Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 169
  • Last Modified:

Bounce Back Message From Specific Domain

We have a business in town that sends different users emails. They're occasionally getting bounce back messages with the following errors: '550 4.4.7 QUEUE.Expired; message expired' and '421 4.4.0 Remote server response was not RFC conformant'. I spoke with our spam filter provider and they don't show the emails hitting the spam filter and said that their domain is doing a PTR look up before sending the mail to recipient end. Since the the mx record of our domain points to the spam filter server and does not match up to their A records it is sending the mail out to the MX record.

Not all of their emails are being returned, just occasionally. I'm hoping to get some more information so I can pass it on to them if it is their problem. I know they said they were getting returned emails from other businesses that they send to so it could be on their end.
0
itgolfer
Asked:
itgolfer
  • 6
  • 4
  • 3
1 Solution
 
KimputerCommented:
These problems are best solved at the source server. In this case, I think you don't have full control over it?
Usually you need the FULL SMTP logs to figure out what exactly the destination server doesn't like.
Sending servers do not check PTR records, as delivering the mail is the most important job of a sending server. Receiving servers do PTR records check, as they don't want the receive spam.
Your concern that your MX records points to a cloud spam filter is not warranted, unless YOU are the sending server.
0
 
itgolferAuthor Commented:
Correct, I don't really have control over the sending server. I was just hoping if something was in the those errors that I could help them diagnose the problem.
0
 
KimputerCommented:
Sometimes an error code is enough indeed, but only when the problem is as clear as day (ex "Attachment too large, 15MB")
In this case, while there is text explaining what's wrong, it's not specific enough (it says a response was not compliant, but not EXACTLY which response).
At the source server, you could capture the entire traffic, and the line JUST before it gives the error, should be the offending one.
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
Pune TechCommented:
I have gone through following technet article and found this issue is purely related to reverse lookup and this should by problem with your side and not other side.

https://social.technet.microsoft.com/Forums/en-US/aca4759d-5baf-4e7c-a6b5-ab5528a8e8c6/421-440-remote-server-response-was-not-rfc-conformant?forum=exchangesvrsecuremessaginglegacy

OK so can you tell me what hello or EHLOp your server is presenting like

EHLO mail.xxxxxxxxxxx.co.uk\r\n

we get a 250 response

Response: 250-proofpoint-xxxxxxx.co.uk Hello no-reverse.redstone-isp.net [212.44.xx.xxx] (may be forged), pleased to meet you\r\n

And what reverse DNS records is available with your DNS provider.
0
 
Pune TechCommented:
Right now what is happening is your exchange server is saying my name is itgolpher.contoso.com and IP is x.x.x.x

When other end server try to resolve x.x.x.x they are getting different name like Pune.contoso.com but server says I am itgolpher and dns says I am Pune so it is creating mismatch.

Where is your DNS records is hosted ?
0
 
itgolferAuthor Commented:
I do have the forwarded bounce back message if that helps. It contains the headers but I'm not sure if that's enough info.
0
 
Pune TechCommented:
Please post.
0
 
KimputerCommented:
All these questions are quite useless if you're not in full control of that Exchange server. Bounce back messages are usually not enough information.
0
 
Pune TechCommented:
@ kimcomuter : please see following article what Can You Find in an Email Header?

http://www.howtogeek.com/108205/htg-explains-what-can-you-find-in-an-email-header/
0
 
KimputerCommented:
@PuneTech: I know all about headers. What you seem to forget is that the REAL FAILING email, is sent from an Exchange server OUTSIDE the asker's control. The REAL FAILING email WILL HAVE NO HEADERS as the email fails and doesn't actually exist. The EMAIL HEADER is from the bounce, and will be generated on that exact same server, and this is the bounce message that the asker has (which is useless except for the SMTP error!)
You need the FULL CONVERSATION from the original Exchange Server with the next hop to find out WHICH RFC rule is being broken. because you need to follow up on this error: 421 4.4.0 Remote server response was not RFC conformant'
Obviously, it may very well be a reverse DNS entry causing it, but again, the DNS will be just as likely out of asker's control.
0
 
Pune TechCommented:
Please don't mind , I do apologize.

But if you read itgolpher last comment it says . "it contains the headers"

So I said please post.

Bye good night going for sleep
0
 
itgolferAuthor Commented:
My apologies, I was waiting to hear back from our spam filter provider. They made a change and things seem to be coming in without issue now. Thanks for all of your help.
0
 
Pune TechCommented:
Nice to here from you and thanks for the update, have a good day.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

  • 6
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now