At 12:59 PM -0800 1/10/07, Paul Didzerekis imposed structure on a
stream of electrons, yielding:
Can anyone here see what is causing the following problem and
suggest a solution?
The problem is that someone tries to send email from
tricityregionalchamber.com to one of our client domains tcajob.com
and our server instantly bounces back the message to the sending
server with an error that the user is unknown. I think it is
bouncing all messages they try to send to us at any of the domains
we host. The server at tcajob.com (Web*V) performs spam content and
RBL filtering and such and is setup to forward messages for that
domain on to another server (SIMS) that handles the POP accounts for
that domain. We don't have this problem with any other domains we
host or emails coming from any other place.
There's a contradiction there. Is it all of your domains or just one?
I suspect that the sending server/domain may have a DNS issue or
something and that is confusing our receiving server and causing it
to bounce the message back to them. Our server that is bouncing the
messages does not show any kind of error in the log just that the
message is received and then instantly returned.
That is very broken. A mail server that does not log what it does
with every message should be dumped.
Here is the info I got back when I asked the sending people to
forward me the bounced message with header (sent to my .mac account).
Thanks in advance,
Paul Didzerekis
Here is the header info
Bounced notification
And the original message is attached
The message looks wrong. Incomplete. Full Internet headers(not the
Microsoftian reductions) for the bounce itself would help, and it
looks like something has removed and 'simplified' the actual SMTP
response. That's a known Exchange behavior.
With that in mind, I will make a couple of notes:
-----Original Message-----
From: Mattson, Lori [mailto:[EMAIL PROTECTED]
Sent: Monday, January 08, 2007 3:26 PM
To: Stone, Renee K
Subject: FW: Returned mail: Message Undeliverable
Microsoft Mail Internet Headers Version 2.0
Received: from mail.tri-city.net ([63.95.200.12]) by
tricityregionalchamber.com with Microsoft SMTPSVC(6.0.3790.1830);
Mon, 8 Jan 2007 14:50:11 -0800
Date: Mon, 08 Jan 2007 22:50:10 GMT
From: Mail Delivery Subsystem
Subject: Returned mail: Message Undeliverable
To: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="Relay/45a2caa2-289a200-ca.bounce"
Return-Path: <>
Message-ID: <[EMAIL PROTECTED]>
X-OriginalArrivalTime: 08 Jan 2007 22:50:12.0045 (UTC)
FILETIME=[5AC6C7D0:01C73377]
--Relay/45a2caa2-289a200-ca.bounce
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
--Relay/45a2caa2-289a200-ca.bounce
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Received: from tricityregionalchamber.com
(64-13-28-32.kwk.clearwire-dns.net [64.13.28.32]) BY mail.tri-city.net
([63.95.200.12])
WITH ESMTP (4D WebSTAR V Mail (5.4.0)); Mon, 08 Jan 2007 14:50:10 -0800
A machine at IP address 64.13.28.32 claimed in it's EHLO to be named
"tricityregionalchamber.com" but in fact that name resolves to
65.61.117.202.
That is not supposed to be grounds for rejecting mail, but some
people ignore the admonition against that practice in RFC2821,
because such a verification can be useful: many spammers use fake
HELO/EHLO names.
The resolvable name for 64.13.28.32 is one that looks very generic,
as if the owner of the IP address doesn't care what its name is
except to assure that he can resolve it in his head without DNS. That
also "looks spammy" to many spam control systems.
Combine a fraudulent EHLO with a generic real name, and there are a
lot of spam filters that won't even look any further.
However, this does indicate that mail.tri-city.net (the Web* server)
accepted the message. Unfortunately, it looks like Web* is too stupid
to create SMTP transaction ID's for Received headers and log tracking
or Message-ID's for its bounces. It sure makes tracking hard...
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C73377.56B9CB10"
Subject: test 100
Date: Mon, 8 Jan 2007 14:50:05 -0800
Message-ID: <[EMAIL PROTECTED]>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: test 100
Thread-Index: Acczd1SIyFvR5YEZRjm2CQs1HSzijw==
From: "Mattson, Lori" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>
------_=_NextPart_001_01C73377.56B9CB10
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
------_=_NextPart_001_01C73377.56B9CB10
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
------_=_NextPart_001_01C73377.56B9CB10--
--Relay/45a2caa2-289a200-ca.bounce--
I'm not sure I'm getting this right. This is looking like the bounce
of a bounce???
-----Original Message-----
From: Mail Delivery Subsystem [mailto:Mail Delivery Subsystem]
Sent: Monday, January 08, 2007 2:50 PM
To: Mattson, Lori
Subject: Returned mail: Message Undeliverable
This message could not be delivered to the following recipients:
<[EMAIL PROTECTED]>: Unable to reach destination or recipient is
invalid.
That looks like the Exchange bounce re-writing stupidity. Somewhere
there once was a set of real headers for that, a domain for the
sender, and a clear specification of what was said last in the SMTP
conversation by what machine and to what machine. Without those,
diagnosis is impossible. As long as the bounces are going back in to
a default-configured Exchange, you won't get them.
Based on what you DO have, I'd suggest two possibilities:
1. The spam filtering in Web* is causing the problem. If it is an
asynchronous filtering system that accepts mail, filters it, then
bounces what it dislikes, that's a possibility.
2. SIMS might be rejecting this for some reason.
Diagnosis is made immensely more difficult by the interaction of two
junkware mail servers: WebStar and Exchange. If you canfix one or
both to provide more information, you have a far better shot of
figuring this out.
--
Bill Cole
[EMAIL PROTECTED]
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[email protected]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
