Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 271
  • Last Modified:

email bouncing back

Hi it seems like our email has been hijacked or something when we send emails out they bounce back with the following msg - the IP address has nothing to do with us and we are sending very few emails out each hr may be 1 or 2.

Any advice on what we can do. We use sbs2003 exchange 5.5 under domain academygroupuk.com

Thank you

error 1:
Your message did not reach some or all of the intended recipients.
 
      Subject:    Tablet app now updated with L3 qualifications
      Sent: 03/11/2014 09:27
 
The following recipient(s) cannot be reached:
 
      paulmarsh@insightsolutionsgroup.co.uk on 03/11/2014 09:28
            There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.
            <academygroupuk.com #5.5.0 smtp;550 RATE LIMIT: Too many messages sent in the last 1h from 92.27.135.163>

error 2:
Your message did not reach some or all of the intended recipients.
 
      Subject:    RE: Need to attend an event on 7th November for 1 hr
      Sent: 31/10/2014 14:25
 
The following recipient(s) cannot be reached:
 
      paulmarsh@insightsolutionsgroup.co.uk on 01/11/2014 07:04
            The e-mail system was unable to deliver the message, but did not report a specific reason.  Check the address and try again.  If it still fails, contact your system administrator.
            < iprslrsmtp2msp.cpwnetworks.com #5.0.0 smtp; 5.3.0 - Other mail system problem 550-'5.7.1 Message rejected as spam by Content Filtering.' (delivery attempts: 0)>

can you please look into this as a matter of urgency.

Thank you,
0
censura
Asked:
censura
  • 10
  • 5
  • 3
  • +1
1 Solution
 
trebbettesCommented:
According to MX toolbox that IP address is set up as both your Mail Exchangers...

http://mxtoolbox.com/SuperTool.aspx?action=mx%3aacademygroupuk.com&run=toolpage

Is this an IP that you own or do you send mail out via an external service (e.g. mimecast)?

Trying to remember back t my Exchange 5.5 days but if you can post the configuration of your send connectors?
0
 
David AtkinIT ProfessionalCommented:
Hello,

According to an MX lookup it looks like 92.27.135.163 is your mail server.

Pref      Hostname      IP Address      TTL      
10      mail.academygroupuk.com      92.27.135.163      24 hrs      Blacklist Check      SMTP Test
20      mail2.academygroupuk.com      92.27.135.163      24 hrs      Blacklist Check      SMTP Test

I would start by checking your tracking logs and seeing how many messages you're actually sending.  One of your machines could have a virus.

Are you using cpwnetworks.com as a smarthost for your mail?
0
 
ReneD100Commented:
I notice that both mails were sent to the same person. If you look at the blacklist:
http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a92.27.135.163&run=toolpage
Your IP doesn't show up anywhere. *IF* you were hijacked and sending out spam mails you would appear on - at least - some entries on that list in no time. Did you consider a configuration error at the recipient? Try sending a mail to a different domain.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
censuraAuthor Commented:
We have tried sending to a variety of addresses hotmail accounts, email hosted accounts and get the same bounce back error on every email we send out irrespective of who it is going to.

The accounts have been set up for a number of years and we have not had a problem before not since last Friday. We have made no changes to the server or exchange or our internet provider or router, nothing

thank you
0
 
ReneD100Commented:
Okay, that is some new info - are all error message the same? How is the Exchange server sending out mails? Via a smarthost or DNS?
0
 
trebbettesCommented:
If I telnet on port 25 to that IP address i get the following response. I also checked and you don't have relaying enabled which is good...

220 academygroupuk.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at  Mon, 3 Nov 2014 12:29:17 +0000

HELO
500 5.3.3 Unrecognized command
250 academygroupuk.com Hello [188.39.105.42]

MAIL FROM: test@test.com
250 2.1.0 test@test.com....Sender OK
RCPT TO: mail@gerry.com
550 5.7.1 Unable to relay for mail@gerry.com


So i assume that is your Exchange server rather than an external service although it looks like Exchange 2000 rather than 5.5 as you stated in the first post.

Need to understand how your exchange environment is sending out mail. e.g. direct or via another service.
Also enable tracking, leave it a while and post your tracking logs so we can investigate more.
http://support.microsoft.com/kb/246856

My initial thoughts are that your server has been breached and is being used to send spam emails out.
0
 
David AtkinIT ProfessionalCommented:
It sounds like it could possibly be an issue with your smarthost. Switch to sending via DNS for a short period.  If this resolved the problem get in touch with cpwnetworks and let them know of the error - If you're using them as the smart host that is.

Also 6.0.3790.1830 indicates that you don't have Exchange SP2 installed on your SBS.
0
 
censuraAuthor Commented:
Hi thanks for your help, i don't know of cpwnetworks our email is delivered as i am aware via dns directly with no other third party involved . I am sure we have exchange service pack2 installed as we required it for activesync which we set up on the server
0
 
ReneD100Commented:
can you confirm that DNS is properly working on the server? Is it possible that for some reason the server points to itself, creating a mail loop?
0
 
David AtkinIT ProfessionalCommented:
Have you checked your tracking logs yet?

Also, is it doing this with all emails or just ones to that client?
0
 
censuraAuthor Commented:
I will check logs today, it happens with all out going emails

Thank you
0
 
David AtkinIT ProfessionalCommented:
In that case, if you're sending via DNS at the moment see if your ISP has a smarthost that you can use.

If they do, change to this as a test.

Let us know what the logs say.
0
 
censuraAuthor Commented:
i have just set up tracking log here is it although only a few emails on it sent so far will send complete days worth later at the end of the day

thank you
20141107.log
0
 
censuraAuthor Commented:
After looking it is not doing it with all emails although it looks a bit random ie no common account we are sending too our staff, partners and learners  who use various email accounts gmail, hotmail, yahoo, exchange etc

thank you
0
 
censuraAuthor Commented:
How do i check that dns is not looping back by the way . Thanks
0
 
censuraAuthor Commented:
Also installed sp2 now
0
 
censuraAuthor Commented:
exchange - 6.5.7638.1 now
0
 
censuraAuthor Commented:
here is a larger log
20141107.log
0
 
David AtkinIT ProfessionalCommented:
Are you with Talk Talk?

If so, raise it with them.  It could be that their SMTP server is blacklisted (62.24.128.202) and not allowing you to relay.
0
 
censuraAuthor Commented:
thank you
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 10
  • 5
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now