NDR indicates our server is spamming

i have looked here but need advice on what to do when this NDS "The message from (<me@mydomain.org>) with the subject of (test) matches a profile the Internet community may consider spam. Please revise your message before resending.>" seems to be coming directly from our mail server.  We are not blacklisted.  We have tried different subjects, but messages to at least 2 different domains come back to us.  Here is a header from one of them, some details masked.


Microsoft Mail Internet Headers Version 2.0
From: postmaster@xxxxx.org
To: xxxx.xxxxxx.org
Date: Wed, 6 Nov 2013 08:34:18 -0500
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
      boundary="9B095B5ADSN=_01CE9A9424608FC60002D114xxxx.xxxxxx.org"
X-DSNContext: 7ce717b1 - 1194 - 00000002 - 00000000
Message-ID: <Jm0OwdGBV00002908@xxxx.xxxxxx.org>
Subject: Delivery Status Notification (Failure)

--9B095B5ADSN=_01CE9A9424608FC60002D114xxxx.xxxxxx.org
Content-Type: text/plain; charset=unicode-1-1-utf-7

--9B095B5ADSN=_01CE9A9424608FC60002D114xxxx.xxxxxx.org
Content-Type: message/delivery-status

--9B095B5ADSN=_01CE9A9424608FC60002D114xxxx.xxxxxx.org
Content-Type: message/rfc822

X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
      boundary="----_=_NextPart_001_01CEDAF4.E3DB328C"
Subject: test
Date: Wed, 6 Nov 2013 08:34:16 -0500
Message-ID: <1A1645052E44E148A72665E360753CB9D94701@xxxx.xxxxxx.org>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: test
Thread-Index: Ac7a9OP3j5BXHmN6StW3nSYcdlqlJw==
From: "me" <xxxx.xxxxxx.org>
To: <address@problemdomain.com>

------_=_NextPart_001_01CEDAF4.E3DB328C
Content-Type: text/plain;
      charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

------_=_NextPart_001_01CEDAF4.E3DB328C
Content-Type: text/html;
      charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


------_=_NextPart_001_01CEDAF4.E3DB328C--

--9B095B5ADSN=_01CE9A9424608FC60002D114xxxx.xxxxxx.org--

quaybjAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
Either that or you need to get the NAT corrected so that the traffic appears to come from the correct IP address.

Simon.
0
 
AdrienneSperberTech Support CoordinatorCommented:
People from those domains may have marked your domain as spam.  Are you able to contact them to be added as a safe sender?
0
 
Miguel Angel Perez MuñozCommented:
Some spamfilters are very picky with

Emails with pictures and very little text
Some keywords

Review your email, may you have any kind of signature with images or any keyword that make is flag as spam.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
quaybjAuthor Commented:
I did contact one domain and the admin did mark us as safe, now mail is going through.... but now another domain has started rejecting messages from our domain.  The domain that fixed their server to white-list us told me that our server failed the basic anti-spam tests.  This started suddenly last week.  I use MX toolbox which says we are clean, what else can I do to find out what is going on?
0
 
Simon Butler (Sembee)ConsultantCommented:
There is nothing in that header to indicate why you were blocked.
If it has happened in the last week, then something has changed.
Have end users started to use different signatures (marketing think email is a marketing tool)? Have you checked the ISP hasn't reset your PTR for example?

The domain that said you failed basic anti-spam test - what are those? There is no such thing. Spam is managed in a different way by every product. Telling you that didn't really help at all.

Simon.
0
 
quaybjAuthor Commented:
Simon,

Right, not sure what he meant, however white listing worked so something is amiss somewhere, Maybe his settings, or maybe we were blacklisted and he didn't realize it, MXtoolbox only warns our smtp transaction time is slow, all other checks are good.  The PTR record checks out OK, we are not relaying. I did ask if people sent out bulk mail with pictures and generally tried to see what could be different. Nothing seems different there either.  i am still investigating because there are 2 other domains bouncing mail that i know about and it's likely not a coincidence.
0
 
Simon Butler (Sembee)ConsultantCommented:
If one of the major third party vendors has taken an exception to something in your email, everyone using that vendor would reject your email. Therefore don't rule out the cause being a single piece of software.

Simon.
0
 
quaybjAuthor Commented:
I notice that see that messages are stuck in the queue.  MX toolbox says our PTR record is OK, BUT, I see an event in the application log that says:
 

Event Type:        Warning
Event Source:        MSExchangeTransport
Event Category:        SMTP Protocol
Event ID:        7002
Date:                11/7/2013
Time:                10:50:03 AM
User:                N/A
Computer:        AFIA
Description:
This is an SMTP protocol warning log for virtual server ID 1, connection #23. The remote host "64.14.72.125", responded to the SMTP command "rcpt" with "421 "Refused. You have no reverse DNS entry. Contact abuse@suresupport.com for details."  ". The full command sent was "RCPT TO:<b.946.535070.da1bdda16e1b4f99@widny.org>  ".  This may cause the connection to fail.
 
I did send a message to suresupport.com.  Will post here if i get an answer.  

Thanks for your attention to this.
0
 
Simon Butler (Sembee)ConsultantCommented:
Don't hold your breath to get a reply. If you aren't a customer they will be uninterested in talking to you. If it works for everyone else then that would suggest the problem is with their server.

Simon.
0
 
quaybjAuthor Commented:
Simon,
i had to go away for a couple of days.  Status now is that messages to AOL and one other important (to us) domain are still stuck in the Exchange queue.  DNS, rDNS and MX all check out.  we have no SPF record and that seems to be a requirement for AOL.  Will work on that this AM and see what happens.
0
 
Simon Butler (Sembee)ConsultantCommented:
I knew that AOL were planning to make SPF records mandatory, but I didn't know they had done so.

The Postmaster site at AOL is always good reading:
http://postmaster.aol.com/

Their advice will apply to a lot of other sites that process a lot of email.

Simon.
0
 
quaybjAuthor Commented:
This got quite strange.  AOL didn't answer me about the SPF ( I did read their info and they whitelisted us) but in the meantime, all messages got stuck in the queue.  I called Microsoft and the engineer found, after a lot of poking, that the outside IP of the server is NOT the MX record IP.  So, even though there is a PTR for the MX record, there is not one for the actual outside address of the box.  This is because of a routing issue - we have colocated the servers in a switch to a new ISP and the cut-over required some creativity because all the circuits for the new provider are not done yet.  Somehow, in a routing tweak, things went awry.

Telnetting to many servers that were refusing our mail proves that the problem is the lack of the PTR record.

 My thinking is that I need to change the MX record to match the actual address of the server, create a PTR record for that address and the problem will go away.  Does that sound correct to you?
0
 
quaybjAuthor Commented:
Simon

Adding a second PTR record did the trick. Now we have a complex solution which I will fix shortly.  Thanks for hanging in there with me and logical thinking assistance.
Quaybj
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.