[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1448
  • Last Modified:

E-mail Messages bounce back

I have a client who occasionally not always occasionally no pattern no specific time and date or e-mail attachment just get them every now and then when only sending to a specific domain.

Again some emails go through some does not

The client does not have this problem with anybody else.

this is the message header.

From: Mail Delivery System [mailto:mailer-daemon@kundenserver.de]
Sent: 22 October 2014 14:33
To: firstname.lastname@domain.com
Subject: Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address
failed:

"user@domain.com":
SMTP error from remote server after RCPT command:
host: mail.domainname.com
5.7.1 Recipient not authorized, your IP has been found on a block list
"firstname.lastname@domain.com":
SMTP error from remote server after RCPT command:
host: mail.domain.com
5.7.1 Recipient not authorized, your IP has been found on a block list
--- The header of the original message is following. ---

Received: from Name (mail.domain.com [x.x.x.x])
        by mrelayeu.kundenserver.de (node=mreue102) with ESMTP (Nemesis)
        id 0LzJrN-1YBKsC1hYH-014XEM; Wed, 22 Oct 2014 15:32:26 +0200
From: "First/Last name" <firstname.lastname@domain.com>
To: "'First/Last name'" <firstname.lastname@domain.com>,
        "first/last name" <username@domainname>
Cc: "first/last name" <firstname.lastname@Domain.com>,
        "First/Last name" <user@domain.com>
Subject: XXXXXXXX
Date: Wed, 22 Oct 2014 14:32:23 +0100
Message-ID: <003e01cfedfc$9d5be2e0$d813a8a0$@atdconsulting.com>
MIME-Version: 1.0
Content-Type: multipart/related;
        boundary="----=_NextPart_000_003F_01CFEE04.FF274FC0"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: Ac/t/JxjUBKA4PlyREyE6o+GpPtrCw==
Content-Language: en-gb
X-Provags-ID: V02:K0:GgvcOm1HOfMahaYPgLQXTKYjO1pWrUkEElu7qNKPtNm
 aaEp+J/GZSEC0EUdHmQhNDAtZydogle9GpRhGzEH6ace80el6f
 KddCvp1OMCbNmDXc21gkufR970sGLSp1kt4dgOfgt3EDme6vTu
 UrxWaADoG3vseqkVBtIi86ucBhv8aImMlwcgJUVr/zhk03I/8j
 bHsbfEBuX1jqe1k+qpRM9XmaLxQgSpWlOFxzV1/QmPDwTadxZe
 7Derc1dYMFPn+Kn5mIDBImZnHevteVFA0PBbaJnVW5N8i6QxJQ
 60s3FZE/bjaiuyuFZzDu7IblY3XZWcsuXoLqgyu74d66UA0ifx
 m1pa+bsrTZGmDgWCO+5wpe1VP1ogh1vTrxWU6JI0XenTFmBLRe
 aRHdt2L4mpSnw==
X-UI-Out-Filterresults: notjunk:1;


Any help will be greatly appreciated.

Thanks
0
M SOS
Asked:
M SOS
  • 16
  • 13
1 Solution
 
tshearonCommented:
I have you checked your mail domain for blacklists?

Check here:

http://mxtoolbox.com/blacklists.aspx
0
 
Gareth GudgerCommented:
Is the mail server sending directly to the internet? Or is it going through some other outbound hygiene service?

It could be that mail is not always sent out from the same IP. And one of those IPs is blacklisted while others are not.
0
 
M SOSAuthor Commented:
My client e-mail address or IP are not blacklisted anywhere I have checked

Important detail here: I look after the company that rejects the e-mail not the sender who experiencing this issue.

So the company I look after is asking me to look at the issue for one of their client.

How could I know if the user is using a hygiene service?

Thanks very much
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 
Gareth GudgerCommented:
You might be able to tell from their MX records. But even if it appears they have a hygiene service for inbound there is no guarantee they are leveraging outbound filtering.

NSLOOKUP
SET TYPE=MX
senderdomain.com

Another possibility is to examine the message tracking logs. See if any of the SMTP hops in the message header are hygiene service.

Or, ask the sender.
0
 
M SOSAuthor Commented:
Using nslookup

The following comes up

domainname.com       MX preference = 10, mail exchanger = mx01.1and1.co.uk
atdconsulting.com       MX preference = 10, mail exchanger = mx00.1and1.co.uk

mx00.1and1.co.uk        internet address = 212.227.17.175
mx00.1and1.co.uk        internet address = 212.227.17.175
mx01.1and1.co.uk        internet address = 212.227.15.150
mx01.1and1.co.uk        internet address = 212.227.15.150

Is that of any significance?
0
 
M SOSAuthor Commented:
the above nslookup result is the sender (the one with the issue) config
0
 
M SOSAuthor Commented:
Again the issue is not with the company I look after they receive e-mails fine..

The issue is with one of their clients who has the issue and they are concerned about.
0
 
Gareth GudgerCommented:
Hmm. Well its a hosting provider in the UK. Not sure if that is their filtering service, or, maybe their mail is hosted in the cloud at 1and1.

I would take note of the IP that was blocked (verify it is 1and1's IP) and call 1and1 and let them know that IP is appearing on block lists.
0
 
M SOSAuthor Commented:
So are you suggesting that one of the above IP addresses is blocked on the internet?

If that is the case why this sender is having this issue with my client only not with others?
0
 
Gareth GudgerCommented:
I am assuming you have your own anti-spam or message hygiene service or appliance. Perhaps one of the block lists it subscribes to has one of their IPs on its lists.
0
 
M SOSAuthor Commented:
I have seen this IP address (I think it is an ISP address) from the header of the original message...

Received: from Name (mail.domain .com [217.206.227.46])
        by mrelayeu.kundenserver.de (node=mreue102) with ESMTP (Nemesis)

Does it mean anything?
0
 
M SOSAuthor Commented:
I have seen this IP address (I think it is an ISP address) from the header of the original message...

Received: from Name (mail.domain .com [217.206.227.46])
        by mrelayeu.kundenserver.de (node=mreue102) with ESMTP (Nemesis)

This IP address above 217.206.227.46 is the ip address of firewall of the client that rejects the e-mail. (the client I look after)

The firewall is FortiWiFi

Does that help?
0
 
Gareth GudgerCommented:
Right. We need the IP of the sender's mail server. That should be in the header as well.
0
 
M SOSAuthor Commented:
Isn't that the one appeared in the NSLOOKUP search?

212.227.17.175
212.227.15.134
212.227.15.150
212.227.17.191

I wonder if I add these IP addresses to firewall whitelist or the FQDN of the domain sending the e-mails will sort out the problem?
0
 
Gareth GudgerCommented:
Its possible. But it is not a given that the receiving servers (above) also are the sending servers. But you could try whitelisting those. The message header will give you the definitive answer of what IP sent the original message that failed.
0
 
M SOSAuthor Commented:
Is there any way I can post you the whole header and you hide the details

Do you have that kind of right?

Thanks
0
 
Gareth GudgerCommented:
Probably the best way would be to click my name and then do a Message Me from within Experts Exchange. I will only see it.
0
 
M SOSAuthor Commented:
Got it ?
0
 
Gareth GudgerCommented:
Hmm, that header is not helping much. Looks like the server that sends out can be any number of potential IP addresses from 1and1.

Because it works sometimes we know that some of the IPs that 1and1 sends out from are ok. But obviously 1 or more it uses is seen as bad by either the Fortinet (assuming you are doing message hygiene with Fortinet) or the Exchange box. My guess is the anti-spam feature on the Fortinet firewall is enabled?

So, you are going to have to check the message tracking logs on either the Fortinet firewall, or, the Exchange server (I'd check the Fortinet first) and see what IP it rejected from 1and1. Check around the time of the rejection notice which was 22 October 2014 14:33.

Another alternative is to call 1and1 ask them for the IPs of the servers they send out on and whitelist all those IPs.
0
 
M SOSAuthor Commented:
My client (the one rejecting the mail) uses Exchange 2010

Could it be the Spam setting on the Exchange (although it is empty now) but I can allow this domain that has the problem?

Is there any way we can alter the NDR msg to include the IP block list?
0
 
Gareth GudgerCommented:
Could it be the Spam setting on the Exchange (although it is empty now) but I can allow this domain that has the problem?

Not sure what you mean "although it is empty now". Whitelisting the domain will not help. The IP is part of a block list. It is the IP being blocked, not the sender's domain. So the IP needs to either be removed from the block list, or, possibly whitelisted. If your Fortinet is the first hop and its doing any form of message hygiene, then you need to check there first.
0
 
M SOSAuthor Commented:
I meant going to the Hub transport / Anti - Spam and then IP Allow list Providers and then add the domain that gets rejected?

One thing for sure thought...we know from the header that either the Exchange at my client site or the firewall is blocking this right? not anywhere else on the internet? Correct? Cause the rejected e-mail was sent from a network with the firewall ip address on it.
0
 
Gareth GudgerCommented:
Well the IP Allow List Providers is just a list of IP Block Lists you subscribe to.

Right. We know that it is reaching your clients network because the mail.x.x server in your network is generating the NDR.
0
 
M SOSAuthor Commented:
The solution actually was none of the above

My client was using a free spam filter providers and they are the ones who are blocking some IP addresses
0
 
M SOSAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for Mustafa Osman's comment #a40400353

for the following reason:

The only correct answer
0
 
Gareth GudgerCommented:
I have to object to the closure. It was asked if your client had any message hygiene in place that blocked IP addresses.
0
 
M SOSAuthor Commented:
In fairness you did ask if there any hygiene in place but I did ask the question very clearly

(How could I know if the user is using a hygiene service?). Read further up a little

Which you ignored.
0
 
Gareth GudgerCommented:
I did respond with multiple methods on how to find that out.

"You might be able to tell from their MX records. But even if it appears they have a hygiene service for inbound there is no guarantee they are leveraging outbound filtering.

 NSLOOKUP
 SET TYPE=MX
 senderdomain.com

 Another possibility is to examine the message tracking logs. See if any of the SMTP hops in the message header are hygiene service.

 Or, ask the sender. "
0
 
M SOSAuthor Commented:
Now I am with you but your answer was way to complicated

The Spam Filtering was happening on the Exchange server itself it was not a software running on the server. They were configured on the Hub Transport.

I came here to find help in a simplified way and get things done not to watch people flex their muscle who talk in riddles.
0
 
Gareth GudgerCommented:
My apologizes if I didn't gauge the correct conversational level.

I am always willing to further clarify or explain any point made with detailed steps or references to articles.

Please close the question in any way you see fit. I will not object to its closing. Please accept your own answer if that best served the end result to your situation.

I appreciate your feedback.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 16
  • 13
Tackle projects and never again get stuck behind a technical roadblock.
Join Now