• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Inbound messages from Internet spam filter refused

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> Message Routing >> Inbound messages from Internet spam filter refused Page: [1]
Login
Message << Older Topic   Newer Topic >>
Inbound messages from Internet spam filter refused - 29.Jul.2014 11:05:55 PM   
PFry

 

Posts: 1
Joined: 29.Jul.2014
Status: offline
I recently took over management of an SBS 2008 server. 2 other organizations managed the server before my tenure started.

One or the other of the previous managers had implemented a SonicWall ESA 300 Email Security appliance as an inbound SMTP gateway. The ESA 300 provided content and attachment filtering prior to delivery to the Exchange Server. Email flowed without issue when the ESA 300 was in place. The organization which managed the server before me removed the ESA 300 immediately before I began my tenure.

I do not know what customizations the previous managers made to the standard Exchange configuration within SBS 2008.

SMTP mail flow has been problematic since the removal of the ESA 300. There has been an increase in spam and there have been problems both sending to outside email addresses and receiving mail from outside domains.

In an effort to alleviate these issues. I tried to put a cloud based email filtering service in place. To be specific, the service is McAfee SAAS. I have used the service successfully with several other Exchange Servers I manage two of which are Exchange 2007.

The Exchange Server passed the simple SMTP test offered by McAfee SAAS. After the successful test, I created MX records for the service and began routing mail through McAfee SAAS. (I later switched the MX records back to point directly to the Exchange Server).

The Exchange Server refused to accept any email from McAfee SAAS. McAfee SAAS gives the following SMTP log:

2014-07-29 20:47:44 MDTRecipient Disposition: [250 Deferred; Mode: normal; Queued: yes; Frontend TLS: no; SPF: n/a]
2014-07-29 20:52:08 MDTDetail: permanent failure from dir[new]: 554 validating sender: 5.7.1 this message has been blocked because the helo/ehlo domain is invalid.

The Exchange Server gives the following details:

2014-07-30T02:52:07.817Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2913,0,192.168.3.2:25,208.65.145.245:5589,+,,
2014-07-30T02:52:07.817Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2913,1,192.168.3.2:25,208.65.145.245:5589,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2014-07-30T02:52:07.817Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2913,2,192.168.3.2:25,208.65.145.245:5589,>,"220 mail.law.com Microsoft ESMTP MAIL Service ready at Tue, 29 Jul 2014 20:52:07 -0600",
2014-07-30T02:52:07.918Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2913,3,192.168.3.2:25,208.65.145.245:5589,<,EHLO p02c12m097.mxlogic.net,
2014-07-30T02:52:07.918Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2913,4,192.168.3.2:25,208.65.145.245:5589,>,250-mail.law.com Hello [208.65.145.245],
2014-07-30T02:52:07.918Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2913,5,192.168.3.2:25,208.65.145.245:5589,>,250-SIZE 20971520,
2014-07-30T02:52:07.918Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2913,6,192.168.3.2:25,208.65.145.245:5589,>,250-PIPELINING,
2014-07-30T02:52:07.918Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2913,7,192.168.3.2:25,208.65.145.245:5589,>,250-DSN,
2014-07-30T02:52:07.918Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2913,8,192.168.3.2:25,208.65.145.245:5589,>,250-ENHANCEDSTATUSCODES,
2014-07-30T02:52:07.918Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2913,9,192.168.3.2:25,208.65.145.245:5589,>,250-AUTH,
2014-07-30T02:52:07.918Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2913,10,192.168.3.2:25,208.65.145.245:5589,>,250-8BITMIME,
2014-07-30T02:52:07.918Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2913,11,192.168.3.2:25,208.65.145.245:5589,>,250-BINARYMIME,
2014-07-30T02:52:07.918Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2913,12,192.168.3.2:25,208.65.145.245:5589,>,250 CHUNKING,
2014-07-30T02:52:07.959Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2913,13,192.168.3.2:25,208.65.145.245:5589,-,,Remote
2014-07-30T02:52:08.122Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2914,0,192.168.3.2:25,208.65.145.245:9094,+,,
2014-07-30T02:52:08.122Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2914,1,192.168.3.2:25,208.65.145.245:9094,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2014-07-30T02:52:08.122Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2914,2,192.168.3.2:25,208.65.145.245:9094,>,"220 mail.law.com Microsoft ESMTP MAIL Service ready at Tue, 29 Jul 2014 20:52:07 -0600",
2014-07-30T02:52:08.222Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2914,3,192.168.3.2:25,208.65.145.245:9094,<,EHLO p02c12m097.mxlogic.net,
2014-07-30T02:52:08.222Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2914,4,192.168.3.2:25,208.65.145.245:9094,>,250-mail.law.com Hello [208.65.145.245],
2014-07-30T02:52:08.222Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2914,5,192.168.3.2:25,208.65.145.245:9094,>,250-SIZE 20971520,
2014-07-30T02:52:08.222Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2914,6,192.168.3.2:25,208.65.145.245:9094,>,250-PIPELINING,
2014-07-30T02:52:08.222Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2914,7,192.168.3.2:25,208.65.145.245:9094,>,250-DSN,
2014-07-30T02:52:08.222Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2914,8,192.168.3.2:25,208.65.145.245:9094,>,250-ENHANCEDSTATUSCODES,
2014-07-30T02:52:08.222Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2914,9,192.168.3.2:25,208.65.145.245:9094,>,250-AUTH,
2014-07-30T02:52:08.222Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2914,10,192.168.3.2:25,208.65.145.245:9094,>,250-8BITMIME,
2014-07-30T02:52:08.222Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2914,11,192.168.3.2:25,208.65.145.245:9094,>,250-BINARYMIME,
2014-07-30T02:52:08.222Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2914,12,192.168.3.2:25,208.65.145.245:9094,>,250 CHUNKING,
2014-07-30T02:52:08.262Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2914,13,192.168.3.2:25,208.65.145.245:9094,-,,Remote
2014-07-30T02:52:23.241Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2915,0,192.168.3.2:25,208.65.144.126:40737,+,,
2014-07-30T02:52:23.241Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2915,1,192.168.3.2:25,208.65.144.126:40737,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2014-07-30T02:52:23.241Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2915,2,192.168.3.2:25,208.65.144.126:40737,>,"220 mail.law.com Microsoft ESMTP MAIL Service ready at Tue, 29 Jul 2014 20:52:22 -0600",
2014-07-30T02:52:23.284Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2915,3,192.168.3.2:25,208.65.144.126:40737,<,QUIT,
2014-07-30T02:52:23.284Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2915,4,192.168.3.2:25,208.65.144.126:40737,>,221 2.0.0 Service closing transmission channel,
2014-07-30T02:52:23.284Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2915,5,192.168.3.2:25,208.65.144.126:40737,-,,Local
2014-07-30T02:54:03.390Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2916,0,192.168.3.2:25,208.65.144.126:46366,+,,
2014-07-30T02:54:03.390Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2916,1,192.168.3.2:25,208.65.144.126:46366,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2014-07-30T02:54:03.391Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2916,2,192.168.3.2:25,208.65.144.126:46366,>,"220 mail.law.com Microsoft ESMTP MAIL Service ready at Tue, 29 Jul 2014 20:54:03 -0600",
2014-07-30T02:54:03.432Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2916,3,192.168.3.2:25,208.65.144.126:46366,<,QUIT,
2014-07-30T02:54:03.433Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2916,4,192.168.3.2:25,208.65.144.126:46366,>,221 2.0.0 Service closing transmission channel,
2014-07-30T02:54:03.433Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2916,5,192.168.3.2:25,208.65.144.126:46366,-,,Local
2014-07-30T02:55:43.500Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2917,0,192.168.3.2:25,208.65.144.126:53600,+,,
2014-07-30T02:55:43.500Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2917,1,192.168.3.2:25,208.65.144.126:53600,*,SMTPSubmit SMTPAcceptAnySender SMTPAcceptAuthoritativeDomainSender AcceptRoutingHeaders,Set Session Permissions
2014-07-30T02:55:43.500Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2917,2,192.168.3.2:25,208.65.144.126:53600,>,"220 mail.law.com Microsoft ESMTP MAIL Service ready at Tue, 29 Jul 2014 20:55:43 -0600",
2014-07-30T02:55:43.542Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2917,3,192.168.3.2:25,208.65.144.126:53600,<,QUIT,
2014-07-30T02:55:43.543Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2917,4,192.168.3.2:25,208.65.144.126:53600,>,221 2.0.0 Service closing transmission channel,
2014-07-30T02:55:43.543Z,SBS\Windows SBS Internet Receive SBS,08D17514FA7E2917,5,192.168.3.2:25,208.65.144.126:53600,-,,Local

One thing I noticed when I reviewed the logs is that the SMTP transaction seems to switch ports.

I appreciate any help figuring out why the connection is failing. Thanks.
Post #: 1
RE: Inbound messages from Internet spam filter refused - 28.Aug.2014 3:33:04 AM   
amanda_lakai

 

Posts: 44
Joined: 13.May2014
Status: offline
The messages may be rejected due either the content of the message or the reputation of the sending IP address. Have you added the sender to your allow list.

If you still face the issue, for help write to: saas-falsepositives@mcafeesubmissions.com

(in reply to PFry)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> Message Routing >> Inbound messages from Internet spam filter refused Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter