Baracude Intent Analiser - Reject on an "associated" domain.

I use mxlogic spam and continuity services from McAfee for many of my clients.

I recently had email from a client domain blocked with the follwing failure information:

This message was created automatically by mail delivery software.

A message that you have sent could not be delivered to one or more recipients.  This is a permanent error.  The following address failed:

  <charris@xxxxxlaw.com>: Backend Replied [acd5c955.0.4240330.00-265.11268133.p01c11o142.mxlogic.net]:  permanent failure for one or more recipients (charris@xxxxxlaw.com:blocked) (Mode: queuesafe)

I ended up talking with their (the recipient's) IT who said that we were being blocked by Baracuda (Web Hosted) service using "Intent Anayliser" and the the senders domain (xxx-yyyy.com) was blocked due a crossover with two other domains. One of the "crossed" domains (Their lingo) is mine, and the other is completely foreign to me.

I do not use Baracuda devices or service, so I am not familiar with the "Intent Annaliser". And I am terribly confused on how the three domains are "cross linked".

Does anyone have insight?
AlisanneLead CondultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
Intent Analysis can be enabled or disabled on the INBOUND SETTINGS > Anti-spam/Antivirus page. Domains can also be blocked based on or exempt from Intent Analysis on the INBOUND SETTINGS > Content Policies page.  
https://techlib.barracuda.com/display/bessv10/intent+analysis+-+inbound+mail
0
AlisanneLead CondultantAuthor Commented:
David,

Thank you, for the info, but the barracuda belongs to the other side of the equation and is not part of our solutions.

My question is what is the intent analysis checking because domain1.com (My clients sending domain) is being rejected based upon:

Action: Blocked
Reason: Intent (domain2.com(domain3.com)->blocked)

So, according to their Network admin with the Barracuda service,  my clients email is being blocked based upon my domain cross-linked with another domain (Completely foreign to me).

I am trying to find out why my client's email from domain1.com would be blocked for my domain appended by a foreign domain; domain2.com(domain3.com)

I have a screen print of the barracuda "Message Detail" that i can send under separate cover.

While the other IT has White listed the domains in question, I don't want this to be repeated with other recipients, as I assume barracuda has a reasonable market share.
0
David Johnson, CD, MVPOwnerCommented:
my domain cross-linked with another domain (Completely foreign to me). It must be something in your DNS.. check your domain on mxtoolbox.com and report the findings
0
How the Cloud Can Help You as an MSSP

Today, every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. Register today to learn more!

AlisanneLead CondultantAuthor Commented:
MXtoolbox Super Tool Results Searched on Domain1.com name:

Host matches domain for all inquiries

3 Problems:

dns     SOA Expire Value out of recommended range
spf      No records found
smtp  May be an open relay    --  domain1.com.inbound10.mxlogic.net

But, I think I might have found the problem.  MXToolBox Super Tool Results Searched from IP address of exchange server shows a different domain name and I get a few problems:

dns      Name Servers are on the Same Subnet        More Info
dns      Primary Name Server Not Listed At Parent        More Info
dns      SOA Expire Value out of recommended range        More Info
spf      No records found        More Info
smtp      Domain0.net.inbound10.mxlogic.net      May be an open relay.

The firm originally had a domain name that the server, RWW, etc was (and still is) setup as (Domain0.net).  The firm name changed partners and got a new domain (Domain1.com).  It was setup as a 2nd FQDN on the exchange server, and was registered as an alias with mxlogic.  We use a Smart Host to send mail and have never had any issues.

Could this be what the intent analysis is bumping into?  It still does not explain the wired domain "Berkelybags.com" (The Domain3.com) that I have no clue how it fits into the equation.

Would setting up a spf record resolve the issues?
0
AlisanneLead CondultantAuthor Commented:
OK!  When i do an MXlookup on Berkelybags.com (Should have started here)!

it shows the ip address of my clients server, and a PTR with same IP address and the clients remote.domain1.net (Original domain name).  

This is VERY odd!
0
AlisanneLead CondultantAuthor Commented:
OK, I check the same domain from another location and get different results:

Check 1:

mx:berkelybags.com   Find Problems    mx  
No mx Records exist

dns lookup      dns check      whois lookup      spf lookup      dns propagation
Reported by e.gtld-servers.net on 7/8/2015 at 6:18:46 PM (UTC -5), just for you.  (History)  Transcript
ptr:mx:66.224.117.163      ptr  
Type      IP Address      Domain Name      TTL
PTR      66.224.117.163      remote.cecilialee.net      24 hrs
dns lookup      dns check      mx lookup      whois lookup      dns propagation
Reported by ns0.msp.eschelon.com on 7/8/2015 at 6:18:26 PM (UTC -5), just for you.  (History)  Transcript

Check 2:

mx:berkelybags.com   Find Problems    mx  
Register for a Free MxToolBox Account for access to more features.
No mx Records exist

dns lookup      dns check      whois lookup      spf lookup      dns propagation
Reported by k.gtld-servers.net on 7/8/2015 at 6:26:42 PM (UTC -5), just for you.  (History)  Transcript
mx:berkeleybags.com   Find Problems    mx  
Pref      Hostname      IP Address      TTL      
5      mail.idp365.net      217.19.248.131      24 hrs      Blacklist Check      SMTP Test
dns lookup      dns check      whois lookup      spf lookup      dns propagation
Reported by dns3.idp365.net on 7/8/2015 at 6:25:59 PM (UTC -5), just for you.  (History)  
0
AlisanneLead CondultantAuthor Commented:
I set up a smart host and the problem was resolved.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AlisanneLead CondultantAuthor Commented:
I did not get a solution from the experts, and I ended up getting resolution from the Continuity service's tech support.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
AntiSpam

From novice to tech pro — start learning today.