Solved

email bouncing back

Posted on 2014-11-03
20
129 Views
Last Modified: 2015-01-19
Hi it seems like our email has been hijacked or something when we send emails out they bounce back with the following msg - the IP address has nothing to do with us and we are sending very few emails out each hr may be 1 or 2.

Any advice on what we can do. We use sbs2003 exchange 5.5 under domain academygroupuk.com

Thank you

error 1:
Your message did not reach some or all of the intended recipients.
 
      Subject:    Tablet app now updated with L3 qualifications
      Sent: 03/11/2014 09:27
 
The following recipient(s) cannot be reached:
 
      paulmarsh@insightsolutionsgroup.co.uk on 03/11/2014 09:28
            There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <academygroupuk.com #5.5.0 smtp;550 RATE LIMIT: Too many messages sent in the last 1h from 92.27.135.163>

error 2:
Your message did not reach some or all of the intended recipients.
 
      Subject:    RE: Need to attend an event on 7th November for 1 hr
      Sent: 31/10/2014 14:25
 
The following recipient(s) cannot be reached:
 
      paulmarsh@insightsolutionsgroup.co.uk on 01/11/2014 07:04
            The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < iprslrsmtp2msp.cpwnetworks.com #5.0.0 smtp; 5.3.0 - Other mail system problem 550-'5.7.1 Message rejected as spam by Content Filtering.' (delivery attempts: 0)>

can you please look into this as a matter of urgency.

Thank you,
0
Comment
Question by:censura
  • 10
  • 5
  • 3
  • +1
20 Comments
 

Expert Comment

by:trebbettes
ID: 40419216
According to MX toolbox that IP address is set up as both your Mail Exchangers...

http://mxtoolbox.com/SuperTool.aspx?action=mx%3aacademygroupuk.com&run=toolpage

Is this an IP that you own or do you send mail out via an external service (e.g. mimecast)?

Trying to remember back t my Exchange 5.5 days but if you can post the configuration of your send connectors?
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 40419224
Hello,

According to an MX lookup it looks like 92.27.135.163 is your mail server.

Pref      Hostname      IP Address      TTL      
10      mail.academygroupuk.com      92.27.135.163      24 hrs      Blacklist Check      SMTP Test
20      mail2.academygroupuk.com      92.27.135.163      24 hrs      Blacklist Check      SMTP Test

I would start by checking your tracking logs and seeing how many messages you're actually sending.  One of your machines could have a virus.

Are you using cpwnetworks.com as a smarthost for your mail?
0
 
LVL 5

Expert Comment

by:ReneD100
ID: 40419229
I notice that both mails were sent to the same person. If you look at the blacklist:
http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a92.27.135.163&run=toolpage
Your IP doesn't show up anywhere. *IF* you were hijacked and sending out spam mails you would appear on - at least - some entries on that list in no time. Did you consider a configuration error at the recipient? Try sending a mail to a different domain.
0
 

Author Comment

by:censura
ID: 40419234
We have tried sending to a variety of addresses hotmail accounts, email hosted accounts and get the same bounce back error on every email we send out irrespective of who it is going to.

The accounts have been set up for a number of years and we have not had a problem before not since last Friday. We have made no changes to the server or exchange or our internet provider or router, nothing

thank you
0
 
LVL 5

Expert Comment

by:ReneD100
ID: 40419244
Okay, that is some new info - are all error message the same? How is the Exchange server sending out mails? Via a smarthost or DNS?
0
 

Expert Comment

by:trebbettes
ID: 40419257
If I telnet on port 25 to that IP address i get the following response. I also checked and you don't have relaying enabled which is good...

220 academygroupuk.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at  Mon, 3 Nov 2014 12:29:17 +0000

HELO
500 5.3.3 Unrecognized command
250 academygroupuk.com Hello [188.39.105.42]

MAIL FROM: test@test.com
250 2.1.0 test@test.com....Sender OK
RCPT TO: mail@gerry.com
550 5.7.1 Unable to relay for mail@gerry.com


So i assume that is your Exchange server rather than an external service although it looks like Exchange 2000 rather than 5.5 as you stated in the first post.

Need to understand how your exchange environment is sending out mail. e.g. direct or via another service.
Also enable tracking, leave it a while and post your tracking logs so we can investigate more.
http://support.microsoft.com/kb/246856

My initial thoughts are that your server has been breached and is being used to send spam emails out.
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 40419258
It sounds like it could possibly be an issue with your smarthost. Switch to sending via DNS for a short period.  If this resolved the problem get in touch with cpwnetworks and let them know of the error - If you're using them as the smart host that is.

Also 6.0.3790.1830 indicates that you don't have Exchange SP2 installed on your SBS.
0
 

Author Comment

by:censura
ID: 40419352
Hi thanks for your help, i don't know of cpwnetworks our email is delivered as i am aware via dns directly with no other third party involved . I am sure we have exchange service pack2 installed as we required it for activesync which we set up on the server
0
 
LVL 5

Expert Comment

by:ReneD100
ID: 40419366
can you confirm that DNS is properly working on the server? Is it possible that for some reason the server points to itself, creating a mail loop?
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 40421060
Have you checked your tracking logs yet?

Also, is it doing this with all emails or just ones to that client?
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:censura
ID: 40421230
I will check logs today, it happens with all out going emails

Thank you
0
 
LVL 22

Expert Comment

by:David Atkin
ID: 40421235
In that case, if you're sending via DNS at the moment see if your ISP has a smarthost that you can use.

If they do, change to this as a test.

Let us know what the logs say.
0
 

Author Comment

by:censura
ID: 40427962
i have just set up tracking log here is it although only a few emails on it sent so far will send complete days worth later at the end of the day

thank you
20141107.log
0
 

Author Comment

by:censura
ID: 40427966
After looking it is not doing it with all emails although it looks a bit random ie no common account we are sending too our staff, partners and learners  who use various email accounts gmail, hotmail, yahoo, exchange etc

thank you
0
 

Author Comment

by:censura
ID: 40427969
How do i check that dns is not looping back by the way . Thanks
0
 

Author Comment

by:censura
ID: 40427982
Also installed sp2 now
0
 

Author Comment

by:censura
ID: 40427987
exchange - 6.5.7638.1 now
0
 

Author Comment

by:censura
ID: 40428335
here is a larger log
20141107.log
0
 
LVL 22

Accepted Solution

by:
David Atkin earned 500 total points
ID: 40428818
Are you with Talk Talk?

If so, raise it with them.  It could be that their SMTP server is blacklisted (62.24.128.202) and not allowing you to relay.
0
 

Author Closing Comment

by:censura
ID: 40557556
thank you
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now