Mail senders from one specific host will not go through to our Exchange 2010
Customers of one big email hosting company do not get through to our server. The hosting company have many servers, but the common denominator of all the people having trouble sending us mail, are that they are sending through one of their servers. As we are not customers of this hostingcompany, I don't get through to their technical staff, so I have to figure this out from my end.
What the SMTP-log tells me, is that the sending server sends an EHLO, a Mail From:, and then QUIT. Mail sent from any other servers work perfectly to my knowledge.
My system is an isa 2004 server in front hosting a microsoft SMTP service on a 2003 server, forwarding to a Norman Email Protection Server as a smart host, in turn coupled to an exchange 2010 server.
Excerpt from the SMTP-log:
2014-05-08 00:10:16 212.18.128.233 SendersSmtpserver.com SMTPSVC1 MyIsaServer 12.12.12.12 0 EHLO - +SendersSmtpserver.com 250 0 242 19 0 SMTP - - - -
2014-05-08 00:10:16 212.18.128.233 SendersSmtpserver.com SMTPSVC1 MyIsaServer 12.12.12.12 0 MAIL - +FROM:<sender@sendersdomai
2014-05-08 00:10:16 212.18.128.233 SendersSmtpserver.com SMTPSVC1 MyIsaServer 12.12.12.12 0 QUIT - SendersSmtpserver.com 240 32 78 45 16 SMTP - - - -
What the SMTP-log tells me, is that the sending server sends an EHLO, a Mail From:, and then QUIT. Mail sent from any other servers work perfectly to my knowledge.
My system is an isa 2004 server in front hosting a microsoft SMTP service on a 2003 server, forwarding to a Norman Email Protection Server as a smart host, in turn coupled to an exchange 2010 server.
Excerpt from the SMTP-log:
2014-05-08 00:10:16 212.18.128.233 SendersSmtpserver.com SMTPSVC1 MyIsaServer 12.12.12.12 0 EHLO - +SendersSmtpserver.com 250 0 242 19 0 SMTP - - - -
2014-05-08 00:10:16 212.18.128.233 SendersSmtpserver.com SMTPSVC1 MyIsaServer 12.12.12.12 0 MAIL - +FROM:<sender@sendersdomai
2014-05-08 00:10:16 212.18.128.233 SendersSmtpserver.com SMTPSVC1 MyIsaServer 12.12.12.12 0 QUIT - SendersSmtpserver.com 240 32 78 45 16 SMTP - - - -
what happens when the mail doesn't go through. do your customers get a bounce back. what does the bounce back say.
Assuming you have a firewall or other filtering service, have you check to see if the sending site is on any RBL lists?
You can use this site to do that...
http://mxtoolbox.com/blacklists.aspx
You can use this site to do that...
http://mxtoolbox.com/blacklists.aspx
Customers get a bounceback like this:
Emne: Avisannonse 2mod 248x110
Denne meldingen er ikke levert enda. Det blir fortsatt gjort forsøk på å sende den.
**************************
Translated to English:
Subject: Newspaper add .....
This message is not delivered yet. It will still be attempted delivered.
**************************
Later they get one stating that delivery was unsuccessful.
Emne: Avisannonse 2mod 248x110
Denne meldingen er ikke levert enda. Det blir fortsatt gjort forsøk på å sende den.
**************************
Translated to English:
Subject: Newspaper add .....
This message is not delivered yet. It will still be attempted delivered.
**************************
Later they get one stating that delivery was unsuccessful.
It seems their servers are listed in the SORBS database, but to my knowledge no SORBS lookup is activated on my exchange. Could be if it's enabled by default. If so where?
Do you have a firewall or mail filtering device or service in front of the Exchange Server? For example, might your mail first go to Trend or some other reputation service, and then be forwarded to you if clean.
Do an nslookup on your MX records to see where they point.
Do an nslookup on your MX records to see where they point.
the RBLs lookup would definitely help but then they would be getting bounce backs from anywhere and everywhere not just from your mailserver.
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Senders domains are for example aurskog-sparebank.no, sparebanken-hedmark.no, em1.no.
They all use EVRY as mail-host and SMTP. Servers are for instance mail17.edb.com, mail35.edb.com and mail36.edb.com
The mail36.edb.com are not represented in the SORBS database, but still dont get through.
They all use EVRY as mail-host and SMTP. Servers are for instance mail17.edb.com, mail35.edb.com and mail36.edb.com
The mail36.edb.com are not represented in the SORBS database, but still dont get through.
I have not used Norman EPS, but in reviewing the info for this it seems that your block is likely coming from there. There is a good chance that it would check SORBS and other services. If there is logging on that device, I would look there for more info.
I assume you were at one time able to receive email from this site, but can't any longer. This is symptomatic of a SPAM sender or reputation problem.
I assume you were at one time able to receive email from this site, but can't any longer. This is symptomatic of a SPAM sender or reputation problem.
One other observation. It appears that edb.com, aurskog-sparebank.no, sparebanken-hedmark.no, em1.no do not have a valid SPF record. This could also be part of the issue if NEPS is checking for that.
Nothing in the NEP logs indicates that these senders are blocked. Besides RBL-lookup is disabled on the Norman EPS in order to diagnose this.
OK, but what about NEPS checking for SPAM senders, reputation, or SPF records?
When did this last work?
When did this last work?
I turned off RBL-checking, Sender reputation, Greylisting, SPF support, Scan attack blocking, Malformed address rejecting, Sender address validating, BATV, DKIM Verification and signing.
I virtually disabled the NEP server except for antivirus and spam-blocking per message. Still these senders don't get through.
Also, the logs does not indicate any blocking. They do for other sites, and these are spammers and should be blocked, but the EVRY-customers does not appear.
It worked four weeks ago.
I virtually disabled the NEP server except for antivirus and spam-blocking per message. Still these senders don't get through.
Also, the logs does not indicate any blocking. They do for other sites, and these are spammers and should be blocked, but the EVRY-customers does not appear.
It worked four weeks ago.
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
I circumvented the problem by eliminating the front SMTP service and forwarding the packets directly to the NEP server. I still have no idea what caused the problem at the smtp service, but I suspect the real problem lied in the senders end, and still lies there. They probably have the same problem with other recipients out there, but now it's someone elses problem. Thank you for your input.
I circumvented the problem by eliminating the front SMTP service and forwarding the packets directly to the NEP server. I still have no idea what caused the problem at the smtp service, but I suspect the real problem lied in the senders end, and still lies there. They probably have the same problem with other recipients out there, but now it's someone elses problem. Thank you for your input.
Gain unlimited access to on-demand training courses with an Experts Exchange subscription.
Get AccessWhy Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
Jim Murphy
Programmer at Smart IT Solutions
When asked, what has been your best career decision?
Deciding to stick with EE.
Mohamed Asif
Technical Department Head
Being involved with EE helped me to grow personally and professionally.
Carl Webster
CTP, Sr Infrastructure Consultant
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions
Join our community and discover your potential
Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.
*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.