Avatar of MrWhy
MrWhy
 asked on

Mail senders from one specific host will not go through to our Exchange 2010

Customers of one big email hosting company do not get through to our server. The hosting company have many servers, but the common denominator of all the people having trouble sending us mail, are that they are sending through one of their servers. As we are not customers of this hostingcompany, I don't get through to their technical staff, so I have to figure this out from my end.
What the SMTP-log tells me, is that the sending server sends an EHLO, a Mail From:, and then QUIT.  Mail sent from any other servers work perfectly to my knowledge.

My system is an isa 2004 server in front hosting a microsoft SMTP service on a 2003 server, forwarding to a Norman Email Protection Server as a smart host, in turn coupled to an exchange 2010 server.

Excerpt from the SMTP-log:

2014-05-08 00:10:16 212.18.128.233 SendersSmtpserver.com SMTPSVC1 MyIsaServer 12.12.12.12 0 EHLO - +SendersSmtpserver.com 250 0 242 19 0 SMTP - - - -
2014-05-08 00:10:16 212.18.128.233 SendersSmtpserver.com SMTPSVC1 MyIsaServer 12.12.12.12 0 MAIL - +FROM:<sender@sendersdomain.com> 250 0 78 45 16 SMTP - - - -
2014-05-08 00:10:16 212.18.128.233 SendersSmtpserver.com SMTPSVC1 MyIsaServer 12.12.12.12 0 QUIT - SendersSmtpserver.com 240 32 78 45 16 SMTP - - - -
ExchangeEmail ServersApplication Servers

Avatar of undefined
Last Comment
MrWhy

8/22/2022 - Mon
Kash

what happens when the mail doesn't go through. do your customers get a bounce back. what does the bounce back say.
Carl Dula

Assuming you have a firewall or other filtering service, have you check to see if the sending site is on any RBL lists?

You can use this site to do that...

http://mxtoolbox.com/blacklists.aspx
MrWhy

ASKER
Customers get a bounceback like this:

Emne: Avisannonse 2mod 248x110
 
Denne meldingen er ikke levert enda. Det blir fortsatt gjort forsøk på å sende den.
*******************************************************************

Translated to English:
Subject: Newspaper add .....

This message is not delivered yet. It will still be attempted delivered.
********************************************************************

Later they get one stating that delivery was unsuccessful.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Kash

is it possible to post the sender's domain on here ?
MrWhy

ASKER
It seems their servers are listed in the SORBS database, but to my knowledge no SORBS lookup is activated on my exchange. Could be if it's enabled by default. If so where?
Carl Dula

Do you have a firewall or mail filtering device or service in front of the Exchange Server? For example, might your mail first go to Trend or some other reputation service, and then be forwarded to you if clean.

Do an nslookup on your MX records to see where they point.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Kash

the RBLs lookup would definitely help but then they would be getting bounce backs from anywhere and everywhere not just from your mailserver.
Don Thomson

Check www.mxtoolbox.com  on both your URL and your Server's IP.  You may in fact be blacklisted
SOLUTION
Kash

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
MrWhy

ASKER
Senders domains are for example aurskog-sparebank.no, sparebanken-hedmark.no, em1.no.

They all use EVRY as mail-host and SMTP. Servers are for instance mail17.edb.com, mail35.edb.com and mail36.edb.com

The mail36.edb.com are not represented in the SORBS database, but still dont get through.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
Carl Dula

I have not used Norman EPS, but in reviewing the info for this it seems that your block is likely coming from there. There is a good chance that it would check SORBS and other services. If there is logging on that device, I would look there for more info.

I assume you were at one time able to receive email from this site, but can't any longer. This is symptomatic of a SPAM sender or reputation problem.
Carl Dula

One other observation. It appears that edb.com, aurskog-sparebank.no, sparebanken-hedmark.no, em1.no do not have a valid SPF record. This could also be part of the issue if NEPS is checking for that.
MrWhy

ASKER
Nothing in the NEP logs indicates that these senders are blocked. Besides RBL-lookup is disabled on the Norman EPS in order to diagnose this.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Carl Dula

OK, but what about NEPS checking for SPAM senders, reputation, or SPF records?

When did this last work?
MrWhy

ASKER
I turned off RBL-checking, Sender reputation, Greylisting, SPF support, Scan attack blocking, Malformed address rejecting, Sender address validating, BATV, DKIM Verification and signing.
I virtually disabled the NEP server except for antivirus and spam-blocking per message. Still these senders don't get through.

Also, the logs does not indicate any blocking. They do for other sites, and these are spammers and should be blocked, but the EVRY-customers does not appear.

It worked four weeks ago.
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
MrWhy

ASKER
I circumvented the problem by eliminating the front SMTP service and forwarding the packets directly to the NEP server. I still have no idea what caused the problem at the smtp service, but I suspect the real problem lied in the senders end, and still lies there. They probably have the same problem with other recipients out there, but now it's someone elses problem. Thank you for your input.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
MrWhy

ASKER
I circumvented the problem by eliminating the front SMTP service and forwarding the packets directly to the NEP server. I still have no idea what caused the problem at the smtp service, but I suspect the real problem lied in the senders end, and still lies there. They probably have the same problem with other recipients out there, but now it's someone elses problem. Thank you for your input.