Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 19155
  • Last Modified:

Remote Server returned '550 5.7.1 Recipient not authorized, your IP has been found on a block list'

Hi Exchange Expert,

Two  customer of ours are getting mail rejected from us because they are on a block list. In the past, I would add them in the Hub Transport Anti-Spam IP Allow List Providers and everything would be fine. This time it didn't resolve the issue.  Is it possible that this issue isn't being caused by our Exchange server or dns/MX record misconfiguration on their part.  

I observed that one of them is using the Exchange Online Protection since they have example.protection.outlook.com when queried using mxtoolbox.com and other is hosted Exchange (prod.exchange-labs.com)

Here is NDR message that external users receiving:

mail.abc.com (domain removed) rejected your message to the following email addresses:

John Excel (jexel@abc.com)
mail.abc.com  gave this error:
Recipient not authorized, your IP has been found on a block list

Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept email from certain senders, or another restriction may be preventing delivery.

 Diagnostic information for administrators:

Generating server: BY2PR01MB361.prod.exchangelabs.com
jexcel@abc.com
mail.abc.com
Remote Server returned '550 5.7.1 Recipient not authorized, your IP has been found on a block list'

 Original message headers:

Received: from BY2PR01MB171.prod.exchangelabs.com (10.242.233.153) by
 BY2PR01MB361.prod.exchangelabs.com (10.141.139.142) with Microsoft SMTP
 Server (TLS) id 15.0.883.10; Tue, 25 Feb 2014 19:36:44 +0000
Received: from BY2PR01MB171.prod.exchangelabs.com ([10.242.233.153]) by
 BY2PR01MB171.prod.exchangelabs.com ([10.242.233.153]) with mapi id
 15.00.0883.010; Tue, 25 Feb 2014 19:36:44 +0000
From: Derrick<Derrick.lee@xyz.com>
To: "John Excel" <jexcel@abc.com>
Subject: Test
Thread-Topic: Test
Thread-Index: Ac8yYOSt96staBysRta1C6vrdIFedQ==
Date: Tue, 25 Feb 2014 19:36:43 +0000
Message-ID: <aba69f29b4b74cc598456b541ec90917@BY2PR01MB171.prod.exchangelabs.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Test:
x-originating-ip: [50.1.2.23] (this is not real)
x-forefront-prvs: 01334458E5
x-forefront-antispam-report: SFV:NSPM;SFS:(10009001)(6009001)(199002)(189002)(15202345003)(74316001)(51856001)(90146001)(4396001)(87266001)(74366001)(69226001)(87936001)(95666003)(2656002)(66066001)(76482001)(85852003)(81342001)(65816001)(31966008)(54316002)(92566001)(16236675002)(85306002)(555874004)(56776001)(558084003)(46102001)(56816005)(63696002)(76786001)(53806001)(59766001)(50986001)(77982001)(47976001)(47736001)(47446002)(83072002)(74662001)(54356001)(81542001)(74706001)(81816001)(80976001)(93516002)(83322001)(80022001)(49866001)(74876001)(93136001)(15975445006)(86362001)(19300405004)(33646001)(19580395003)(94316002)(79102001)(76796001)(74502001)(94946001)(95416001)(81686001)(76176001)(24736002);DIR:OUT;SFP:1101;SCL:1;SRVR:BY2PR01MB361;H:BY2PR01MB171.prod.exchangelabs.com;CLIP:157.130.40.106;FPR:;PTR:InfoNoRecords;A:1;MX:1;LANG:;
Content-Type: multipart/alternative;
        boundary="_000_aba69f29b4b74cc598456b541ec90917BY2PR01MB171prodexchang_"
MIME-Version: 1.0
X-OriginatorOrg: xyz.com

Any help would be really appreciated.

Thanks,
1
Deorali
Asked:
Deorali
1 Solution
 
Shreedhar EtteCommented:
Hello,

Go to http://mxtoolbox.com/blacklists.aspx 

Perform Black list check for your domain and exchange server public ip address.

If it is balck listed them remove from RBL to restore mail flow.
0
 
DeoraliAuthor Commented:
Shredhar,

Already checked. My mail server is not blacklisted.  So far only two external users mails are being rejected.
0
 
Alan HardistyCo-OwnerCommented:
If your server is being rejected you will be found on a blocklist somewhere.

Have you checked on www.blacklistalert.org too?

Alan
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Simon Butler (Sembee)ConsultantCommented:
"Two  customer of ours are getting mail rejected from us because they are on a block list. In the past, I would add them in the Hub Transport Anti-Spam IP Allow List Providers and everything would be fine."

That doesn't make sense.

If you are blocking them, then adding them to the list is fine.
If they are blocking you, then it wouldn't do.

It isn't clear whether this is INBOUND or OUTBOUND email (to you).
If it is INBOUND, then you are blocking them, and need to establish why.
If it is OUTBOUND then you are being blocked, which means you are on a blacklist. Office365 uses its own internal blacklist.

Simon.
0
 
DeoraliAuthor Commented:
Just to be clear. The issue is that mail from external users (INBOUND) are being rejected by my mail server. The above mentioned NDR message is what external user is getting. It is with just two external users.

Yes, I whitelisted the IP and domain in the exchange server but still the issue does not go away.
0
 
Simon Butler (Sembee)ConsultantCommented:
The first thing I would do is modify the NDR so it reports which blacklist it was found on. That will probably mean an NDR for each blacklist.

To do this, use a custom response code:
https://social.technet.microsoft.com/wiki/contents/articles/5071.exchange-2010-ip-block-list-providers-and-the-variables.aspx

After whitelisting, did you restart the transport service?
Are you sure you had the correct IP address that the messages are coming from? You have mentioned they are using hosted Exchange providers, do they route their OUTBOUND email from them?

Simon.
0
 
DeoraliAuthor Commented:
External user was using Office 365.  Office 365 use a range of IPs and  it so happened that IP of their outbound mail server was blacklisted on that particular day.  Following day  our mail server was able to process incoming mail from their mail server.

Thank you all for Simon and the rest for your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now