Solved

NDR message from email server, can't send

Posted on 2014-03-26
7
961 Views
Last Modified: 2014-03-27
I have a weird problem with emailing out.
This problem happens to only one recipient, it just started happening today.
When we send emails to him, all reaches except one with attachment and 'credit card' on subject.

I seems like the recipient email server rejects based on their spam  filtering, but the NDR message seems as it's actually from our email server(sending out).
============================================

Your message did not reach some or all of the intended recipients.

      Subject:      CREDIT CARD   XXXXXXX XXXXX  xXXXXXX
      Sent:      3/26/2014 2:13 PM

The following recipient(s) could not be reached:

      recipeint@hisdomain.com on 3/26/2014 2:13 PM
            The recipient could not be processed because it would violate the security policy in force
            <mail.mydomain.com #5.7.0 smtp;550 5.7.0 Local Policy Violation>
=======================================

As you see, the NDR message says "  <mail.mydomain.com #5.7.0 smtp;550 5.7.0 Local Policy Violation>" which seems as the problem was from our side.


We use GFI mailessential + exchange server 2003 std
0
Comment
Question by:crcsupport
  • 4
  • 3
7 Comments
 
LVL 14

Assisted Solution

by:Justin Yeung
Justin Yeung earned 500 total points
ID: 39957342
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39957466
I tested sending emails to the trouble recipient, the email consisted email message with 'credit card' and 3 attachments, 1 .doc file and 2 .rtf files.
I sent sample emails;

case 1: without attachment.  OK
case 2: with attachment and subject without 'credit card' on both. NDR
case 3: with only the .doc attachment OK
case 4: with only the two .rtf attachments. NDR

So, now the email with .rtf (rich text format) attachments doesn't reach. This is filtering activity either on email server or spam filter. As we don't scan outgoing emails, I guess the recipient email server does, but still I can't convince the recipient system admins because  the NDR says (seems as) it's from our email server. How can I show their system admin if it's really from their spam filter? Because SMTP log and NDR are only that I have.

Or do I really have problem somewhere except our email server and spam filter?
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39957540
The following is the exchange log I found;


2014-03-26 21:09:56 xx.xxx.xxx.xxx OutboundConnectionResponse SMTPSVC1 EXCHANG_SERV - 25 - - 220+mx0a-0015f701.pphosted.com+ESMTP+mfa-m0043804 0 0 49 0 1219 SMTP - - - -
2014-03-26 21:09:56 xx.xxx.xxx.xxx OutboundConnectionCommand SMTPSVC1 EXCHANG_SERV - 25 EHLO - mail.mydomain.com 0 0 4 0 1219 SMTP - - - -
2014-03-26 21:09:56 xx.xxx.xxx.xxx OutboundConnectionResponse SMTPSVC1 EXCHANG_SERV - 25 - - 250-mx0a-0015f701.pphosted.com+Hello+mail.mydomain.com+[AAA.AAA.AAA.AAA (my email server NAT IP)],+pleased+to+meet+you 0 0 97 0 1297 SMTP - - - -
2014-03-26 21:09:57 xx.xxx.xxx.xxx OutboundConnectionCommand SMTPSVC1 EXCHANG_SERV - 25 MAIL - FROM:<myname@mydomain.com> 0 0 4 0 2281 SMTP - - - -
2014-03-26 21:09:57 xx.xxx.xxx.xxx OutboundConnectionResponse SMTPSVC1 EXCHANG_SERV - 25 - - 250+2.1.0+Sender+ok 0 0 19 0 2375 SMTP - - - -
2014-03-26 21:09:57 xx.xxx.xxx.xxx OutboundConnectionCommand SMTPSVC1 EXCHANG_SERV - 25 RCPT - TO:<hisname@hisdomain.com> 0 0 4 0 2375 SMTP - - - -
2014-03-26 21:09:57 xx.xxx.xxx.xxx OutboundConnectionResponse SMTPSVC1 EXCHANG_SERV - 25 - - 250+2.1.5+Recipient+ok 0 0 22 0 2453 SMTP - - - -
2014-03-26 21:09:57 xx.xxx.xxx.xxx OutboundConnectionCommand SMTPSVC1 EXCHANG_SERV - 25 DATA - - 0 0 4 0 2453 SMTP - - - -
2014-03-26 21:09:57 xx.xxx.xxx.xxx OutboundConnectionResponse SMTPSVC1 EXCHANG_SERV - 25 - - 354+Enter+mail,+end+with+"."+on+a+line+by+itself 0 0 48 0 2547 SMTP - - - -
2014-03-26 21:10:04 xx.xxx.xxx.xxx OutboundConnectionResponse SMTPSVC1 EXCHANG_SERV - 25 - - 550+5.7.0+Local+Policy+Violation 0 0 32 0 8750 SMTP - - - -
2014-03-26 21:10:04 xx.xxx.xxx.xxx OutboundConnectionCommand SMTPSVC1 EXCHANG_SERV - 25 QUIT - - 0 0 4 0 9250 SMTP - - - -
2014-03-26 21:10:04 xx.xxx.xxx.xxx OutboundConnectionResponse SMTPSVC1 EXCHANG_SERV - 25 - - 221+2.0.0+mx0a-0015f701.pphosted.com+Closing+connection 0 0 55 0 9328 SMTP - - - -
0
Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

 
LVL 14

Assisted Solution

by:Justin Yeung
Justin Yeung earned 500 total points
ID: 39957826
2014-03-26 21:10:04 xx.xxx.xxx.xxx OutboundConnectionResponse SMTPSVC1 EXCHANG_SERV - 25 - - 550+5.7.0+Local+Policy+Violation 0 0 32 0 8750 SMTP - - - -

Who's ip is that ( yours or other)
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39959273
That's our IP address
0
 
LVL 1

Author Comment

by:crcsupport
ID: 39959283
But you know before that, local violation, our server is connected to their server, then local violation occurred soon  after our exchange server finished with '.' ending the outbound email. Isn't that the response from their pphosted.com (spam audit) machine, not from ours?
0
 
LVL 14

Accepted Solution

by:
Justin Yeung earned 500 total points
ID: 39959716
This is not from your server at all

It is basically doing a Helo (relay) on the recipient server via your exchange server

Your connection got closed without success

Please contact the administrator on the other end
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
The purpose of this video is to demonstrate how to set up Lists in Mailchimp. This will be demonstrated using a Windows 8 PC. Mailchimp will be used. Log into your Mailchimp account. : Click on Lists. Click on Create List Button : Choose the desi…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now