We help IT Professionals succeed at work.

Mail senders from one specific host will not go through to our Exchange 2010

458 Views
Last Modified: 2014-05-10
Customers of one big email hosting company do not get through to our server. The hosting company have many servers, but the common denominator of all the people having trouble sending us mail, are that they are sending through one of their servers. As we are not customers of this hostingcompany, I don't get through to their technical staff, so I have to figure this out from my end.
What the SMTP-log tells me, is that the sending server sends an EHLO, a Mail From:, and then QUIT.  Mail sent from any other servers work perfectly to my knowledge.

My system is an isa 2004 server in front hosting a microsoft SMTP service on a 2003 server, forwarding to a Norman Email Protection Server as a smart host, in turn coupled to an exchange 2010 server.

Excerpt from the SMTP-log:

2014-05-08 00:10:16 212.18.128.233 SendersSmtpserver.com SMTPSVC1 MyIsaServer 12.12.12.12 0 EHLO - +SendersSmtpserver.com 250 0 242 19 0 SMTP - - - -
2014-05-08 00:10:16 212.18.128.233 SendersSmtpserver.com SMTPSVC1 MyIsaServer 12.12.12.12 0 MAIL - +FROM:<sender@sendersdomain.com> 250 0 78 45 16 SMTP - - - -
2014-05-08 00:10:16 212.18.128.233 SendersSmtpserver.com SMTPSVC1 MyIsaServer 12.12.12.12 0 QUIT - SendersSmtpserver.com 240 32 78 45 16 SMTP - - - -
Comment
Watch Question

Kash2nd Line Engineer
CERTIFIED EXPERT

Commented:
what happens when the mail doesn't go through. do your customers get a bounce back. what does the bounce back say.
CERTIFIED EXPERT

Commented:
Assuming you have a firewall or other filtering service, have you check to see if the sending site is on any RBL lists?

You can use this site to do that...

http://mxtoolbox.com/blacklists.aspx

Author

Commented:
Customers get a bounceback like this:

Emne: Avisannonse 2mod 248x110
 
Denne meldingen er ikke levert enda. Det blir fortsatt gjort forsøk på å sende den.
*******************************************************************

Translated to English:
Subject: Newspaper add .....

This message is not delivered yet. It will still be attempted delivered.
********************************************************************

Later they get one stating that delivery was unsuccessful.
Kash2nd Line Engineer
CERTIFIED EXPERT

Commented:
is it possible to post the sender's domain on here ?

Author

Commented:
It seems their servers are listed in the SORBS database, but to my knowledge no SORBS lookup is activated on my exchange. Could be if it's enabled by default. If so where?
CERTIFIED EXPERT

Commented:
Do you have a firewall or mail filtering device or service in front of the Exchange Server? For example, might your mail first go to Trend or some other reputation service, and then be forwarded to you if clean.

Do an nslookup on your MX records to see where they point.
Kash2nd Line Engineer
CERTIFIED EXPERT

Commented:
the RBLs lookup would definitely help but then they would be getting bounce backs from anywhere and everywhere not just from your mailserver.
CERTIFIED EXPERT

Commented:
Check www.mxtoolbox.com  on both your URL and your Server's IP.  You may in fact be blacklisted
Kash2nd Line Engineer
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Senders domains are for example aurskog-sparebank.no, sparebanken-hedmark.no, em1.no.

They all use EVRY as mail-host and SMTP. Servers are for instance mail17.edb.com, mail35.edb.com and mail36.edb.com

The mail36.edb.com are not represented in the SORBS database, but still dont get through.
CERTIFIED EXPERT

Commented:
I have not used Norman EPS, but in reviewing the info for this it seems that your block is likely coming from there. There is a good chance that it would check SORBS and other services. If there is logging on that device, I would look there for more info.

I assume you were at one time able to receive email from this site, but can't any longer. This is symptomatic of a SPAM sender or reputation problem.
CERTIFIED EXPERT

Commented:
One other observation. It appears that edb.com, aurskog-sparebank.no, sparebanken-hedmark.no, em1.no do not have a valid SPF record. This could also be part of the issue if NEPS is checking for that.

Author

Commented:
Nothing in the NEP logs indicates that these senders are blocked. Besides RBL-lookup is disabled on the Norman EPS in order to diagnose this.
CERTIFIED EXPERT

Commented:
OK, but what about NEPS checking for SPAM senders, reputation, or SPF records?

When did this last work?

Author

Commented:
I turned off RBL-checking, Sender reputation, Greylisting, SPF support, Scan attack blocking, Malformed address rejecting, Sender address validating, BATV, DKIM Verification and signing.
I virtually disabled the NEP server except for antivirus and spam-blocking per message. Still these senders don't get through.

Also, the logs does not indicate any blocking. They do for other sites, and these are spammers and should be blocked, but the EVRY-customers does not appear.

It worked four weeks ago.
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
I circumvented the problem by eliminating the front SMTP service and forwarding the packets directly to the NEP server. I still have no idea what caused the problem at the smtp service, but I suspect the real problem lied in the senders end, and still lies there. They probably have the same problem with other recipients out there, but now it's someone elses problem. Thank you for your input.

Author

Commented:
I circumvented the problem by eliminating the front SMTP service and forwarding the packets directly to the NEP server. I still have no idea what caused the problem at the smtp service, but I suspect the real problem lied in the senders end, and still lies there. They probably have the same problem with other recipients out there, but now it's someone elses problem. Thank you for your input.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.