?
Solved

how do I determine the reason for 554 denied bounce backs?

Posted on 2013-06-05
29
Medium Priority
?
648 Views
Last Modified: 2013-06-11
received a call informing me of 554 bounce backs. See below:

This is a delivery status notification, automatically generated by MTA domain1.com on Wed, 05 Jun 2013 09:21:05 -0400 Regarding recipient(s) : user1@domain2.com Delivery status : Failed. Message could not be delivered to domain <domain2.com> .554; Denied
[p02c11m066.mxlogic.net] (Mode: normal) MTA Response :554

Called out to the email admin that was reporting the bounce backs and we both completed a Telnet to Port 25 to Test SMTP Communication to each others email server with success, but they still getting '554 denied'.
0
Comment
Question by:ID10Tz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 15
  • 14
29 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39222913
You are basically being rejected by the Recipient Server as they have taken a dislike to you presumably because you are considered a spammer.

Have you checked your IP Address on the following sites:

http://www.blacklistalert.org / http://mxtoolbox.com/blacklists.aspx

Have a read of my article too:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/A_2427-Problems-sending-mail-to-one-or-more-external-domains.html

Alan
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39222943
so my server is rejecting the 'offensive email server'.

1.) Checked both my server is NOT listed.
2.) I am the only admin for our email server and I haven't changed a thing
3.) On a daily basis we (well at least were) communicate w/the other server w/out issue
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39222956
Sorry - who is sending the emails that are getting rejected?

Are you on the sending end or the receiving end?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 1

Author Comment

by:ID10Tz
ID: 39223017
the other email server is being denied
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39223058
Okay - so do you have Anti-Spam software on your server?

Are you using the built-in tools in Exchange (Blacklists etc) to reject emails?

See my other article for details of how this might be done:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_2527-How-to-prevent-Spoofed-Emails-in-Exchange-2003.html

Alan
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39223068
no anti-spam & yes using the built-in tools: (Sender/recipient/sender ID filtering) which we haven't been modified.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39223086
Are you logging your SMTP Communications?

http://www.msexchange.org/articles-tutorials/exchange-server-2000/monitoring-operations/Logging_the_SMTP_Service.html

You can use telnet to manually test communications between yourselves, but generally the info is entered correctly when done manually and you don't send a full message and so it usually works.

If you have been logging, then check the logs around the time of the failed delivery.  If not, please enable logging, ask the sender to retry the same message and then examine the logs afterwards for reasons.

Alan
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39223126
went to enable logging and its enabled, but nothing was selected from the advanced tab so I selected all & now copying the log file to import into excel. I found the following ip listed in my default smtp virtual server properties, but its not mine: 169.254.176.136
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39223199
Is that repeated on each line?

What is the IP Listed in your Default SMTP Virtual Server?

Alan
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39223269
no this is actually on the server itself like where it says IP Address (All unassigned) click the drop down box and I see my local ip for the sever and then I see the alien IP. I have the local IP listed not the All unassigned or the foreign IP. Still copying the log file. It was 300MB
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39223287
Okay - no worries.

See what the log file has to say and post a section (edited to remove identifying details) if you need help deciphering it.

Alan
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39223599
Im scared now. There is 1048576 lines (my email address and from my ipad) of the following:

6/5/2013      0:00:01      W3SVC1      EXCHANGE      192.0.0.1      PROPFIND      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG      -      80      -      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      401      1      0
6/5/2013      0:00:01      W3SVC1      EXCHANGE      192.0.0.1      PROPFIND      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      207      0      0
6/5/2013      0:00:01      W3SVC1      EXCHANGE      192.0.0.1      GET      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG/5f96240d4001cf4d86ee41d15b1ac229-1488      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:01      W3SVC1      EXCHANGE      192.0.0.1      SEARCH      /exchange-oma/myemail@domain.com/      -      80      -      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      401      1      0
6/5/2013      0:00:01      W3SVC1      EXCHANGE      192.0.0.1      SEARCH      /exchange-oma/myemail@domain.com/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      207      0      0
6/5/2013      0:00:01      W3SVC1      EXCHANGE      192.0.0.1      POST      /Microsoft-Server-ActiveSync      User=myemail&DeviceId=ApplDLXG3CP0DJHG&DeviceType=iPad&Cmd=Sync&Log=V4TEmSSC:0A0C0D0FS:0A0C0D0SP:1C3I7423S683482R0S0L0H0P      443      domain.com.com\myemail      174.224.139.228      Apple-iPad2C3/1002.329      200      0      0
6/5/2013      0:00:01      W3SVC1      EXCHANGE      192.0.0.1      GET      /exchange/      -      443      hostmaster@domain.com.com      10.30.50.179      Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X;+en-US;+rv:1.8.1.13)+Gecko/20080311+Firefox/2.0.0.13      200      0      0
6/5/2013      0:00:03      W3SVC1      EXCHANGE      192.0.0.1      GET      /exchange/hostmaster/      Cmd=contents&ShowFolders=1      443      hostmaster@domain.com.com      10.30.50.179      Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X;+en-US;+rv:1.8.1.13)+Gecko/20080311+Firefox/2.0.0.13      200      0      0
6/5/2013      0:00:03      W3SVC1      EXCHANGE      192.0.0.1      SEARCH      /exchange/hostmaster/Inbox/      -      443      hostmaster@domain.com.com      10.30.50.179      Mozilla/5.0+(Macintosh;+U;+Intel+Mac+OS+X;+en-US;+rv:1.8.1.13)+Gecko/20080311+Firefox/2.0.0.13      207      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      PROPFIND      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG      -      80      -      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      401      1      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      PROPFIND      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      207      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      GET      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      302      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      GET      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG/AutdState.xml      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      GET      /exchange-oma/myemail@domain.com/NON_IPM_SUBTREE/Microsoft-Server-ActiveSync/iPad/ApplDLXG3CP0DJHG/FolderSyncFile      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      SUBSCRIBE      /exchange-oma/myemail@domain.com/Deleted%20Items/GH/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      SUBSCRIBE      /exchange-oma/myemail@domain.com/Inbox/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      SUBSCRIBE      /exchange-oma/myemail@domain.com/Inbox/VMware/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      SUBSCRIBE      /exchange-oma/myemail@domain.com/Inbox/RR/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      SUBSCRIBE      /exchange-oma/myemail@domain.com/Inbox/BW/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      SUBSCRIBE      /exchange-oma/myemail@domain.com/Inbox/CS/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
6/5/2013      0:00:04      W3SVC1      EXCHANGE      192.0.0.1      SUBSCRIBE      /exchange-oma/myemail@domain.com/Inbox/Dell/      -      80      domain.com\myemail      192.0.0.1      Microsoft-Server-ActiveSync/6.5.7638.1      200      0      0
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39223692
not sure why it like that (log file) but I copied it before adding the advance elements.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39223734
That seems to be your default website log, not the SMTP log.
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39228776
I copied it directly from w3svc1 directory
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39228973
Yes - but that won't show SMTP traffic - only HTTP / HTTPS web traffic from your default website.

We need to examine the SMTP logs to find out why.
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39228990
where do I find them?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39229004
Usually c:\windows\system32\logfiles\smtpsvc1 ..................
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39229195
ok found it and imported to excel. how much of an example and what should I be looking for to copy and paste?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39229220
Ideally look for the message (email address) from the sender that got rejected and then follow the flow of IP Addresses that they connect from and see what the result is.

How big are the files?
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39229337
328 KB
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39229389
Okay - that's not huge.  Does it contain the relevant data?

Is the file recent?
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39229454
Attached is a couple of lines from the log, but because I enabled the advanced logging after the issue occurred it looks as if the logging didn't start until 4 pm PST & I  have not heard from the end user who was suffering from this originally.
4-EE.xlsx
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39229535
Okay - can you ask them to try again and then once they have confirmed the message got rejected and as long as you are logging, we should be able to see what is happening.

Thanks

Alan
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39229559
Asked them to try and send another so now I'm playing the waiting game.
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39238032
this error ended up being on the other admins side.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 39238065
What was the problem in the end?

Alan
0
 
LVL 1

Author Comment

by:ID10Tz
ID: 39238232
not sure. It just stopped
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 39238249
Ah - then it shall forever remain a mystery!!
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question