Solved

how do I determine the reason for 554 denied bounce backs?

Posted on 2013-06-05
29
639 Views
Last Modified: 2013-06-11
received a call informing me of 554 bounce backs. See below:

This is a delivery status notification, automatically generated by MTA domain1.com on Wed, 05 Jun 2013 09:21:05 -0400 Regarding recipient(s) : user1@domain2.com Delivery status : Failed. Message could not be delivered to domain <domain2.com> .554; Denied
[p02c11m066.mxlogic.net] (Mode: normal) MTA Response :554

Called out to the email admin that was reporting the bounce backs and we both completed a Telnet to Port 25 to Test SMTP Communication to each others email server with success, but they still getting '554 denied'.
0
Comment
Question by:ID10Tz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 15
  • 14
29 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39222913
You are basically being rejected by the Recipient Server as they have taken a dislike to you presumably because you are considered a spammer.

Have you checked your IP Address on the following sites:

http://www.blacklistalert.org / http://mxtoolbox.com/blacklists.aspx

Have a read of my article too:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/A_2427-Problems-sending-mail-to-one-or-more-external-domains.html

Alan
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39222943
so my server is rejecting the 'offensive email server'.

1.) Checked both my server is NOT listed.
2.) I am the only admin for our email server and I haven't changed a thing
3.) On a daily basis we (well at least were) communicate w/the other server w/out issue
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39222956
Sorry - who is sending the emails that are getting rejected?

Are you on the sending end or the receiving end?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 1

Author Comment

by:ID10Tz
ID: 39223017
the other email server is being denied
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39223058
Okay - so do you have Anti-Spam software on your server?

Are you using the built-in tools in Exchange (Blacklists etc) to reject emails?

See my other article for details of how this might be done:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2527-How-to-prevent-Spoofed-Emails-in-Exchange-2003.html

Alan
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39223068
no anti-spam & yes using the built-in tools: (Sender/recipient/sender ID filtering) which we haven't been modified.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39223086
Are you logging your SMTP Communications?

http://www.msexchange.org/articles-tutorials/exchange-server-2000/monitoring-operations/Logging_the_SMTP_Service.html

You can use telnet to manually test communications between yourselves, but generally the info is entered correctly when done manually and you don't send a full message and so it usually works.

If you have been logging, then check the logs around the time of the failed delivery.  If not, please enable logging, ask the sender to retry the same message and then examine the logs afterwards for reasons.

Alan
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39223126
went to enable logging and its enabled, but nothing was selected from the advanced tab so I selected all & now copying the log file to import into excel. I found the following ip listed in my default smtp virtual server properties, but its not mine: 169.254.176.136
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39223199
Is that repeated on each line?

What is the IP Listed in your Default SMTP Virtual Server?

Alan
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39223269
no this is actually on the server itself like where it says IP Address (All unassigned) click the drop down box and I see my local ip for the sever and then I see the alien IP. I have the local IP listed not the All unassigned or the foreign IP. Still copying the log file. It was 300MB
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39223287
Okay - no worries.

See what the log file has to say and post a section (edited to remove identifying details) if you need help deciphering it.

Alan
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39223599
Im scared now. There is 1048576 lines (my email address and from my ipad) of the following:

6/5/2013      0:00:01      W3SVC1      EXCHANGE      192.0.0.1      PROPFIND      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG      -      80      -      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      401      1      0
6/5/2013      0:00:01      W3SVC1      EXCHANGE      192.0.0.1      PROPFIND      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      207      0      0
6/5/2013      0:00:01      W3SVC1      EXCHANGE      192.0.0.1      GET      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG/5f96240d4001cf4d86ee41d15b1ac229-1488      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:01      W3SVC1      EXCHANGE      192.0.0.1      SEARCH      /exchange-oma/myemail@domain.com/      -      80      -      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      401      1      0
6/5/2013      0:00:01      W3SVC1      EXCHANGE      192.0.0.1      SEARCH      /exchange-oma/myemail@domain.com/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      207      0      0
6/5/2013      0:00:01      W3SVC1      EXCHANGE      192.0.0.1      POST      /Microsoft-Server-ActiveSync      User=myemail&DeviceId=ApplDLXG3CP0DJHG&DeviceType=iPad&Cmd=Sync&Log=V4TEmSSC:0A0C0D0FS:0A0C0D0SP:1C3I7423S683482R0S0L0H0P      443      domain.com.com\myemail      174.224.139.228      Apple-iPad2C3/1002.329      200      0      0
6/5/2013      0:00:01      W3SVC1      EXCHANGE      192.0.0.1      GET      /exchange/      -      443      hostmaster@domain.com.com      10.30.50.179      Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X;+en-US;+rv:1.8.1.13)+Gecko/20080311+Firefox/2.0.0.13      200      0      0
6/5/2013      0:00:03      W3SVC1      EXCHANGE      192.0.0.1      GET      /exchange/hostmaster/      Cmd=contents&ShowFolders=1      443      hostmaster@domain.com.com      10.30.50.179      Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X;+en-US;+rv:1.8.1.13)+Gecko/20080311+Firefox/2.0.0.13      200      0      0
6/5/2013      0:00:03      W3SVC1      EXCHANGE      192.0.0.1      SEARCH      /exchange/hostmaster/Inbox/      -      443      hostmaster@domain.com.com      10.30.50.179      Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X;+en-US;+rv:1.8.1.13)+Gecko/20080311+Firefox/2.0.0.13      207      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      PROPFIND      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG      -      80      -      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      401      1      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      PROPFIND      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      207      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      GET      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      302      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      GET      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG/AutdState.xml      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      GET      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG/FolderSyncFile      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      SUBSCRIBE      /exchange-oma/myemail@domain.com/Deleted%20Items/GH/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      SUBSCRIBE      /exchange-oma/myemail@domain.com/Inbox/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      SUBSCRIBE      /exchange-oma/myemail@domain.com/Inbox/VMware/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      SUBSCRIBE      /exchange-oma/myemail@domain.com/Inbox/RR/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      SUBSCRIBE      /exchange-oma/myemail@domain.com/Inbox/BW/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      SUBSCRIBE      /exchange-oma/myemail@domain.com/Inbox/CS/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      SUBSCRIBE      /exchange-oma/myemail@domain.com/Inbox/Dell/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39223692
not sure why it like that (log file) but I copied it before adding the advance elements.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39223734
That seems to be your default website log, not the SMTP log.
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39228776
I copied it directly from w3svc1 directory
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39228973
Yes - but that won't show SMTP traffic - only HTTP / HTTPS web traffic from your default website.

We need to examine the SMTP logs to find out why.
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39228990
where do I find them?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39229004
Usually c:\windows\system32\logfiles\smtpsvc1 ..................
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39229195
ok found it and imported to excel. how much of an example and what should I be looking for to copy and paste?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39229220
Ideally look for the message (email address) from the sender that got rejected and then follow the flow of IP Addresses that they connect from and see what the result is.

How big are the files?
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39229337
328 KB
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39229389
Okay - that's not huge.  Does it contain the relevant data?

Is the file recent?
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39229454
Attached is a couple of lines from the log, but because I enabled the advanced logging after the issue occurred it looks as if the logging didn't start until 4 pm PST & I  have not heard from the end user who was suffering from this originally.
4-EE.xlsx
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39229535
Okay - can you ask them to try again and then once they have confirmed the message got rejected and as long as you are logging, we should be able to see what is happening.

Thanks

Alan
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39229559
Asked them to try and send another so now I'm playing the waiting game.
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39238032
this error ended up being on the other admins side.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39238065
What was the problem in the end?

Alan
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39238232
not sure. It just stopped
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 39238249
Ah - then it shall forever remain a mystery!!
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question