?
Solved

Sending to gmail.com is failing for some users in domain

Posted on 2014-11-12
8
Medium Priority
?
195 Views
Last Modified: 2014-11-18
We have exchange 2010 running from SBS 2011.  Everything pretty much seems fine MX, DNS and reverse pointer records.  But when sending to gmail from one user in particular we are getting the error below.  Another user sent to the same gmail address and it worked properly.  The other issue is that our MX record is 1.2.3.101 not 1.2.3.97 (IP masked)  I'm not sure what to look at for this error.  Any suggestions?



mx.google.com gave this error:
[1.2.3.97 12] Our system has detected that this message is likely unsolicited mail. To reduce the amount of spam sent to Gmail, this message has been blocked. Please visit http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for more information. 9si30080279qam.38 - gsmtp

Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.
0
Comment
Question by:mcioffi209
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 

Author Comment

by:mcioffi209
ID: 40439929
Ok so it is more then just GMAIL.COM.

I'm having more issues with other users now.  

Is this a reverse DNS lookup issue?  It keeps retuning 1.2.3.97 instead of the configured 1.2.3.101.  My primary IP on the firewall is 1.2.3.97, but the address object for email is 1.2.3.101.  

IP Address 1.2.3.97 is listed in the CBL. It appears to be infected with a spam sending trojan, proxy or some other form of botnet.

It was last detected at 2014-11-13 10:00 GMT (+/- 30 minutes), approximately 4 hours, 30 minutes ago.

It has been relisted following a previous removal at 2014-11-11 17:08 GMT (1 days, 21 hours, 36 minutes ago)

This IP is, or is natting for, a Linux (or other UNIX-like) computer whose SSH facility is being used to tunnel email spam. This RackAid article and posting on Shaun Rowland's blog gives introductions on how SSH is being used, but it does not give the full details. This "geekblog" article shows how even a disabled userid can be used to spam by this mechanism.

This is Exchange 2010 running from Small Business Server 2011 not LINUX.
0
 

Author Comment

by:mcioffi209
ID: 40439932
I scanned the server with Stinger and nothing was found.  I'm getting desperate here as I cannot seem to find the issue.
0
 
LVL 24

Accepted Solution

by:
DMTechGrooup earned 1900 total points
ID: 40440289
http://www.anti-abuse.org/multi-rbl-check/

http://mxtoolbox.com/blacklists.aspx

Start by running those blacklist test.

Does your IP or domain show up on any list?
0
Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

 

Assisted Solution

by:mcioffi209
mcioffi209 earned 0 total points
ID: 40440441
I used MXToolbox and did find the primary IP address of the location, 1.2.3.97 as black listed.  What it makes sense that the outgoing email from the office is coming up as 1.2.3.97 as that is the first ip address in the static range and that is the address of the firewall primary wan.

The MX record uses 1.2.3.101.  

I blocked all port 25 traffic from the office, except for the mail server.  I then set up a trace on the firewall and found a machine on the network sending email.  I need to clean that machine out, but how can I speed removal from gmail?  They send to gmail addresses and aol a lot so this is important.


I have requested removal from the CBL list it was on already.
0
 
LVL 24

Expert Comment

by:DMTechGrooup
ID: 40440496
Once you are off the list it is pretty quick but can take up to 24 hours.  Its probably a good idea to keep the block on the email for port 25.

Just for extra protection I searched out and found https://spamwall.com/outbound_filtering.html and we decided that the 30 a month was worth the extra protection to ensure our email was clean from our email server.

Just to say it incase.. we are not part of spamwall, we are an actual customer and they have not asked us to endorse or recommend their product.
0
 

Author Comment

by:mcioffi209
ID: 40440605
In my case it is/was due to a machine in the network sending rouge email.  I need to clean that machine, but I will probably keep the block on for awhile just in case, as you suggested.

Would that product help me this situation?
0
 
LVL 24

Expert Comment

by:DMTechGrooup
ID: 40440684
Well it can make things move quicker now.. but if your exchange sent all mail to them to be checked then sent out your mail would not be blocked by IP as it would come from the scanning company IP which has a great reputation as far as not sending spam so they arent blocked.
0
 

Author Closing Comment

by:mcioffi209
ID: 40449401
Setting the packet capture on the firewall showed me the "bad" machine so I can focus on cleaning it up.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Suggested Courses
Course of the Month14 days, 20 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question