Solved

NDR indicates our server is spamming

Posted on 2013-11-06
13
348 Views
Last Modified: 2013-11-19
i have looked here but need advice on what to do when this NDS "The message from (<me@mydomain.org>) with the subject of (test) matches a profile the Internet community may consider spam. Please revise your message before resending.>" seems to be coming directly from our mail server.  We are not blacklisted.  We have tried different subjects, but messages to at least 2 different domains come back to us.  Here is a header from one of them, some details masked.


Microsoft Mail Internet Headers Version 2.0
From: postmaster@xxxxx.org
To: xxxx.xxxxxx.org
Date: Wed, 6 Nov 2013 08:34:18 -0500
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
      boundary="9B095B5ADSN=_01CE9A9424608FC60002D114xxxx.xxxxxx.org"
X-DSNContext: 7ce717b1 - 1194 - 00000002 - 00000000
Message-ID: <Jm0OwdGBV00002908@xxxx.xxxxxx.org>
Subject: Delivery Status Notification (Failure)

--9B095B5ADSN=_01CE9A9424608FC60002D114xxxx.xxxxxx.org
Content-Type: text/plain; charset=unicode-1-1-utf-7

--9B095B5ADSN=_01CE9A9424608FC60002D114xxxx.xxxxxx.org
Content-Type: message/delivery-status

--9B095B5ADSN=_01CE9A9424608FC60002D114xxxx.xxxxxx.org
Content-Type: message/rfc822

X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
      boundary="----_=_NextPart_001_01CEDAF4.E3DB328C"
Subject: test
Date: Wed, 6 Nov 2013 08:34:16 -0500
Message-ID: <1A1645052E44E148A72665E360753CB9D94701@xxxx.xxxxxx.org>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: test
Thread-Index: Ac7a9OP3j5BXHmN6StW3nSYcdlqlJw==
From: "me" <xxxx.xxxxxx.org>
To: <address@problemdomain.com>

------_=_NextPart_001_01CEDAF4.E3DB328C
Content-Type: text/plain;
      charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

------_=_NextPart_001_01CEDAF4.E3DB328C
Content-Type: text/html;
      charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


------_=_NextPart_001_01CEDAF4.E3DB328C--

--9B095B5ADSN=_01CE9A9424608FC60002D114xxxx.xxxxxx.org--

0
Comment
Question by:quaybj
13 Comments
 
LVL 9

Expert Comment

by:AdrienneSperber
Comment Utility
People from those domains may have marked your domain as spam.  Are you able to contact them to be added as a safe sender?
0
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
Comment Utility
Some spamfilters are very picky with

Emails with pictures and very little text
Some keywords

Review your email, may you have any kind of signature with images or any keyword that make is flag as spam.
0
 

Author Comment

by:quaybj
Comment Utility
I did contact one domain and the admin did mark us as safe, now mail is going through.... but now another domain has started rejecting messages from our domain.  The domain that fixed their server to white-list us told me that our server failed the basic anti-spam tests.  This started suddenly last week.  I use MX toolbox which says we are clean, what else can I do to find out what is going on?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
There is nothing in that header to indicate why you were blocked.
If it has happened in the last week, then something has changed.
Have end users started to use different signatures (marketing think email is a marketing tool)? Have you checked the ISP hasn't reset your PTR for example?

The domain that said you failed basic anti-spam test - what are those? There is no such thing. Spam is managed in a different way by every product. Telling you that didn't really help at all.

Simon.
0
 

Author Comment

by:quaybj
Comment Utility
Simon,

Right, not sure what he meant, however white listing worked so something is amiss somewhere, Maybe his settings, or maybe we were blacklisted and he didn't realize it, MXtoolbox only warns our smtp transaction time is slow, all other checks are good.  The PTR record checks out OK, we are not relaying. I did ask if people sent out bulk mail with pictures and generally tried to see what could be different. Nothing seems different there either.  i am still investigating because there are 2 other domains bouncing mail that i know about and it's likely not a coincidence.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
If one of the major third party vendors has taken an exception to something in your email, everyone using that vendor would reject your email. Therefore don't rule out the cause being a single piece of software.

Simon.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:quaybj
Comment Utility
I notice that see that messages are stuck in the queue.  MX toolbox says our PTR record is OK, BUT, I see an event in the application log that says:
 

Event Type:        Warning
Event Source:        MSExchangeTransport
Event Category:        SMTP Protocol
Event ID:        7002
Date:                11/7/2013
Time:                10:50:03 AM
User:                N/A
Computer:        AFIA
Description:
This is an SMTP protocol warning log for virtual server ID 1, connection #23. The remote host "64.14.72.125", responded to the SMTP command "rcpt" with "421 "Refused. You have no reverse DNS entry. Contact abuse@suresupport.com for details."  ". The full command sent was "RCPT TO:<b.946.535070.da1bdda16e1b4f99@widny.org>  ".  This may cause the connection to fail.
 
I did send a message to suresupport.com.  Will post here if i get an answer.  

Thanks for your attention to this.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
Don't hold your breath to get a reply. If you aren't a customer they will be uninterested in talking to you. If it works for everyone else then that would suggest the problem is with their server.

Simon.
0
 

Author Comment

by:quaybj
Comment Utility
Simon,
i had to go away for a couple of days.  Status now is that messages to AOL and one other important (to us) domain are still stuck in the Exchange queue.  DNS, rDNS and MX all check out.  we have no SPF record and that seems to be a requirement for AOL.  Will work on that this AM and see what happens.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
Comment Utility
I knew that AOL were planning to make SPF records mandatory, but I didn't know they had done so.

The Postmaster site at AOL is always good reading:
http://postmaster.aol.com/

Their advice will apply to a lot of other sites that process a lot of email.

Simon.
0
 

Author Comment

by:quaybj
Comment Utility
This got quite strange.  AOL didn't answer me about the SPF ( I did read their info and they whitelisted us) but in the meantime, all messages got stuck in the queue.  I called Microsoft and the engineer found, after a lot of poking, that the outside IP of the server is NOT the MX record IP.  So, even though there is a PTR for the MX record, there is not one for the actual outside address of the box.  This is because of a routing issue - we have colocated the servers in a switch to a new ISP and the cut-over required some creativity because all the circuits for the new provider are not done yet.  Somehow, in a routing tweak, things went awry.

Telnetting to many servers that were refusing our mail proves that the problem is the lack of the PTR record.

 My thinking is that I need to change the MX record to match the actual address of the server, create a PTR record for that address and the problem will go away.  Does that sound correct to you?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
Comment Utility
Either that or you need to get the NAT corrected so that the traffic appears to come from the correct IP address.

Simon.
0
 

Author Comment

by:quaybj
Comment Utility
Simon

Adding a second PTR record did the trick. Now we have a complex solution which I will fix shortly.  Thanks for hanging in there with me and logical thinking assistance.
Quaybj
0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now