Link to home
Start Free TrialLog in
Avatar of M A
M AFlag for United States of America

asked on

Emails bouncing back

Few mails are bouncing back with undelivered notification. below is the content of one email that bounced back. I checked reverse DNS entry. Your help is highly appreciated.




An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.

The following organization rejected your message: cgpfe1.batelco.com.bh.

  _____  

Sent by Microsoft Exchange Server 2007







Diagnostic information for administrators:

Generating server: uopmail.uopkt.com

devlab@prisma.com.bh
cgpfe1.batelco.com.bh #591 devlab@prisma.com.bh your host [168.187.83.138] is blacklisted by bl.spamcop.net. No mail will be accepted ##

Original message headers:

Received: from uopmail.uopkt.com ([192.168.0.204]) by uopmail.uopkt.com
 ([192.168.0.204]) with mapi; Wed, 25 Mar 2009 10:12:54 +0300
From: Ashok Kumar <marketing@uopkt.com>
To: Krishna Mohan <devlab@prisma.com.bh>
Date: Wed, 25 Mar 2009 10:12:51 +0300
Subject: The sun will never set on the petro-economies, just covered by
 clouds
Thread-Topic: The sun will never set on the petro-economies, just covered by
 clouds
Thread-Index: AcmtGRwZ2efdY0DST3qnJ8uDAU6V9g==
Message-ID: <9264FA75B8147B4FA4B76B2A52FE718C431F5C85CC@uopmail.uopkt.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative;
      boundary="_000_9264FA75B8147B4FA4B76B2A52FE718C431F5C85CCuopmailuopktc_"
MIME-Version: 1.0
Avatar of M A
M A
Flag of United States of America image

ASKER

one more mail bounced back with another error. below is the error.


Delivery has failed to these recipients or distribution lists:

campestre@campestre.com.br
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.

The following organization rejected your message: servidor3.molservidores.com.

  _____  

Sent by Microsoft Exchange Server 2007







Diagnostic information for administrators:

Generating server: uopmail.uopkt.com

campestre@campestre.com.br
servidor3.molservidores.com #554 This server requires PTR for unauthenticated connections. ##

Original message headers:

Received: from uopmail.uopkt.com ([192.168.0.204]) by uopmail.uopkt.com
 ([192.168.0.204]) with mapi; Wed, 25 Mar 2009 10:44:34 +0300
From: Muhammed Asif <mohdasif@uopkt.com>
To: "campestre@campestre.com.br" <campestre@campestre.com.br>
Disposition-Notification-To: Muhammed Asif <mohdasif@uopkt.com>
Date: Wed, 25 Mar 2009 10:44:33 +0300
Subject: Test mail
Thread-Topic: Test mail
Thread-Index: AcmsVcvM2nvyepzYRz2ALrvZtgA8qQABNI1gADC1zCA=
Message-ID: <9264FA75B8147B4FA4B76B2A52FE718C431F5C85DF@uopmail.uopkt.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative;
      boundary="_000_9264FA75B8147B4FA4B76B2A52FE718C431F5C85DFuopmailuopktc_"
MIME-Version: 1.0


Please help
Muhammed Asif
Hi abbasiftt,

Well... Your issue is: "your host [168.187.83.138] is blacklisted by bl.spamcop.net. No mail will be accepted"

If you believe that your host IP should not be blacklisted, go to the spamcop.net site, enter your IP and request to be removed from their blacklist.

I would recommend checking your AV software as well as open relays on your Exchange server.

Let me know if you need more assistance.

Cheers
Avatar of M A

ASKER

Thanks for your quck reply. I requested to do so.
What is the cuase of the  second error.

Thnaks
Muhammed Asif

My pleasure.

Well, it says that it requires a prt record for your Exchange or smarthost. I would suggest that you ask your ISP to create a PTR record on their side that points to your IP address.

More and more companies do reverse lookups to try and minimize spam.
Avatar of M A

ASKER

1.You mean, global IP that points to mail.domain.com?
2. Please let me know how to check the open relay  in exchange and what to check AV software.

Thanks
Muhammed Asif
Avatar of M A

ASKER

Below is the reply I from ISP. (seems It is already there).
By the way this problem is for only 2or 3 domains.

Dear Muhammed Asif,

Reference to below results, we notice PTR already exist for 168.187.83.139.

dig -x 168.187.83.139

; <<>> DiG 9.2.5 <<>> -x 168.187.83.139
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1188
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;139.83.187.168.in-addr.arpa.   IN      PTR

;; ANSWER SECTION:
139.83.187.168.in-addr.arpa. 518400 IN  PTR     mail.uopkt.com.



Ok, so I take it the PTR record points to your mail server and the name is correct as well?

You can check for open relay here:

http://www.checkor.com/
Avatar of M A

ASKER

Below is the result from the site.
Please check and let me know if there is any issue.


220 mail.uopkt.com ESMTP Symantec Mail Security
HELO ortest.checkor.com
250 mail.uopkt.com
RSET
250 Ok
MAIL FROM: test@checkor.com
250 Ok
RCPT TO: test1@checkor.com
554 : Relay access denied


--------------------------------------------------------------------------------
RSET
250 Ok
MAIL FROM:
501 Syntax: MAIL FROM:

RCPT TO: test1@checkor.com
503 Error: need MAIL command


--------------------------------------------------------------------------------
RSET
250 Ok
MAIL FROM: spam@mail.uopkt.com
250 Ok
RCPT TO: test1@checkor.com
554 : Relay access denied


--------------------------------------------------------------------------------
RSET
250 Ok
MAIL FROM: spam@mail.uopkt.com
250 Ok
RCPT TO: test1@checkor.com
554 : Relay access denied


--------------------------------------------------------------------------------
RSET
250 Ok
MAIL FROM: spam@mail.uopkt.com
250 Ok
RCPT TO: test1@mail.uopkt.com
554 : Relay access denied


--------------------------------------------------------------------------------
RSET
250 Ok
MAIL FROM: spam@mail.uopkt.com
250 Ok
RCPT TO: "test1@test.com"@mail.uopkt.com
554 : Relay access denied


--------------------------------------------------------------------------------
RSET
250 Ok
MAIL FROM: spam@mail.uopkt.com
250 Ok
RCPT TO: @mail.uopkt.com:spamtest@checkor.com
554 : Relay access denied

Thanks
Muhammed Asif
Cool. Your server is secure, so you do not have to worry about an open replay.

Do you have Anti Virus installed on your network?
Avatar of M A

ASKER

Yes, Symantec EP
And it's updated I take it?

How long before you're cleared from the blacklist? It's usually about 48 hours, if I remember correctly.
Avatar of M A

ASKER

For the blacklist issue what I have done is I changed the IP of the gateway. after that mail went through.
But what could be solution for the second problem (mail bounced back with another error which I mentioned before). Now so many mails bounced back with same error (see error below)

Awaiting your reply.
Muhammed Asif
Avatar of M A

ASKER

Delivery has failed to these recipients or distribution lists:

vendas@klemm.com.br
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.

The following organization rejected your message: peninha.viavale.com.br.

  _____  

Sent by Microsoft Exchange Server 2007







Diagnostic information for administrators:

Generating server: uopmail.uopkt.com

vendas@klemm.com.br
peninha.viavale.com.br #550 5.7.1 Client host rejected: cannot find your hostname, [168.187.83.138] ##

Original message headers:

Received: from uopmail.uopkt.com ([192.168.0.204]) by uopmail.uopkt.com
 ([192.168.0.204]) with mapi; Tue, 24 Mar 2009 08:21:22 +0300
From: Toby Calipay <po@uopkt.com>
To: "clarim@viavale.com.br" <clarim@viavale.com.br>, "vendas@klemm.com.br"
      <vendas@klemm.com.br>
Date: Tue, 24 Mar 2009 08:21:21 +0300
Subject: Inquiry Soyabean Oil "Refined"
Thread-Topic: Inquiry Soyabean Oil "Refined"
Thread-Index: AcgcZxnhHYuJtTc9Slan+IKXuwbSIAFI6RbbAPa5NPNhjTJ/sAAFClTAACRWmTA=
Message-ID: <9264FA75B8147B4FA4B76B2A52FE718C30AA59787F@uopmail.uopkt.com>
References: <334D893A319FBC4D8BA0C241FD5741A208A6CD@uopmain.uopkt.com>  
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative;
      boundary="_000_9264FA75B8147B4FA4B76B2A52FE718C30AA59787Fuopmailuopktc_"
MIME-Version: 1.0

When you changed your IP address, the PTR record at your ISP is no longer valid. You need to ask your ISP to change the PTR record to the new IP you have changed to.
Avatar of M A

ASKER

How to find out which PC is generating junk mails. Because now the changed IP is also blocked.
And the they sent me an email saying that if your request to unblock the IP comes frequntly they will block completely.To solve it you have to find and fix the PC/server which is generating spam.

Your help is highly appreciated.
Muhamed Asif
Avatar of M A

ASKER

Thanks for your quick response.
I change the IP of the gateway not the IP of the mail server.
 
Thanks
Muhamed Asif
Is your gateway responsible for sending the mail? I mean, is it a smarthost?

How many PC do you have in your organization? If not too many, I would suggest that you download and install MalwareBytes on each system and do a scan to see which PC is infected and is sending out the mail.

You can download it here:
http://www.malwarebytes.org/mbam.php

You can use the free trial version.
Avatar of M A

ASKER

No the gateway IP is different than the mai lP. But now again I changed the IP for the time being otherwise users will make problem.

25 clients in the network.

Thanks
Muhammed Asif
Ok. That's not too bad. Install MalwareBytes and scan all the PC's. Let me know what you find.
Avatar of M A

ASKER

There was some trojans  in one of the server and cleaned using the software u  mentioned above.
Now let me check.

Any idea about the other  error

Thanks
Muhammed Asif
Good, your spam should stop now.

About the other error:

If you want your mail delivered properly the Official Host Name of the sending server should match the PTR (reverse DNS) of the sending IP Address, and there should be an "A" record that matches the OHN as well.

Example:

mail.yourdomain.com (Official Host Name) on 123.123.123.123
PTR for 123.123.123.123 should match mail.yourdomain.com (contact you ISP to do this for you)
There should be an A record in yourdomain.com pointing to 123.123.123.123

Problem will go away if you do the above.
Avatar of M A

ASKER

I have configured it before on my last discussion with you. I think it is the same as you mentioend above. see below for the current settings.

mail.domain.com  pointsto 123.123.123.123  (A record externallly)
mail.domain.com  pointsto  192.168.0.222 (A record internallly)
mail.domain.com pointsto 123.123.123.123 (done by ISP) PTR

But let's wait for next working day and check. I think It will work.

Many Thanks for your prompt reply
Muhammed Asif
Avatar of M A

ASKER

I tried sending that mail now I got error again (see error below). Can you please check what is the problem with this error. This error is something different than the other error. By looking at the error you would be able to give me a solution.

By the way I have two exchange servers in the network
first one working as HUB but mail,and cas installed on the same ( IP:192.168.0.203.)
second one has all the three roles installed,all the mailbox stored in this server (IP 192.168.0.204).
but first one is gateway to internet



Delivery has failed to these recipients or distribution lists:

campestre@campestre.com.br
An error occurred while trying to deliver this message to this recipient e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.

The following organization rejected your message: servidor3.molservidores.com.

Sent by Microsoft Exchange Server 2007
Diagnostic information for administrators:

Generating server: exch.uopkt.com

campestre@campestre.com.br
servidor3.molservidores.com #554 IP Bloqueado por SPAM (168.187.83.140) - Barracuda ##
Original message headers:
Received: from uopmail.uopkt.com ([192.168.0.204]) by exch.uopkt.com
 ([192.168.0.203]) with mapi; Sat, 28 Mar 2009 09:21:20 +0300
From: Muhammed Asif <mohdasif@uopkt.com>
To: "campestre@campestre.com.br" <campestre@campestre.com.br>
Disposition-Notification-To: Muhammed Asif <mohdasif@uopkt.com>
Date: Sat, 28 Mar 2009 09:20:48 +0300
Subject: Test mail
Thread-Topic: Test mail
Thread-Index: AcmsVcvM2nvyepzYRz2ALrvZtgA8qQABNI1gADC1zCAAk/YWoA==
Message-ID: <9264FA75B8147B4FA4B76B2A52FE718C5597FD497F@uopmail.uopkt.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative;
      boundary="_000_9264FA75B8147B4FA4B76B2A52FE718C5597FD497Fuopmailuopktc_"
MIME-Version: 1.0


Thanks
Muhammed Asif
Avatar of M A

ASKER

Can you please tell me what is the problem with the below error .
Thanks for all your support. All the other disappeared I think. This is the only error.




Delivery has failed to these recipients or distribution lists:

Juaidan-Al, Mohammed S.
An error occurred while trying to deliver this message to the recipient's e-mail address. Microsoft Exchange will not try to redeliver this message for you. Please try resending this message, or provide the following diagnostic text to your system administrator.

The following organization rejected your message: ESMTP.

  _____  

Sent by Microsoft Exchange Server 2007







Diagnostic information for administrators:

Generating server: uopmail.uopkt.com

MohammedSJ@SABIC.com
ESMTP #554 Transaction Failed Spam Message not queued. ##

Original message headers:

Received: from uopmail.uopkt.com ([192.168.0.204]) by uopmail.uopkt.com
 ([192.168.0.204]) with mapi; Tue, 31 Mar 2009 10:44:52 +0300
From: Toby Calipay <po@uopkt.com>
To: "Juaidan-Al, Mohammed S." <MohammedSJ@SABIC.com>
Date: Tue, 31 Mar 2009 10:44:50 +0300
Subject: Styrene Monomer
Thread-Topic: Styrene Monomer
Thread-Index: Acmx0NPyBCGmtQA4RluLlXcG/vWGmgAAnW+Q
Message-ID: <9264FA75B8147B4FA4B76B2A52FE718C5597FD4A3A@uopmail.uopkt.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/mixed;
      boundary="_006_9264FA75B8147B4FA4B76B2A52FE718C5597FD4A3Auopmailuopktc_"
MIME-Version: 1.0



Thanks
Muhammed Asif
Avatar of M A

ASKER

I tried both of the URL you provided me. I am sorry still there is problem.
Any other solution

Thanks
Muhammed Asif
ASKER CERTIFIED SOLUTION
Avatar of M A
M A
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial