WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network. Check out this quarters report on the threats that shook the industry in Q4 2017.
Emails being rejected
This Monday I moved offices from one location to another. I received a new IP block. I modified my MX records and ptr records but did them incorrectly. I had incoming mail going to my Barracuda Spam device and outgoing mail leaving through my exchange server. When mail started being rejected I panicked and started sending mail outbound through my barracuda as well. So now I have my mx record pointing to barracuda and my ptr record resolving to barracuda. I made that last change today. Mail is still bring rejected. How can I validate that my current DNS configuration is good?. Does this take time to resolve? And if so how long before they will start being delivered?
Please help... My email has been unstable for 3 days now and things are not good!!
Please help... My email has been unstable for 3 days now and things are not good!!
Who is Participating?
Have you seen the rejection emails you are getting? What does it exactly say? Have you checked the settings on Barracuda device to make sure it is not using 3rd party forwards or anything funky that changed due to the new IP block?
Here is an example of the undeliverable:
Diagnostic information for administrators:
Generating server: barracuda.structuredassets
jcrespo@netvoix.com
#< #5.0.0 X-Spam-&-Virus-Firewall; host netvoix-com.mail.eo.outloo
Original message headers:
X-ASG-Debug-ID: 1392240338-06de93103a56360
Received: from sasmail.StructuredAssetSer
barracuda.structuredassets
(version=TLSv1 cipher=AES128-SHA bits=128 verify=NO) for
<jcrespo@netvoix.com>; Wed, 12 Feb 2014 16:25:38 -0500 (EST)
X-Barracuda-Envelope-From:
Received: from sasmail.StructuredAssetSer
([fe80::10f:ad4d:a34a:7ec4
([fe80::10f:ad4d:a34a:7ec4
From: Brian Modlin <bmodlin@structuredassetse
To: "jcrespo@netvoix.com" <jcrespo@netvoix.com>
Date: Wed, 12 Feb 2014 16:26:02 -0500
Subject: test
Thread-Topic: test
X-ASG-Orig-Subj: test
Thread-Index: Ac8oOQWrVlASy9wETQ+i2hLWv1
Message-ID: <0BAA22B50820694AA876F9AF0
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/related;
boundary="_006_0BAA22B5082
type="multipart/alternativ
MIME-Version: 1.0
X-Barracuda-Connect: UNKNOWN[10.1.10.27]
X-Barracuda-Start-Time: 1392240338
X-Barracuda-Encrypted: AES128-SHA
X-Barracuda-URL: http://10.1.10.36:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at structuredassetservices.co
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=EXTRA_MPART_TYPE, HTML_MESSAGE
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.145061
Rule breakdown below
pts rule name description
---- ---------------------- --------------------------
0.00 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry
0.00 HTML_MESSAGE BODY: HTML included
Diagnostic information for administrators:
Generating server: barracuda.structuredassets
jcrespo@netvoix.com
#< #5.0.0 X-Spam-&-Virus-Firewall; host netvoix-com.mail.eo.outloo
Original message headers:
X-ASG-Debug-ID: 1392240338-06de93103a56360
Received: from sasmail.StructuredAssetSer
barracuda.structuredassets
(version=TLSv1 cipher=AES128-SHA bits=128 verify=NO) for
<jcrespo@netvoix.com>; Wed, 12 Feb 2014 16:25:38 -0500 (EST)
X-Barracuda-Envelope-From:
Received: from sasmail.StructuredAssetSer
([fe80::10f:ad4d:a34a:7ec4
([fe80::10f:ad4d:a34a:7ec4
From: Brian Modlin <bmodlin@structuredassetse
To: "jcrespo@netvoix.com" <jcrespo@netvoix.com>
Date: Wed, 12 Feb 2014 16:26:02 -0500
Subject: test
Thread-Topic: test
X-ASG-Orig-Subj: test
Thread-Index: Ac8oOQWrVlASy9wETQ+i2hLWv1
Message-ID: <0BAA22B50820694AA876F9AF0
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/related;
boundary="_006_0BAA22B5082
type="multipart/alternativ
MIME-Version: 1.0
X-Barracuda-Connect: UNKNOWN[10.1.10.27]
X-Barracuda-Start-Time: 1392240338
X-Barracuda-Encrypted: AES128-SHA
X-Barracuda-URL: http://10.1.10.36:8000/cgi-mod/mark.cgi
X-Virus-Scanned: by bsmtpd at structuredassetservices.co
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 0.00
X-Barracuda-Spam-Status: No, SCORE=0.00 using global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 tests=EXTRA_MPART_TYPE, HTML_MESSAGE
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.145061
Rule breakdown below
pts rule name description
---- ---------------------- --------------------------
0.00 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry
0.00 HTML_MESSAGE BODY: HTML included
You are still blacklisted. Check the same section on other failed messages you are getting and if the messages are different post them here. But based on this header you need to get your network cleaned and unblocked first. See the error message below:
#< #5.0.0 X-Spam-&-Virus-Firewall; host netvoix-com.mail.eo.outloo
#< #5.0.0 X-Spam-&-Virus-Firewall; host netvoix-com.mail.eo.outloo
The best thing to do is to monitor port 25 on your network. The only IP address that should be utilizing that port should be your mail server or barracuda device. If any other IP address shows up then those machines are the ones you clean by running antivirus and anti malware scans (malwarebytes.org). If your server is infected you still have to clean it in the same way. Make sure you disconnect the machine from the network as soon as you figure out which one it is.
As for your DNS go to http://centralops.net and do a nslookup on your domain. Change the type from any to A or MX to see specific results. That should tell you what the outside world sees when they want to send you emails or access your other services.
As for your DNS go to http://centralops.net and do a nslookup on your domain. Change the type from any to A or MX to see specific results. That should tell you what the outside world sees when they want to send you emails or access your other services.
Tried to run the utility and don't know how to use it. I get no results... Sorry, but can you assist?
My MX = mail.structuredassetservic
My PTR = barracuda.structuredassets
Outbound mail relays through the barracuda and I believe the email headers say the mail is going out from barracuda.structuredassets
Is this the correct DNS configuration?
My PTR = barracuda.structuredassets
Outbound mail relays through the barracuda and I believe the email headers say the mail is going out from barracuda.structuredassets
Is this the correct DNS configuration?
Also, here is the headers of the undeliverable message I received when trying to send mail:
Received: from barracuda.structuredassets
sasmail.structuredassetser
id 8.3.327.1; Thu, 13 Feb 2014 10:05:13 -0500
Received: by barracuda.structuredassets
DFECEBE99F; Thu, 13 Feb 2014 10:04:46 -0500 (EST)
Date: Thu, 13 Feb 2014 10:04:46 -0500
From: MAILER-DAEMON
Subject: Undelivered Mail Returned to Sender
To: <bmodlin@structuredassetse
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-statu
boundary="138C8BE99D.13923
Message-ID: <20140213150446.DFECEBE99F
Return-Path: <>
Received: from barracuda.structuredassets
sasmail.structuredassetser
id 8.3.327.1; Thu, 13 Feb 2014 10:05:13 -0500
Received: by barracuda.structuredassets
DFECEBE99F; Thu, 13 Feb 2014 10:04:46 -0500 (EST)
Date: Thu, 13 Feb 2014 10:04:46 -0500
From: MAILER-DAEMON
Subject: Undelivered Mail Returned to Sender
To: <bmodlin@structuredassetse
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-statu
boundary="138C8BE99D.13923
Message-ID: <20140213150446.DFECEBE99F
Return-Path: <>
Should the PTR reflect barracuda.structuredassets
All outbound mail is sent out from the Exchange server and then RELAYED through the barracuda.
All outbound mail is sent out from the Exchange server and then RELAYED through the barracuda.
As far as your external DNS goes your MX pointing to mail.structuredassetservic
As for the internal issues, check your relay in Exchange. Is it still set to the correct IP addresses after the move? Also check the Barracuda device to make sure the IP of the exchange server is correct.
Goto http://testconnectivity.microsoft.com and see what results you get there. It should help a lot to resolve your issues.
PTR can be wrong at times because really you have to get your ISP to make that change on their end. It should not be the sole reason for rejection of emails.
As for the internal issues, check your relay in Exchange. Is it still set to the correct IP addresses after the move? Also check the Barracuda device to make sure the IP of the exchange server is correct.
Goto http://testconnectivity.microsoft.com and see what results you get there. It should help a lot to resolve your issues.
PTR can be wrong at times because really you have to get your ISP to make that change on their end. It should not be the sole reason for rejection of emails.
When you sy "I did a quick telnet to port 25 and your banner is not showing any names. It should really read mail.structuredassetservic
Also, what if I added multiple PTRs... like:
mail.structuredassetservic
Also, please remember the DNS entries I have now are way different than the original one's I created for the move. I really screwed them up!! Now that they are "fixed" or at least better, I am concerned that what I did last week is still affecting me now. That is why I am trying to get a "Blessing" on my current config so I can feel confident.
Please clarify my questions above!!!!
Sorry, but I am desperate at this point!! No stable mail in 4 days!!
Also, what if I added multiple PTRs... like:
mail.structuredassetservic
Also, please remember the DNS entries I have now are way different than the original one's I created for the move. I really screwed them up!! Now that they are "fixed" or at least better, I am concerned that what I did last week is still affecting me now. That is why I am trying to get a "Blessing" on my current config so I can feel confident.
Please clarify my questions above!!!!
Sorry, but I am desperate at this point!! No stable mail in 4 days!!
I think your DNS is fine on the external side. Internally I can't say for sure but if you are able to send and receive mails then your DNS is most likely set properly.
Did you try the Microsoft test site I sent you the link for? http://testconnectivity.microsoft.com
Update us on the status of what your system is doing now that certain things are fixed and some still aren't (still blacklisted).
Did you try the Microsoft test site I sent you the link for? http://testconnectivity.microsoft.com
Update us on the status of what your system is doing now that certain things are fixed and some still aren't (still blacklisted).
Here are the results.....
RCATestResult.html
RCATestResult.html
The only thing the outbound test is saying that you do not have a SPF record which are easy to create. Walk through the wizard to get one created and update your DNS entries to reflect the generated SPF record. https://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
So at this point are you outbound emails still being rejected?
So at this point are you outbound emails still being rejected?
yes.... they are still being rejected..... Can you please answer the questions I had above:
"When you sy "I did a quick telnet to port 25 and your banner is not showing any names. It should really read mail.structuredassetservic
Also, what if I added multiple PTRs... like:
mail.structuredassetservic
"When you sy "I did a quick telnet to port 25 and your banner is not showing any names. It should really read mail.structuredassetservic
Also, what if I added multiple PTRs... like:
mail.structuredassetservic
I think you need to check your configuration again. It looks like from that outbound email header that the email went from Barracuda to Exchange Server, not the other way around.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
-
Course of the Month10 days, 11 hours left to enrollMonitoring and Operating a Private Cloud with System Center 2012 R2 273 lessons
For example google's mail server identifies itself as
Open in new window
In your case, earlier it was coming up blank however now it shows this
Open in new window
So your banner is now OK. As for the PTR's lets put that on hold because I don't think it is what is causing your problem here.
The original header you posted - It was for incoming email and its clear that it was rejected due to your IP being on the blacklist.
The second header you posted says:
Open in new window
So the question is what is sasmail? Header says Barracuda forwarded the email to sasmail and your comment says the other way around.