Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3921
  • Last Modified:

Emails being rejected

This Monday I moved offices from one location to another.  I received a new IP block.  I modified my MX records and ptr records but did them incorrectly. I had incoming mail going to my Barracuda Spam device and outgoing mail leaving through my exchange server. When mail started being rejected I panicked and started sending mail outbound through my barracuda as well.  So now I have my mx record pointing to barracuda and my ptr record resolving to barracuda.  I made that last change today.  Mail is still bring rejected.  How can I validate that my current DNS configuration is good?.  Does this take time to resolve? And if so how long before they will start being delivered?

Please help... My email has been unstable for 3 days now and  things are not good!!
0
BSModlin
Asked:
BSModlin
  • 13
  • 8
1 Solution
 
Mandeep KhalsaCommented:
Have you seen the rejection emails you are getting? What does it exactly say? Have you checked the settings on Barracuda device to make sure it is not using 3rd party forwards or anything funky that changed due to the new IP block?
0
 
BSModlinAuthor Commented:
Here is an example of the undeliverable:
Diagnostic information for administrators:

Generating server: barracuda.structuredassetservices.com

jcrespo@netvoix.com
#< #5.0.0 X-Spam-&-Virus-Firewall; host netvoix-com.mail.eo.outlook.com[207.46.163.138] said: 550 5.7.1 Service unavailable; Client host [71.16.130.204] blocked using Blocklist 1; To request removal from this list please forward this message to delist@messaging.microsoft.com (in reply to RCPT TO command)> #SMTP#

Original message headers:

X-ASG-Debug-ID: 1392240338-06de93103a56360001-savSPn
Received: from sasmail.StructuredAssetServices.local ([10.1.10.27]) by
 barracuda.structuredassetservices.com with ESMTP id 0kig20pvPnqQ9aEt
 (version=TLSv1 cipher=AES128-SHA bits=128 verify=NO) for
 <jcrespo@netvoix.com>; Wed, 12 Feb 2014 16:25:38 -0500 (EST)
X-Barracuda-Envelope-From: bmodlin@structuredassetservices.com
Received: from sasmail.StructuredAssetServices.local
 ([fe80::10f:ad4d:a34a:7ec4]) by sasmail.StructuredAssetServices.local
 ([fe80::10f:ad4d:a34a:7ec4%11]) with mapi; Wed, 12 Feb 2014 16:26:03 -0500
From: Brian Modlin <bmodlin@structuredassetservices.com>
To: "jcrespo@netvoix.com" <jcrespo@netvoix.com>
Date: Wed, 12 Feb 2014 16:26:02 -0500
Subject: test
Thread-Topic: test
X-ASG-Orig-Subj: test
Thread-Index: Ac8oOQWrVlASy9wETQ+i2hLWv1bctw==
Message-ID: <0BAA22B50820694AA876F9AF0ECD9A6B16230FE146@sasmail.StructuredAssetServices.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/related;
      boundary="_006_0BAA22B50820694AA876F9AF0ECD9A6B16230FE146sasmailStruct_";
      type="multipart/alternative"
MIME-Version: 1.0
X-Barracuda-Connect: UNKNOWN[10.1.10.27]
X-Barracuda-Start-Time: 1392240338
X-Barracuda-Encrypted: AES128-SHA
X-Barracuda-URL: http://10.1.10.36:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at structuredassetservices.com
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=EXTRA_MPART_TYPE, HTML_MESSAGE
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.145061
      Rule breakdown below
       pts rule name              description
      ---- ---------------------- --------------------------------------------------
      0.00 EXTRA_MPART_TYPE       Header has extraneous Content-type:...type= entry
      0.00 HTML_MESSAGE           BODY: HTML included
0
 
Mandeep KhalsaCommented:
You are still blacklisted. Check the same section on other failed messages you are getting and if the messages are different post them here. But based on this header you need to get your network cleaned and unblocked first.  See the error message below:

#< #5.0.0 X-Spam-&-Virus-Firewall; host netvoix-com.mail.eo.outlook.com[207.46.163.138] said: 550 5.7.1 Service unavailable; Client host [71.16.130.204] blocked using Blocklist 1;
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
BSModlinAuthor Commented:
How do I get clean.... Can you verify that my current dns entries are correct...
0
 
Mandeep KhalsaCommented:
The best thing to do is to monitor port 25 on your network. The only IP address that should be utilizing that port should be your mail server or barracuda device. If any other IP address shows up then those machines are the ones you clean by running antivirus and anti malware scans (malwarebytes.org). If your server is infected you still have to clean it in the same way. Make sure you disconnect the machine from the network as soon as you figure out which one it is.

As for your DNS go to http://centralops.net and do a nslookup on your domain. Change the type from any to A or MX to see specific results. That should tell you what the outside world sees when they want to send you emails or access your other services.
0
 
BSModlinAuthor Commented:
Tried to run the utility and don't know how to use it.  I get no results... Sorry, but can you assist?
0
 
BSModlinAuthor Commented:
My MX = mail.structuredassetservices.com (points to barracuda)
My PTR = barracuda.structuredassetservices.com (points to barracuda)

Outbound mail relays through the barracuda and I believe the email headers say the mail is going out from barracuda.structuredassetservices.com

Is this the correct DNS configuration?
0
 
BSModlinAuthor Commented:
Also, here is the headers of the undeliverable message I received when trying to send mail:

Received: from barracuda.structuredassetservices.com (10.1.10.x) by
 sasmail.structuredassetservices.com (10.1.10.x) with Microsoft SMTP Server
 id 8.3.327.1; Thu, 13 Feb 2014 10:05:13 -0500
Received: by barracuda.structuredassetservices.com (Spam & Virus Firewall)      id
 DFECEBE99F; Thu, 13 Feb 2014 10:04:46 -0500 (EST)
Date: Thu, 13 Feb 2014 10:04:46 -0500
From: MAILER-DAEMON
Subject: Undelivered Mail Returned to Sender
To: <bmodlin@structuredassetservices.com>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
      boundary="138C8BE99D.1392303886/barracuda.structuredassetservices.com"
Message-ID: <20140213150446.DFECEBE99F@barracuda.structuredassetservices.com>
Return-Path: <>
0
 
BSModlinAuthor Commented:
According to the Headers and the DNS entries I posted above.... Are they correct?
0
 
BSModlinAuthor Commented:
Should the PTR reflect barracuda.structuredassetservices.com or sasmail.structuredassetservices.com?

All outbound mail is sent out from the Exchange server and then RELAYED through the barracuda.
0
 
Mandeep KhalsaCommented:
As far as your external DNS goes your MX pointing to mail.structuredassetservices.com looks good. I did a quick telnet to port 25 and your banner is not showing any names. It should really read mail.structuredassetservices.com

As for the internal issues, check your relay in Exchange. Is it still set to the correct IP addresses after the move? Also check the Barracuda device to make sure the IP of the exchange server is correct.

Goto http://testconnectivity.microsoft.com and see what results you get there. It should help a lot to resolve your issues.

PTR can be wrong at times because really you have to get your ISP to make that change on their end. It should not be the sole reason for rejection of emails.
0
 
BSModlinAuthor Commented:
When you sy "I did a quick telnet to port 25 and your banner is not showing any names. It should really read mail.structuredassetservices.com " .... are you saying that my PTR record should read mail.structuredassetservices.com?

Also, what if I added multiple PTRs... like:

mail.structuredassetservices.com and BARRACUDA.STRUCTUREDASSETSERVICES.com both pointing to the same IP?

Also, please remember the DNS entries I have now are way different than the original one's I created for the move.  I really screwed them up!!  Now that they are "fixed" or at least better, I am concerned that what I did last week is still affecting me now.  That is why I am trying to get a "Blessing" on my current config so I can feel confident.

Please clarify my questions above!!!!

Sorry, but I am desperate at this point!!  No stable mail in 4 days!!
0
 
Mandeep KhalsaCommented:
I think your DNS is fine on the external side. Internally I can't say for sure but if you are able to send and receive mails then your DNS is most likely set properly.

Did you try the Microsoft test site I sent you the link for? http://testconnectivity.microsoft.com

Update us on the status of what your system is doing now that certain things are fixed and some still aren't (still blacklisted).
0
 
BSModlinAuthor Commented:
Here are the results.....
RCATestResult.html
0
 
Mandeep KhalsaCommented:
The only thing the outbound test is saying that you do not have a SPF record which are easy to create. Walk through the wizard to get one created and update your DNS entries to reflect the generated SPF record. https://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

So at this point are you outbound emails still being rejected?
0
 
BSModlinAuthor Commented:
yes.... they are still being rejected..... Can you please answer the questions I had above:

"When you sy "I did a quick telnet to port 25 and your banner is not showing any names. It should really read mail.structuredassetservices.com " .... are you saying that my PTR record should read mail.structuredassetservices.com?

Also, what if I added multiple PTRs... like:

mail.structuredassetservices.com and BARRACUDA.STRUCTUREDASSETSERVICES.com both pointing to the same IP?"
0
 
Mandeep KhalsaCommented:
When people meet we say Hello to each other. The same way when email servers start the process of sending and receiving emails they do a "handshake". In this handshake they identify themselves with their names. This name is also listed on the banner.

For example google's mail server identifies itself as
220 mx.google.com ESMTP r6si802295qcl.98 - gsmtp

Open in new window


In your case, earlier it was coming up blank however now it shows this
220 barracuda.structuredassetservices.com ESMTP (54b580e75d81dcab857e0a4d65d1b878)

Open in new window


So your banner is now OK. As for the PTR's lets put that on hold because I don't think it is what is causing your problem here.

The original header you posted - It was for incoming email and its clear that it was rejected due to your IP being on the blacklist.

The second header you posted says:
Received: from barracuda.structuredassetservices.com (10.1.10.x) by
 sasmail.structuredassetservices.com (10.1.10.x) with Microsoft SMTP Server
 id 8.3.327.1;

Open in new window


Outbound mail relays through the barracuda and I believe the email headers say the mail is going out from barracuda.structuredassetservices.com

So the question is what is sasmail? Header says Barracuda forwarded the email to sasmail and your comment says the other way around.
0
 
BSModlinAuthor Commented:
sasmail is my exchange server
0
 
Mandeep KhalsaCommented:
I think you need to check your configuration again. It looks like from that outbound email header that the email went from Barracuda to Exchange Server, not the other way around.
0
 
BSModlinAuthor Commented:
Outbound mail is sent to my Exchange server (SASMAIL) from Outlook client.  It then sends that to my Barracuda and my barracuda sends it out ....


Inbound mail hits my barracuda and then it sends that to my exchange server (SASMAIL).
0
 
BSModlinAuthor Commented:
The header I uploaded is from the undeliverable sent back to me because the email I sent out was rejected.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 13
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now