Solved

NDR message from email server, can't send

Posted on 2014-03-26
7
1,029 Views
Last Modified: 2014-03-27
I have a weird problem with emailing out.
This problem happens to only one recipient, it just started happening today.
When we send emails to him, all reaches except one with attachment and 'credit card' on subject.

I seems like the recipient email server rejects based on their spam  filtering, but the NDR message seems as it's actually from our email server(sending out).
============================================

Your message did not reach some or all of the intended recipients.

      Subject:      CREDIT CARD   XXXXXXX XXXXX  xXXXXXX
      Sent:      3/26/2014 2:13 PM

The following recipient(s) could not be reached:

      recipeint@hisdomain.com on 3/26/2014 2:13 PM
            The recipient could not be processed because it would violate the security policy in force
            <mail.mydomain.com #5.7.0 smtp;550 5.7.0 Local Policy Violation>
=======================================

As you see, the NDR message says "  <mail.mydomain.com #5.7.0 smtp;550 5.7.0 Local Policy Violation>" which seems as the problem was from our side.


We use GFI mailessential + exchange server 2003 std
0
Comment
Question by:crcsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 14

Assisted Solution

by:Justin Yeung
Justin Yeung earned 500 total points
ID: 39957342
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39957466
I tested sending emails to the trouble recipient, the email consisted email message with 'credit card' and 3 attachments, 1 .doc file and 2 .rtf files.
I sent sample emails;

case 1: without attachment.  OK
case 2: with attachment and subject without 'credit card' on both. NDR
case 3: with only the .doc attachment OK
case 4: with only the two .rtf attachments. NDR

So, now the email with .rtf (rich text format) attachments doesn't reach. This is filtering activity either on email server or spam filter. As we don't scan outgoing emails, I guess the recipient email server does, but still I can't convince the recipient system admins because  the NDR says (seems as) it's from our email server. How can I show their system admin if it's really from their spam filter? Because SMTP log and NDR are only that I have.

Or do I really have problem somewhere except our email server and spam filter?
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39957540
The following is the exchange log I found;


2014-03-26 21:09:56 xx.xxx.xxx.xxx OutboundConnectionResponse SMTPSVC1 EXCHANG_SERV - 25 - - 220+mx0a-0015f701.pphosted.com+ESMTP+mfa-m0043804 0 0 49 0 1219 SMTP - - - -
2014-03-26 21:09:56 xx.xxx.xxx.xxx OutboundConnectionCommand SMTPSVC1 EXCHANG_SERV - 25 EHLO - mail.mydomain.com 0 0 4 0 1219 SMTP - - - -
2014-03-26 21:09:56 xx.xxx.xxx.xxx OutboundConnectionResponse SMTPSVC1 EXCHANG_SERV - 25 - - 250-mx0a-0015f701.pphosted.com+Hello+mail.mydomain.com+[AAA.AAA.AAA.AAA (my email server NAT IP)],+pleased+to+meet+you 0 0 97 0 1297 SMTP - - - -
2014-03-26 21:09:57 xx.xxx.xxx.xxx OutboundConnectionCommand SMTPSVC1 EXCHANG_SERV - 25 MAIL - FROM:<myname@mydomain.com> 0 0 4 0 2281 SMTP - - - -
2014-03-26 21:09:57 xx.xxx.xxx.xxx OutboundConnectionResponse SMTPSVC1 EXCHANG_SERV - 25 - - 250+2.1.0+Sender+ok 0 0 19 0 2375 SMTP - - - -
2014-03-26 21:09:57 xx.xxx.xxx.xxx OutboundConnectionCommand SMTPSVC1 EXCHANG_SERV - 25 RCPT - TO:<hisname@hisdomain.com> 0 0 4 0 2375 SMTP - - - -
2014-03-26 21:09:57 xx.xxx.xxx.xxx OutboundConnectionResponse SMTPSVC1 EXCHANG_SERV - 25 - - 250+2.1.5+Recipient+ok 0 0 22 0 2453 SMTP - - - -
2014-03-26 21:09:57 xx.xxx.xxx.xxx OutboundConnectionCommand SMTPSVC1 EXCHANG_SERV - 25 DATA - - 0 0 4 0 2453 SMTP - - - -
2014-03-26 21:09:57 xx.xxx.xxx.xxx OutboundConnectionResponse SMTPSVC1 EXCHANG_SERV - 25 - - 354+Enter+mail,+end+with+"."+on+a+line+by+itself 0 0 48 0 2547 SMTP - - - -
2014-03-26 21:10:04 xx.xxx.xxx.xxx OutboundConnectionResponse SMTPSVC1 EXCHANG_SERV - 25 - - 550+5.7.0+Local+Policy+Violation 0 0 32 0 8750 SMTP - - - -
2014-03-26 21:10:04 xx.xxx.xxx.xxx OutboundConnectionCommand SMTPSVC1 EXCHANG_SERV - 25 QUIT - - 0 0 4 0 9250 SMTP - - - -
2014-03-26 21:10:04 xx.xxx.xxx.xxx OutboundConnectionResponse SMTPSVC1 EXCHANG_SERV - 25 - - 221+2.0.0+mx0a-0015f701.pphosted.com+Closing+connection 0 0 55 0 9328 SMTP - - - -
0
Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!

 
LVL 14

Assisted Solution

by:Justin Yeung
Justin Yeung earned 500 total points
ID: 39957826
2014-03-26 21:10:04 xx.xxx.xxx.xxx OutboundConnectionResponse SMTPSVC1 EXCHANG_SERV - 25 - - 550+5.7.0+Local+Policy+Violation 0 0 32 0 8750 SMTP - - - -

Who's ip is that ( yours or other)
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39959273
That's our IP address
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39959283
But you know before that, local violation, our server is connected to their server, then local violation occurred soon  after our exchange server finished with '.' ending the outbound email. Isn't that the response from their pphosted.com (spam audit) machine, not from ours?
0
 
LVL 14

Accepted Solution

by:
Justin Yeung earned 500 total points
ID: 39959716
This is not from your server at all

It is basically doing a Helo (relay) on the recipient server via your exchange server

Your connection got closed without success

Please contact the administrator on the other end
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This Micro Tutorial will demonstrate the easy use of Gmail embedding images in your email so the recipient of your email can view them in context.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question