Solved

Emails being rejected

Posted on 2014-02-12
21
2,830 Views
Last Modified: 2014-02-16
This Monday I moved offices from one location to another.  I received a new IP block.  I modified my MX records and ptr records but did them incorrectly. I had incoming mail going to my Barracuda Spam device and outgoing mail leaving through my exchange server. When mail started being rejected I panicked and started sending mail outbound through my barracuda as well.  So now I have my mx record pointing to barracuda and my ptr record resolving to barracuda.  I made that last change today.  Mail is still bring rejected.  How can I validate that my current DNS configuration is good?.  Does this take time to resolve? And if so how long before they will start being delivered?

Please help... My email has been unstable for 3 days now and  things are not good!!
0
Comment
Question by:BSModlin
  • 13
  • 8
21 Comments
 
LVL 8

Expert Comment

by:Mandeep Khalsa
ID: 39854951
Have you seen the rejection emails you are getting? What does it exactly say? Have you checked the settings on Barracuda device to make sure it is not using 3rd party forwards or anything funky that changed due to the new IP block?
0
 

Author Comment

by:BSModlin
ID: 39854994
Here is an example of the undeliverable:
Diagnostic information for administrators:

Generating server: barracuda.structuredassetservices.com

jcrespo@netvoix.com
#< #5.0.0 X-Spam-&-Virus-Firewall; host netvoix-com.mail.eo.outlook.com[207.46.163.138] said: 550 5.7.1 Service unavailable; Client host [71.16.130.204] blocked using Blocklist 1; To request removal from this list please forward this message to delist@messaging.microsoft.com (in reply to RCPT TO command)> #SMTP#

Original message headers:

X-ASG-Debug-ID: 1392240338-06de93103a56360001-savSPn
Received: from sasmail.StructuredAssetServices.local ([10.1.10.27]) by
 barracuda.structuredassetservices.com with ESMTP id 0kig20pvPnqQ9aEt
 (version=TLSv1 cipher=AES128-SHA bits=128 verify=NO) for
 <jcrespo@netvoix.com>; Wed, 12 Feb 2014 16:25:38 -0500 (EST)
X-Barracuda-Envelope-From: bmodlin@structuredassetservices.com
Received: from sasmail.StructuredAssetServices.local
 ([fe80::10f:ad4d:a34a:7ec4]) by sasmail.StructuredAssetServices.local
 ([fe80::10f:ad4d:a34a:7ec4%11]) with mapi; Wed, 12 Feb 2014 16:26:03 -0500
From: Brian Modlin <bmodlin@structuredassetservices.com>
To: "jcrespo@netvoix.com" <jcrespo@netvoix.com>
Date: Wed, 12 Feb 2014 16:26:02 -0500
Subject: test
Thread-Topic: test
X-ASG-Orig-Subj: test
Thread-Index: Ac8oOQWrVlASy9wETQ+i2hLWv1bctw==
Message-ID: <0BAA22B50820694AA876F9AF0ECD9A6B16230FE146@sasmail.StructuredAssetServices.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/related;
      boundary="_006_0BAA22B50820694AA876F9AF0ECD9A6B16230FE146sasmailStruct_";
      type="multipart/alternative"
MIME-Version: 1.0
X-Barracuda-Connect: UNKNOWN[10.1.10.27]
X-Barracuda-Start-Time: 1392240338
X-Barracuda-Encrypted: AES128-SHA
X-Barracuda-URL: http://10.1.10.36:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at structuredassetservices.com
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=EXTRA_MPART_TYPE, HTML_MESSAGE
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.145061
      Rule breakdown below
       pts rule name              description
      ---- ---------------------- --------------------------------------------------
      0.00 EXTRA_MPART_TYPE       Header has extraneous Content-type:...type= entry
      0.00 HTML_MESSAGE           BODY: HTML included
0
 
LVL 8

Expert Comment

by:Mandeep Khalsa
ID: 39855926
You are still blacklisted. Check the same section on other failed messages you are getting and if the messages are different post them here. But based on this header you need to get your network cleaned and unblocked first.  See the error message below:

#< #5.0.0 X-Spam-&-Virus-Firewall; host netvoix-com.mail.eo.outlook.com[207.46.163.138] said: 550 5.7.1 Service unavailable; Client host [71.16.130.204] blocked using Blocklist 1;
0
 

Author Comment

by:BSModlin
ID: 39855940
How do I get clean.... Can you verify that my current dns entries are correct...
0
 
LVL 8

Expert Comment

by:Mandeep Khalsa
ID: 39855970
The best thing to do is to monitor port 25 on your network. The only IP address that should be utilizing that port should be your mail server or barracuda device. If any other IP address shows up then those machines are the ones you clean by running antivirus and anti malware scans (malwarebytes.org). If your server is infected you still have to clean it in the same way. Make sure you disconnect the machine from the network as soon as you figure out which one it is.

As for your DNS go to http://centralops.net and do a nslookup on your domain. Change the type from any to A or MX to see specific results. That should tell you what the outside world sees when they want to send you emails or access your other services.
0
 

Author Comment

by:BSModlin
ID: 39856134
Tried to run the utility and don't know how to use it.  I get no results... Sorry, but can you assist?
0
 

Author Comment

by:BSModlin
ID: 39856225
My MX = mail.structuredassetservices.com (points to barracuda)
My PTR = barracuda.structuredassetservices.com (points to barracuda)

Outbound mail relays through the barracuda and I believe the email headers say the mail is going out from barracuda.structuredassetservices.com

Is this the correct DNS configuration?
0
 

Author Comment

by:BSModlin
ID: 39856247
Also, here is the headers of the undeliverable message I received when trying to send mail:

Received: from barracuda.structuredassetservices.com (10.1.10.x) by
 sasmail.structuredassetservices.com (10.1.10.x) with Microsoft SMTP Server
 id 8.3.327.1; Thu, 13 Feb 2014 10:05:13 -0500
Received: by barracuda.structuredassetservices.com (Spam & Virus Firewall)      id
 DFECEBE99F; Thu, 13 Feb 2014 10:04:46 -0500 (EST)
Date: Thu, 13 Feb 2014 10:04:46 -0500
From: MAILER-DAEMON
Subject: Undelivered Mail Returned to Sender
To: <bmodlin@structuredassetservices.com>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
      boundary="138C8BE99D.1392303886/barracuda.structuredassetservices.com"
Message-ID: <20140213150446.DFECEBE99F@barracuda.structuredassetservices.com>
Return-Path: <>
0
 

Author Comment

by:BSModlin
ID: 39856254
According to the Headers and the DNS entries I posted above.... Are they correct?
0
 

Author Comment

by:BSModlin
ID: 39856272
Should the PTR reflect barracuda.structuredassetservices.com or sasmail.structuredassetservices.com?

All outbound mail is sent out from the Exchange server and then RELAYED through the barracuda.
0
Do email signature updates give you a headache?

Do you spend too much time managing email signatures? Hate visiting every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Well, let Exclaimer give your company the email signature it deserves!

 
LVL 8

Expert Comment

by:Mandeep Khalsa
ID: 39856297
As far as your external DNS goes your MX pointing to mail.structuredassetservices.com looks good. I did a quick telnet to port 25 and your banner is not showing any names. It should really read mail.structuredassetservices.com

As for the internal issues, check your relay in Exchange. Is it still set to the correct IP addresses after the move? Also check the Barracuda device to make sure the IP of the exchange server is correct.

Goto http://testconnectivity.microsoft.com and see what results you get there. It should help a lot to resolve your issues.

PTR can be wrong at times because really you have to get your ISP to make that change on their end. It should not be the sole reason for rejection of emails.
0
 

Author Comment

by:BSModlin
ID: 39856353
When you sy "I did a quick telnet to port 25 and your banner is not showing any names. It should really read mail.structuredassetservices.com " .... are you saying that my PTR record should read mail.structuredassetservices.com?

Also, what if I added multiple PTRs... like:

mail.structuredassetservices.com and BARRACUDA.STRUCTUREDASSETSERVICES.com both pointing to the same IP?

Also, please remember the DNS entries I have now are way different than the original one's I created for the move.  I really screwed them up!!  Now that they are "fixed" or at least better, I am concerned that what I did last week is still affecting me now.  That is why I am trying to get a "Blessing" on my current config so I can feel confident.

Please clarify my questions above!!!!

Sorry, but I am desperate at this point!!  No stable mail in 4 days!!
0
 
LVL 8

Expert Comment

by:Mandeep Khalsa
ID: 39856601
I think your DNS is fine on the external side. Internally I can't say for sure but if you are able to send and receive mails then your DNS is most likely set properly.

Did you try the Microsoft test site I sent you the link for? http://testconnectivity.microsoft.com

Update us on the status of what your system is doing now that certain things are fixed and some still aren't (still blacklisted).
0
 

Author Comment

by:BSModlin
ID: 39856631
Here are the results.....
RCATestResult.html
0
 
LVL 8

Expert Comment

by:Mandeep Khalsa
ID: 39856707
The only thing the outbound test is saying that you do not have a SPF record which are easy to create. Walk through the wizard to get one created and update your DNS entries to reflect the generated SPF record. https://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

So at this point are you outbound emails still being rejected?
0
 

Author Comment

by:BSModlin
ID: 39856855
yes.... they are still being rejected..... Can you please answer the questions I had above:

"When you sy "I did a quick telnet to port 25 and your banner is not showing any names. It should really read mail.structuredassetservices.com " .... are you saying that my PTR record should read mail.structuredassetservices.com?

Also, what if I added multiple PTRs... like:

mail.structuredassetservices.com and BARRACUDA.STRUCTUREDASSETSERVICES.com both pointing to the same IP?"
0
 
LVL 8

Accepted Solution

by:
Mandeep Khalsa earned 500 total points
ID: 39856926
When people meet we say Hello to each other. The same way when email servers start the process of sending and receiving emails they do a "handshake". In this handshake they identify themselves with their names. This name is also listed on the banner.

For example google's mail server identifies itself as
220 mx.google.com ESMTP r6si802295qcl.98 - gsmtp

Open in new window


In your case, earlier it was coming up blank however now it shows this
220 barracuda.structuredassetservices.com ESMTP (54b580e75d81dcab857e0a4d65d1b878)

Open in new window


So your banner is now OK. As for the PTR's lets put that on hold because I don't think it is what is causing your problem here.

The original header you posted - It was for incoming email and its clear that it was rejected due to your IP being on the blacklist.

The second header you posted says:
Received: from barracuda.structuredassetservices.com (10.1.10.x) by
 sasmail.structuredassetservices.com (10.1.10.x) with Microsoft SMTP Server
 id 8.3.327.1;

Open in new window


Outbound mail relays through the barracuda and I believe the email headers say the mail is going out from barracuda.structuredassetservices.com

So the question is what is sasmail? Header says Barracuda forwarded the email to sasmail and your comment says the other way around.
0
 

Author Comment

by:BSModlin
ID: 39857016
sasmail is my exchange server
0
 
LVL 8

Expert Comment

by:Mandeep Khalsa
ID: 39857044
I think you need to check your configuration again. It looks like from that outbound email header that the email went from Barracuda to Exchange Server, not the other way around.
0
 

Author Comment

by:BSModlin
ID: 39857077
Outbound mail is sent to my Exchange server (SASMAIL) from Outlook client.  It then sends that to my Barracuda and my barracuda sends it out ....


Inbound mail hits my barracuda and then it sends that to my exchange server (SASMAIL).
0
 

Author Comment

by:BSModlin
ID: 39857081
The header I uploaded is from the undeliverable sent back to me because the email I sent out was rejected.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Email signatures have numerous marketing benefits. Here are 8 top reasons to turn your email signature into a marketing channel.
Resolve DNS query failed errors for Exchange
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now