bounce backs to Aol, Talktlak and a few others....

*** on 07/06/2013 08:28
            The message reached the recipient's e-mail system, but delivery was refused.  Attempt to resend the message.  If it still fails, contact your system administrator.
            <mail.****** #5.2.1 smtp;521 5.2.1 :  (CON:B1)>

If a do a SMTP test at mxtoolbox i get this below

220 mail.***** Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Fri, 7 Jun 2013 17:23:57 +0100

Test      Result      Hide
      SMTP Reverse Banner Check      OK - ******** resolves to mail.********
      SMTP Reverse DNS Mismatch      OK - Reverse DNS matches SMTP Banner      
      SMTP TLS      Warning - Does not support TLS.      Ignore
      SMTP Connection Time      0.998 seconds - Good on Connection time      
      SMTP Open Relay      OK - Not an open relay.      
      SMTP Transaction Time      8.393 seconds - Not good! on Transaction Time      Ignore
Session Transcript:

Any help would be appreciated

LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39231478
Did you actually look at the error on AOL? It would appear they are blocking you because of the email you have been sending out. There is a link I believe between AOL and TalkTalk in the UK, so probably the same address.


Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
how to add IIS SMTP to handle application/Scanner relays into office 365.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question