Solved

Spam-&-Virus-Firewallsaid: 552 5.2.0

Posted on 2014-01-15
8
3,517 Views
Last Modified: 2014-01-22
experts,

I have 1 user affected by this issue. We replicated the scenario on several computer, different location with the same Outlook program version (MS Office 2010 STD) and we get the same result (See error below). But when we used OWA it let me send the email without problem. In addition, the recipient ensured that our domain is white-listed.
Please advise.

#< #5.0.0 X-Spam-&-Virus-Firewall; host smtp.secureserver.net[x.x.x.x] said: 552 5.2.0 EFRD1n00m4yi1yR01FRHir IB212 msg rejected as spam (in reply to end of DATA command)> #SMTP#
0
Comment
Question by:tomfontanilla
  • 4
  • 3
8 Comments
 

Expert Comment

by:jrigobpt
ID: 39782827
Determine the IP address of your SMTP server
Take your IP address and run a check to make sure you are not on any blacklists

You can check this at senderbase.org, trustedsource.com, and mxtoolbox.com

If you are on a blacklist you need to figure out why, did a user send out a message to too many recipients, do you have a spam bot on your network etc....
Once you have the issue cleaned up request a de-listing

You need to make sure you have this cleaned up or you will wind up back on a black list and it will be harder to get off the list

You should also check you DNS, and create an SPF record if you don't already have one, if you have your own SMTP server, make sure you  have reverse DNS set up properly
0
 

Author Comment

by:tomfontanilla
ID: 39782842
jrigobpt,
I did forget to mention, this. We did check if we are blacklisted, and run DNS query too. All is good.
0
 

Expert Comment

by:jrigobpt
ID: 39782874
secureserver.net is godaddy's email server, for some reason they flagged the message as spam. I am not sure if godaddy does any type of greylisting, or sender validation

One thing you could try is do an smtp test, via zone edit smtp
http://legacy.zoneedit.com/smtp.html

enter mail.secureserver.net as the host name of the email server
make the from address the email address of the user that was marked as spam
and the to address your original intended recipient

this will use zone edit's smtp servers to force a message to godaddy's server, and not use the IP address of your SMTP server.
This will let you know if your user is blacklisted.
0
 

Author Comment

by:tomfontanilla
ID: 39782912
I got this information from the SMTP test. It means we are not blacklisted. Please advise.

SMTP Connection:
OK, connected to 72.167.238.29...
< 220 p3plibsmtp01-08.prod.phx3.secureserver.net bizsmtp ESMTP server ready
> HELO edit.dnsvr.com
< 250 p3plibsmtp01-08.prod.phx3.secureserver.net hello [64.85.73.124], pleased to meet you
> MAIL FROM:<craigweindorf@interstatemc.com>
< 250 2.1.0 <user@domain.com> sender ok
> RCPT TO:<user@domain.com>
< 250 2.1.5 <user@domain.com> recipient ok
> DATA
< 354 enter mail, end with "." on a line by itself
> From: user@domain.com
> To: user@domain.com
> Subject: ZoneEdit Automated SMTP Test (72.167.238.29)
>
> If you received this, then the mail server (72.167.238.29) is probably working.
> Sent at 2014-01-15 09:19:28 by 65.51.189.226 using Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)
> .
< 250 2.0.0 EHKQ1n0132gtcsG01 mail accepted for delivery
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Expert Comment

by:jrigobpt
ID: 39783026
what can you tell me about the actual email that was sent? Attachments, images, subject etc...
Also, have you had the user who was rejected try sending another message? I would also try a web based email if that is available, such as Outlook Web Access
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39784706
If it is one user, then I would suspect they have a signature in place that isn't used when sending email by OWA and something about the signature is causing the message to be blocked.

The NDR does not indicate blacklisting at all, because it has happened at the end of the data being transmitted. If the block was a blacklist it would happen before that.

Simon.
0
 

Accepted Solution

by:
tomfontanilla earned 0 total points
ID: 39788614
Experts,
Thank you for all your comments. This issue was fix in-house. This is how we did it. the problem was on the email auto-complete list.

Traditional Outlook reset or resetting auto-complete list under outlook options (Mail Option) do not work.

You need to download the and install MFCMAPI

1.      On the Session menu, click Logon.
2.      If you are prompted for a profile, select the desired profile name, and then click OK.
3.      In the top pane, locate the line that corresponds to your mailbox, and then double-click it.
4.      In the left-side navigation pane, expand Root - Mailbox, and then expand Top of Information Store or IPM_SUBTREE.
5.      Right-click the Inbox folder, and then click Open Associated Content Table. This action opens a new MFCMAPI window that contains various properties.
6.      To avoid duplicate entries, you must delete the existing auto-complete message.

Note Before you delete the IPM.Configuration.Autocomplete message, you must export the message by using the steps in the "How to export the Auto-Complete cache" section.

To delete the existing auto-complete message, follow these steps:
7.      In the Subject column, locate the item that has the subject IPM.Configuration.Autocomplete.
8.      Right-click the item, and then click Delete message. This opens the Delete Item window.
9.      In the drop-down list, select Permanent deletion (deletes to deleted item retention if supported), and then click OK.
0
 

Author Closing Comment

by:tomfontanilla
ID: 39799470
In house fix.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
This video discusses moving either the default database or any database to a new volume.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now