censura
asked on
email bouncing back
Hi it seems like our email has been hijacked or something when we send emails out they bounce back with the following msg - the IP address has nothing to do with us and we are sending very few emails out each hr may be 1 or 2.
Any advice on what we can do. We use sbs2003 exchange 5.5 under domain academygroupuk.com
Thank you
error 1:
Your message did not reach some or all of the intended recipients.
Subject: Tablet app now updated with L3 qualifications
Sent: 03/11/2014 09:27
The following recipient(s) cannot be reached:
paulmarsh@insightsolutions
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<academygroupuk.com #5.5.0 smtp;550 RATE LIMIT: Too many messages sent in the last 1h from 92.27.135.163>
error 2:
Your message did not reach some or all of the intended recipients.
Subject: RE: Need to attend an event on 7th November for 1 hr
Sent: 31/10/2014 14:25
The following recipient(s) cannot be reached:
paulmarsh@insightsolutions
The e-mail system was unable to deliver the message, but did not report a specific reason. Check the address and try again. If it still fails, contact your system administrator.
< iprslrsmtp2msp.cpwnetworks
can you please look into this as a matter of urgency.
Thank you,
Any advice on what we can do. We use sbs2003 exchange 5.5 under domain academygroupuk.com
Thank you
error 1:
Your message did not reach some or all of the intended recipients.
Subject: Tablet app now updated with L3 qualifications
Sent: 03/11/2014 09:27
The following recipient(s) cannot be reached:
paulmarsh@insightsolutions
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<academygroupuk.com #5.5.0 smtp;550 RATE LIMIT: Too many messages sent in the last 1h from 92.27.135.163>
error 2:
Your message did not reach some or all of the intended recipients.
Subject: RE: Need to attend an event on 7th November for 1 hr
Sent: 31/10/2014 14:25
The following recipient(s) cannot be reached:
paulmarsh@insightsolutions
The e-mail system was unable to deliver the message, but did not report a specific reason. Check the address and try again. If it still fails, contact your system administrator.
< iprslrsmtp2msp.cpwnetworks
can you please look into this as a matter of urgency.
Thank you,
Hello,
According to an MX lookup it looks like 92.27.135.163 is your mail server.
Pref Hostname IP Address TTL
10 mail.academygroupuk.com 92.27.135.163 24 hrs Blacklist Check SMTP Test
20 mail2.academygroupuk.com 92.27.135.163 24 hrs Blacklist Check SMTP Test
I would start by checking your tracking logs and seeing how many messages you're actually sending. One of your machines could have a virus.
Are you using cpwnetworks.com as a smarthost for your mail?
According to an MX lookup it looks like 92.27.135.163 is your mail server.
Pref Hostname IP Address TTL
10 mail.academygroupuk.com 92.27.135.163 24 hrs Blacklist Check SMTP Test
20 mail2.academygroupuk.com 92.27.135.163 24 hrs Blacklist Check SMTP Test
I would start by checking your tracking logs and seeing how many messages you're actually sending. One of your machines could have a virus.
Are you using cpwnetworks.com as a smarthost for your mail?
I notice that both mails were sent to the same person. If you look at the blacklist:
http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a92.27.135.163&run=toolpage
Your IP doesn't show up anywhere. *IF* you were hijacked and sending out spam mails you would appear on - at least - some entries on that list in no time. Did you consider a configuration error at the recipient? Try sending a mail to a different domain.
http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a92.27.135.163&run=toolpage
Your IP doesn't show up anywhere. *IF* you were hijacked and sending out spam mails you would appear on - at least - some entries on that list in no time. Did you consider a configuration error at the recipient? Try sending a mail to a different domain.
ASKER
We have tried sending to a variety of addresses hotmail accounts, email hosted accounts and get the same bounce back error on every email we send out irrespective of who it is going to.
The accounts have been set up for a number of years and we have not had a problem before not since last Friday. We have made no changes to the server or exchange or our internet provider or router, nothing
thank you
The accounts have been set up for a number of years and we have not had a problem before not since last Friday. We have made no changes to the server or exchange or our internet provider or router, nothing
thank you
Okay, that is some new info - are all error message the same? How is the Exchange server sending out mails? Via a smarthost or DNS?
If I telnet on port 25 to that IP address i get the following response. I also checked and you don't have relaying enabled which is good...
So i assume that is your Exchange server rather than an external service although it looks like Exchange 2000 rather than 5.5 as you stated in the first post.
Need to understand how your exchange environment is sending out mail. e.g. direct or via another service.
Also enable tracking, leave it a while and post your tracking logs so we can investigate more.
http://support.microsoft.com/kb/246856
My initial thoughts are that your server has been breached and is being used to send spam emails out.
220 academygroupuk.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Mon, 3 Nov 2014 12:29:17 +0000
HELO
500 5.3.3 Unrecognized command
250 academygroupuk.com Hello [188.39.105.42]
MAIL FROM: test@test.com
250 2.1.0 test@test.com....Sender OK
RCPT TO: mail@gerry.com
550 5.7.1 Unable to relay for mail@gerry.com
So i assume that is your Exchange server rather than an external service although it looks like Exchange 2000 rather than 5.5 as you stated in the first post.
Need to understand how your exchange environment is sending out mail. e.g. direct or via another service.
Also enable tracking, leave it a while and post your tracking logs so we can investigate more.
http://support.microsoft.com/kb/246856
My initial thoughts are that your server has been breached and is being used to send spam emails out.
It sounds like it could possibly be an issue with your smarthost. Switch to sending via DNS for a short period. If this resolved the problem get in touch with cpwnetworks and let them know of the error - If you're using them as the smart host that is.
Also 6.0.3790.1830 indicates that you don't have Exchange SP2 installed on your SBS.
Also 6.0.3790.1830 indicates that you don't have Exchange SP2 installed on your SBS.
ASKER
Hi thanks for your help, i don't know of cpwnetworks our email is delivered as i am aware via dns directly with no other third party involved . I am sure we have exchange service pack2 installed as we required it for activesync which we set up on the server
can you confirm that DNS is properly working on the server? Is it possible that for some reason the server points to itself, creating a mail loop?
Have you checked your tracking logs yet?
Also, is it doing this with all emails or just ones to that client?
Also, is it doing this with all emails or just ones to that client?
ASKER
I will check logs today, it happens with all out going emails
Thank you
Thank you
In that case, if you're sending via DNS at the moment see if your ISP has a smarthost that you can use.
If they do, change to this as a test.
Let us know what the logs say.
If they do, change to this as a test.
Let us know what the logs say.
ASKER
i have just set up tracking log here is it although only a few emails on it sent so far will send complete days worth later at the end of the day
thank you
20141107.log
thank you
20141107.log
ASKER
After looking it is not doing it with all emails although it looks a bit random ie no common account we are sending too our staff, partners and learners who use various email accounts gmail, hotmail, yahoo, exchange etc
thank you
thank you
ASKER
How do i check that dns is not looping back by the way . Thanks
ASKER
Also installed sp2 now
ASKER
exchange - 6.5.7638.1 now
ASKER
here is a larger log
20141107.log
20141107.log
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thank you
http://mxtoolbox.com/SuperTool.aspx?action=mx%3aacademygroupuk.com&run=toolpage
Is this an IP that you own or do you send mail out via an external service (e.g. mimecast)?
Trying to remember back t my Exchange 5.5 days but if you can post the configuration of your send connectors?