Solved

550 error sending email

Posted on 2014-11-19
26
371 Views
Last Modified: 2014-12-15
We recently migrated our exchange mail server to new hardware with a new name. The new mail server took on the interanl IP address of the old mail server so we did not need to change any routing at the firewall.  We have not had any issues sending email until recently one of the users received the following error message:


Remote Server returned '550-Your message was rejected by this user and was not delivered. 550-Reason: Your IP address [50.94.64.129] appears not to be an email server. 550-Protection provided by: MagicMail version 2.0 550-For more information, please visit the URL: 550-http://www.linuxmagic.com/best_practices/check_dynamic_reverse_dns.html 550-or contact your ISP or mail server operator. 550 e8cb91a0-6fff-11e4-b560-ab32f9f1dcf5'

In the message it states that the IP address 50.94.64.129 is not a mail server and that is correct.  Where did this IP come from?
0
Comment
Question by:NytroZ
  • 10
  • 6
  • 4
  • +2
26 Comments
 
LVL 2

Expert Comment

by:FinServCo
ID: 40452645
Did your user actually send an email to the domain/user that this error is coming from?

It may be that this is in response to a spoofed email.  The email was sent from someplace else, using your user's email address as the return address, but the receiving server rejected it because the IP address didn't match an MX record.
0
 
LVL 39

Expert Comment

by:footech
ID: 40452660
Is 50.94.64.129 an IP that is leased to you?

Send an email to an outside email address that you have access to and examine the headers to verify which IP email is coming from.
0
 

Author Comment

by:NytroZ
ID: 40452707
Yes, the user on our mail server did send the message to the outside recipient.  The address that appears to not be a mail server is an IP address in our subnet though I just can't understand where it is coming from.  so far only this single domain the user is sending to is having the issue.  All other messages are being delivered.
0
 
LVL 2

Expert Comment

by:jli168
ID: 40452723
what's your exchange outside ip? Have you check on ip who is to see 50.94.64.129 belongs to? It will better if you have header of the message.
0
 
LVL 2

Expert Comment

by:FinServCo
ID: 40452740
Have that user send you an email to an outside account so you can view the header.

Does that user experience the same result when sending from a different machine or through OWA?
0
 
LVL 2

Expert Comment

by:jli168
ID: 40452741
Do an outbound test to the recipient address from https://testconnectivity.microsoft.com/
0
 

Author Comment

by:NytroZ
ID: 40452853
Here is the header info when sending to an outside user.  I don't understand how the originating IP is showing up as 50.94.64.129 when the mail server is nat'd to 50.94.64.132.


Received-SPF: neutral (50.94.64.129 is neither permitted nor denied by domain of cont.com)
X-YMailISG: cpW76_oWLDvgDzecLmHc6hDhzyRcGz9IiMHRF0um9B7BhkNr
 ql9VhvUjaTcKJxU90d1fX95H5uqGYjLisxyBFuJz0eEuepj6ZMQy172waaU2
 NmtmXb7vYozRuDBLcOLO6FEGUaZEfF8CfaUG.uaeruz8euaoAmh6taEBEyjN
 0AsnwBGBqMLPf6hbVgCXnD58lIWGsuJ8Oslrbdvo8VXVz1WUa7g6czZHOa6Y
 aDQeSf5hXDKjOnq0zWJLpD5Kwqvio5XgK7t4qXbBsvdRr4BmjGh9OoUTme9D
 2ooD.g0he2MtG_mYesZO6CIWP6qDmY4DEbJeswKD5J1vYc1uwfKp8L2ehCyJ
 UAkUeKS6sRfJHIq3gbL8rWgGmti.Y7WWYV.wYRM2ea2I09nxBpQv4CsKa4pL
 eXns79wnr445C5Pb3f2mhdLMgFUq2c5WW.18zriLxSmvT9uAEY5dfh.Vpus0
 JWkG.D_LH7jjTdccitdhJYz9Uew.n25SBTRCPN0MkeWLlcx0BVrjNXNYMbZM
 zXVmG1x86oYG3lHbjA_DM5vrhW4qe2BMsoFxYGIzGbDfYSmTptEIeMqaLCEM
 y8BLepZpNOOVtJ3sNuS5MlmSW5MdwXeNRHqc3yfuE3UIU2Pup09hpPoKY.Pw
 rpHDYZLuLu6qpRVK6fMBctuU1qRrMoQ4FUTPZy4T3r_pKz6QyeXqwsAA.l_T
 zAckG.3kw7RQJIjWj_7_3PU.M75IxxB2ELXs.774UE8XdZToOb0LTYNjlHRy
 HFvqk8Xv78em3adhop_KApQ8xpwv3DWYPW3TQdoBsBAPVe5Izu2MZy_ckZj7
 ZSr4HvOa1xS1Y0N_MiGi1Gx2TJtFi8ADoVQaAAzTG46OMTDuFW4QQW3IYkEh
 Rx7GRJj7k3abrrgcx5PD_k2kDR_OhtPwJoAbBr2vIUpqfx.nftgBeIMEPjIb
 m12KG6qlrGeqmE.XB3Lew4W3wLtQYA1WHyRV.uFEVHY1VQHkZtpA140BeT0m
 VdgBRmk2TERlZeYgszuQjQXWfysNAoYd982JoY92dLJeBHQgvd.EQEbmvzpr
 wCB2iSH7lkUJaZbwidJsUB.lz_XOoAhiYBU8sFfYgGf8cX9vlMjIXjuFNuUv
 cxRLHaBwoDTYl7liT3WXftG36F4KpDpotJoXeQOzZ1M5Xe5S2wAdPWHSwi7g
 Mf6bG3_e5ZDJzHhN3GdauJfQp_7Ij9NrebvQWxRo39ynWPTh9bcZiGYeWNwb
 A9v4h421YlZCyiYpjm9uf.0d.7t4gziDXGFn7XnK7skPxIm20DDixMkMDCVG
 gjHC0Hq5OL9y4bTuhJMkgsvu4vtrIIA8AaQt.ECvcfMS
X-Originating-IP: [50.94.64.129]
Authentication-Results: mta1564.mail.gq1.yahoo.com  from=cont.com; domainkeys=neutral (no sig);  from=cont.com; dkim=neutral (no sig)
Received: from 127.0.0.1  (EHLO mail.cont.com) (50.94.64.129)
  by mta1564.mail.gq1.yahoo.com with SMTPS; Wed, 19 Nov 2014 16:27:48 +0000
Received: from C4HMAIL2.cont.local (192.168.50.30) by
 C4HMAIL2.cont.local (192.168.50.30) with Microsoft SMTP Server (TLS) id
 15.0.847.32; Wed, 19 Nov 2014 10:27:42 -0600
Received: from C4HMAIL2.cont.local ([fe80::31c4:55ea:fce5:dc8c]) by
 C4HMAIL2.cont.local ([fe80::31c4:55ea:fce5:dc8c%12]) with mapi id
 15.00.0847.030; Wed, 19 Nov 2014 10:27:42 -0600
From:  <to@cont.com>
To: to <to@cont.com>,
CC: "'auto0235@yahoo.com'" <auto0235@yahoo.com>
Subject: test
Thread-Topic: test
Thread-Index: AdAEFZ95xuyruexkQI2SLs7+yhVnkg==
Date: Wed, 19 Nov 2014 16:27:41 +0000
Message-ID: <cf0aeb2c938840c5976ced46cc248b5c@C4HMAIL2.cont.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.50.200]
Content-Type: multipart/alternative;
      boundary="_000_cf0aeb2c938840c5976ced46cc248b5cC4HMAIL2contlocal_"
MIME-Version: 1.0
Content-Length: 2028
0
 
LVL 39

Expert Comment

by:footech
ID: 40452873
Sounds like something isn't right in the firewall config.  Incoming connections to 50.94.64.132 may be routed correctly to your mail server, but it doesn't appear that outgoing connections from the mail server are using that IP.  So that needs to be corrected.
0
 
LVL 32

Expert Comment

by:it_saige
ID: 40452880
Just what I was going to say footech.

-saige-
0
 

Author Comment

by:NytroZ
ID: 40452886
Could it possibly be the anti spam service that is running on the sonic wall firewall?
0
 
LVL 39

Expert Comment

by:footech
ID: 40452946
It's been a few years since I was inside a SonicWall, but I don't believe the anti-spam service would affect this.  With many devices you can have separate rules for inbound and outbound NAT, and can also be set up depending on where the traffic is originating from.  I would guess that the 50.94.64.129 IP is what all traffic leaving your network appears from.
0
 
LVL 2

Expert Comment

by:jli168
ID: 40453059
Is the test message sent from OWA or on outlook client? Is it only on this user machine? The user machine might have SMTP service locally.
0
 

Author Comment

by:NytroZ
ID: 40453113
mg.netadv.net. - 72.14.19.90 [Could not connect: Got an unknown RCPT TO response: 550-Your message was rejected by this system and was not delivered.
550-Reason: Messages from your location are rejected, bad or missing identifier (HELO). Contact your email administrator
550-Protection provided by: MagicMail version 2.0
550-For more information, please visit the URL:
550-http://www.linuxmagic.com/best_practices/valid_helo_domain.html
550-or contact your ISP or mail server operator.
550 b3b66136-701b-11e4-bc28-a7ea8f4e6af8
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 32

Expert Comment

by:it_saige
ID: 40453156
Which Exchange version are you running?  You need to configure the SMTP EHLO (or HELO) header to match the external DNS name associated with your SPF record. i.e. - cont.com

-saige-
0
 

Author Comment

by:NytroZ
ID: 40453171
Exchange 2013

how do I configure that on the Exchange 2013 server?
0
 
LVL 32

Expert Comment

by:it_saige
ID: 40453189
From the Exchange Management Shell, use:
Get-RecieveConnector "C4HMAIL2\Default Frontend C4HMAIL2" | Set-RecieveConnector -fqdn "cont.com"

Open in new window


-saige-
0
 

Author Comment

by:NytroZ
ID: 40453249
The command returns the following error

[PS] C:\exchangesetuplogs\exchange>Get-ReceiveConnector "C4HMAIL2\Default Frontend C4HMAIL2" | Set-ReceiveConnector -fqdn "cont.com"
If the AuthMechanism attribute on a Receive connector contains the value ExchangeServer, you must set the FQDN parameter on the Receive connector to
one of the following values: the FQDN of the transport server "C4HMAIL2.cont.local", the NetBIOS name of the transport server "C4HMAIL2", or
$null.
    + CategoryInfo          : InvalidOperation: (C4HMAIL2\Default Frontend C4HMAIL2:ReceiveConnector) [Set-ReceiveConnector], InvalidFqdnUnde...erAu
   thException
    + FullyQualifiedErrorId : [Server=C4HMAIL2,RequestId=1c4b81dd-02f2-4351-a06f-9dd549b95316,TimeStamp=11/19/2014 7:11:35 PM] [FailureCategory=Cmdl
   et-InvalidFqdnUnderExchangeServerAuthException] D60C4F15,Microsoft.Exchange.Management.SystemConfigurationTasks.SetReceiveConnector
0
 
LVL 32

Expert Comment

by:it_saige
ID: 40453291
Ok, in that case use:
Get-RecieveConnector "C4HMAIL2\Default Frontend C4HMAIL2" | Set-RecieveConnector -banner "mail.cont.com"

Open in new window


And then add an external DNS record that has mail.cont.com which points to 50.94.64.132.

After the changes have propogated, you can validate your ehlo configuration by going to: http://cbl.abuseat.org/helocheck.html.

-saige-
0
 

Author Comment

by:NytroZ
ID: 40453577
After doing all of the suggestions the problem is still there.  I receive the following error:


Remote Server returned '550-Your message was rejected by this user and was not delivered. 550-Reason: Your IP address [50.94.64.129] appears not to be an email server. 550-Protection provided by: MagicMail version 2.0 550-For more information, please visit the URL: 550-http://www.linuxmagic.com/best_practices/check_dynamic_reverse_dns.html 550-or contact your ISP or mail server operator. 550 52e9c5e4-7031-11e4-923d-9f836f0db8fb'
0
 
LVL 32

Expert Comment

by:it_saige
ID: 40453596
Have you configured the outbound nat so that responses from your mail server on port 25 go out at 50.94.64.132?

-saige-
0
 

Author Comment

by:NytroZ
ID: 40453615
This is the result from the CBL test.  Does this tell me anything?

helocheck.abuseat.org rejected your message to the following email addresses:
helocheck@helocheck.abuseat.org (helocheck@helocheck.abuseat.org)
helocheck.abuseat.org gave this error:
*** The HELO for IP address 50.194.64.129 was 'mail.cont.com' (valid syntax) ***
A problem occurred while delivering this message to this email address. Try sending this message again. If the problem continues, please contact your helpdesk.
0
 
LVL 39

Expert Comment

by:footech
ID: 40453646
It shows that mail is still going out from 50.194.64.129 instead of 50.194.64.132.
Adjust your NAT.
0
 
LVL 32

Accepted Solution

by:
it_saige earned 500 total points
ID: 40453651
Well this basically says that your email server is responding on 50.194.64.129 with a valid ehlo address of mail.cont.com.  This is good.

However, the bounceback from MagicMail is telling you that the SPF record for your domain does not include 50.194.64.129 as an authorized address to send mail from.  This is bad.

So you're two choices.  Modify the SPF record to include the ip address that mail is comming from now (frowned upon but not illegal with regards to the RFC specifications) or designate to your outbound nat (firewall) that traffic from your mail server on port 25 is to be sent out from 50.94.64.132.

-saige-
0
 

Author Comment

by:NytroZ
ID: 40455439
Ive tried both of your suggestions and I still cannot get a message delivered to this $%^*@ domain!  Does the SPF record look correct?

cont.com.  IN TXT "v=spf1 mx a ptr a:mail.cont.com ~all"

Here is the response from a DNS reverse lookup:

132.64.94.50.in-addr.arpa. PTR IN 3600 56ms 50-94-64-132-static.hfc.comcastbusiness.net.
0
 
LVL 2

Expert Comment

by:FinServCo
ID: 40455642
You've got a typo.  You have 132.64.94.50 but it should be 132.64.194.50.
0
 

Author Comment

by:NytroZ
ID: 40455658
We are receiving more of these errors now:

The server returned status code 500 - Syntax error, command unrecognized. The server response was: No SMTP Service
Exception details:
Message: Syntax error, command unrecognized. The server response was: No SMTP Service
0

Featured Post

The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now