• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 662
  • Last Modified:

how do I determine the reason for 554 denied bounce backs?

received a call informing me of 554 bounce backs. See below:

This is a delivery status notification, automatically generated by MTA domain1.com on Wed, 05 Jun 2013 09:21:05 -0400 Regarding recipient(s) : user1@domain2.com Delivery status : Failed. Message could not be delivered to domain <domain2.com> .554; Denied
[p02c11m066.mxlogic.net] (Mode: normal) MTA Response :554

Called out to the email admin that was reporting the bounce backs and we both completed a Telnet to Port 25 to Test SMTP Communication to each others email server with success, but they still getting '554 denied'.
0
ID10Tz
Asked:
ID10Tz
  • 15
  • 14
1 Solution
 
Alan HardistyCo-OwnerCommented:
You are basically being rejected by the Recipient Server as they have taken a dislike to you presumably because you are considered a spammer.

Have you checked your IP Address on the following sites:

http://www.blacklistalert.org / http://mxtoolbox.com/blacklists.aspx

Have a read of my article too:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/A_2427-Problems-sending-mail-to-one-or-more-external-domains.html

Alan
0
 
ID10TzAuthor Commented:
so my server is rejecting the 'offensive email server'.

1.) Checked both my server is NOT listed.
2.) I am the only admin for our email server and I haven't changed a thing
3.) On a daily basis we (well at least were) communicate w/the other server w/out issue
0
 
Alan HardistyCo-OwnerCommented:
Sorry - who is sending the emails that are getting rejected?

Are you on the sending end or the receiving end?
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
ID10TzAuthor Commented:
the other email server is being denied
0
 
Alan HardistyCo-OwnerCommented:
Okay - so do you have Anti-Spam software on your server?

Are you using the built-in tools in Exchange (Blacklists etc) to reject emails?

See my other article for details of how this might be done:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2527-How-to-prevent-Spoofed-Emails-in-Exchange-2003.html

Alan
0
 
ID10TzAuthor Commented:
no anti-spam & yes using the built-in tools: (Sender/recipient/sender ID filtering) which we haven't been modified.
0
 
Alan HardistyCo-OwnerCommented:
Are you logging your SMTP Communications?

http://www.msexchange.org/articles-tutorials/exchange-server-2000/monitoring-operations/Logging_the_SMTP_Service.html

You can use telnet to manually test communications between yourselves, but generally the info is entered correctly when done manually and you don't send a full message and so it usually works.

If you have been logging, then check the logs around the time of the failed delivery.  If not, please enable logging, ask the sender to retry the same message and then examine the logs afterwards for reasons.

Alan
0
 
ID10TzAuthor Commented:
went to enable logging and its enabled, but nothing was selected from the advanced tab so I selected all & now copying the log file to import into excel. I found the following ip listed in my default smtp virtual server properties, but its not mine: 169.254.176.136
0
 
Alan HardistyCo-OwnerCommented:
Is that repeated on each line?

What is the IP Listed in your Default SMTP Virtual Server?

Alan
0
 
ID10TzAuthor Commented:
no this is actually on the server itself like where it says IP Address (All unassigned) click the drop down box and I see my local ip for the sever and then I see the alien IP. I have the local IP listed not the All unassigned or the foreign IP. Still copying the log file. It was 300MB
0
 
Alan HardistyCo-OwnerCommented:
Okay - no worries.

See what the log file has to say and post a section (edited to remove identifying details) if you need help deciphering it.

Alan
0
 
ID10TzAuthor Commented:
Im scared now. There is 1048576 lines (my email address and from my ipad) of the following:

6/5/2013      0:00:01      W3SVC1      EXCHANGE      192.0.0.1      PROPFIND      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG      -      80      -      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      401      1      0
6/5/2013      0:00:01      W3SVC1      EXCHANGE      192.0.0.1      PROPFIND      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      207      0      0
6/5/2013      0:00:01      W3SVC1      EXCHANGE      192.0.0.1      GET      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG/5f96240d4001cf4d86ee41d15b1ac229-1488      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:01      W3SVC1      EXCHANGE      192.0.0.1      SEARCH      /exchange-oma/myemail@domain.com/      -      80      -      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      401      1      0
6/5/2013      0:00:01      W3SVC1      EXCHANGE      192.0.0.1      SEARCH      /exchange-oma/myemail@domain.com/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      207      0      0
6/5/2013      0:00:01      W3SVC1      EXCHANGE      192.0.0.1      POST      /Microsoft-Server-ActiveSync      User=myemail&DeviceId=ApplDLXG3CP0DJHG&DeviceType=iPad&Cmd=Sync&Log=V4TEmSSC:0A0C0D0FS:0A0C0D0SP:1C3I7423S683482R0S0L0H0P      443      domain.com.com\myemail      174.224.139.228      Apple-iPad2C3/1002.329      200      0      0
6/5/2013      0:00:01      W3SVC1      EXCHANGE      192.0.0.1      GET      /exchange/      -      443      hostmaster@domain.com.com      10.30.50.179      Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X;+en-US;+rv:1.8.1.13)+Gecko/20080311+Firefox/2.0.0.13      200      0      0
6/5/2013      0:00:03      W3SVC1      EXCHANGE      192.0.0.1      GET      /exchange/hostmaster/      Cmd=contents&ShowFolders=1      443      hostmaster@domain.com.com      10.30.50.179      Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X;+en-US;+rv:1.8.1.13)+Gecko/20080311+Firefox/2.0.0.13      200      0      0
6/5/2013      0:00:03      W3SVC1      EXCHANGE      192.0.0.1      SEARCH      /exchange/hostmaster/Inbox/      -      443      hostmaster@domain.com.com      10.30.50.179      Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X;+en-US;+rv:1.8.1.13)+Gecko/20080311+Firefox/2.0.0.13      207      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      PROPFIND      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG      -      80      -      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      401      1      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      PROPFIND      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      207      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      GET      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      302      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      GET      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG/AutdState.xml      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      GET      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG/FolderSyncFile      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      SUBSCRIBE      /exchange-oma/myemail@domain.com/Deleted%20Items/GH/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      SUBSCRIBE      /exchange-oma/myemail@domain.com/Inbox/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      SUBSCRIBE      /exchange-oma/myemail@domain.com/Inbox/VMware/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      SUBSCRIBE      /exchange-oma/myemail@domain.com/Inbox/RR/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      SUBSCRIBE      /exchange-oma/myemail@domain.com/Inbox/BW/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      SUBSCRIBE      /exchange-oma/myemail@domain.com/Inbox/CS/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      SUBSCRIBE      /exchange-oma/myemail@domain.com/Inbox/Dell/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
0
 
ID10TzAuthor Commented:
not sure why it like that (log file) but I copied it before adding the advance elements.
0
 
Alan HardistyCo-OwnerCommented:
That seems to be your default website log, not the SMTP log.
0
 
ID10TzAuthor Commented:
I copied it directly from w3svc1 directory
0
 
Alan HardistyCo-OwnerCommented:
Yes - but that won't show SMTP traffic - only HTTP / HTTPS web traffic from your default website.

We need to examine the SMTP logs to find out why.
0
 
ID10TzAuthor Commented:
where do I find them?
0
 
Alan HardistyCo-OwnerCommented:
Usually c:\windows\system32\logfiles\smtpsvc1 ..................
0
 
ID10TzAuthor Commented:
ok found it and imported to excel. how much of an example and what should I be looking for to copy and paste?
0
 
Alan HardistyCo-OwnerCommented:
Ideally look for the message (email address) from the sender that got rejected and then follow the flow of IP Addresses that they connect from and see what the result is.

How big are the files?
0
 
ID10TzAuthor Commented:
328 KB
0
 
Alan HardistyCo-OwnerCommented:
Okay - that's not huge.  Does it contain the relevant data?

Is the file recent?
0
 
ID10TzAuthor Commented:
Attached is a couple of lines from the log, but because I enabled the advanced logging after the issue occurred it looks as if the logging didn't start until 4 pm PST & I  have not heard from the end user who was suffering from this originally.
4-EE.xlsx
0
 
Alan HardistyCo-OwnerCommented:
Okay - can you ask them to try again and then once they have confirmed the message got rejected and as long as you are logging, we should be able to see what is happening.

Thanks

Alan
0
 
ID10TzAuthor Commented:
Asked them to try and send another so now I'm playing the waiting game.
0
 
ID10TzAuthor Commented:
this error ended up being on the other admins side.
0
 
Alan HardistyCo-OwnerCommented:
What was the problem in the end?

Alan
0
 
ID10TzAuthor Commented:
not sure. It just stopped
0
 
Alan HardistyCo-OwnerCommented:
Ah - then it shall forever remain a mystery!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 15
  • 14
Tackle projects and never again get stuck behind a technical roadblock.
Join Now