Some outgoing emails getting blocked

[Fields]

Hi there,

some of our outgoing emails are getting blocked and I have no idea why. This happens only for a handful of recipient adresses. In the following example, the mail was sent via Thunderbird (SMTP port 465) and returns immediately the following error after sending (information anoymized):

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  [email protected]
    host host.remoteserver.com [1.2.3.4]
    SMTP error from remote mail server after initial connection:
    554-host.remoteserver.com
    554 #5.7.1 Delivery not authorized, message refused. - Reason:
    Bad SBRS-Score. Please contact your local administrator.


Reporting-MTA: dns; host.myserver.com

Action: failed
Final-Recipient: rfc822;[email protected]
Status: 5.0.0
Remote-MTA: dns; host.remoteserver.com
Diagnostic-Code: smtp; 554-host.remoteserver.com
 554 #5.7.1 Delivery not authorized, message refused. - Reason: Bad SBRS-Score. Please contact your local administrator.


Return-path: <[email protected]>
Received: from ip-009-008-007-006.um12.pools.vodafone-ip.de ([9.8.7.6] helo=[192.168.178.20])
    by host.myserver.com with esmtpsa  (TLS1.3) tls TLS_AES_256_GCM_SHA384
    (Exim 4.96-58-g4e9ed49f8)
    (envelope-from <[email protected]>)
    id 1pO0Ea-002IFi-0n
    for [email protected];
    Fri, 03 Feb 2023 18:52:24 +0100
Content-Type: multipart/alternative;
 boundary="------------MRVt9NrBC0IaH0UNO1UXRhcU"
Message-ID: <[email protected]>
Date: Fri, 3 Feb 2023 18:52:23 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.7.0
Subject: Example message subject
To: [email protected]
References: <OF912F5D24.41EAE3BD-ONC125894A.003883EA-C125894A.00389B83@LocalDomain>
 <OFC97A5465.04D7F2D8-ONC125894A.004AE0C4-C125894A.004B711D@internetmail.nicht.erlaubt.zz>
From: My Name <[email protected]>
In-Reply-To: <OFC97A5465.04D7F2D8-ONC125894A.004AE0C4-C125894A.004B711D@internetmail.nicht.erlaubt.zz>
X-Exim-DSN-Information: Due to administrative limits only headers are returned

As the "Reporting-MTA" is our mailserver, I believe the mail is getting blocked on our side and never even leaves our server or am I wrong? What I don't get is, nowhere in the error is our mailserver's IP, but the client's private IP.
What is causing this error and how can I fix it? No changes have been made to the exim.conf if this is related.

Would really appreciate some input! Thanks

 

[Richard G]

Seems you block the user yourself, these things say it all:

554-host.remoteserver.com
    554 #5.7.1 Delivery not authorized, message refused. - Reason:
    Bad SBRS-Score. Please contact your local administrator.

So if your server is host.remoteserver.com then it's your protection which is blocking because of a bad sender score. And/or a not allowed.
You should investigate as to why this is happening.

And then I see this:

In-Reply-To: <OFC97A5465.04D7F2D8-ONC125894A.004AE0C4-C125894A.004B711D@internetmail.nicht.erlaubt.zz>

That @internetmail.nicht.erlaubt.zz means internet mail is not allowed, so from who is that?

Looks like the same a s the 554 571 "Delivery not authorized message refused" which often means that a user has to first allow somebody to be able to send him mail, before the sender can do that. I've seen kind of such protections in Germany before.

What I don't get is, nowhere in the error is our mailserver's IP, but the client's private IP.

As far as I can see it's the vodafone ip and the clients id between the brackets (or how do you call these), which is normal at the moment that your customer sends the mail to your server, so your server can send it to the receiving party.
Your server ip is also in the host.remoteserver.com ip if all is correct.

You might want to check your servers reputation at Cisco.
Also try and use the https://www.mail-tester.com and see what result you get.

 

[Fields]

Thanks for your reply, really appreciate it!

So if your server is host.remoteserver.com then it's your protection which is blocking because of a bad sender score. And/or a not allowed.
You should investigate as to why this is happening.

And that's exactly not case: It's the IP of the server the email was tried to send to. The IP of our server is not even in the error message, and that's what I don't understand.

You might want to check your servers reputation at Cisco.

I checked our server IP at Cisco and the "Sender IP Reputation" is indeed rated as "Poor", but at the same time it is not listed in any blacklists. We got this server only 2-3 weeks ago, is it possible, that the previous owner of this IP used it to send spam? Anything we can do about this or is it only a temporary problem?

Also try and use the https://www.mail-tester.com and see what result you get.

From mail-tester.com I get 10/10.

 

[Richard G]

Anything we can do about this or is it only a temporary problem?

That depends, I had once in Germany on a new server with a previous owned ip that we had to send some information somewhere.
There is little you can do as the reputation will change as the flow of mail will pass over time. On systems with little mail it can improve to "neutral" which is already good enough.

Ofcourse to speed up things be sure that you already have SPF and DKIM records present also for all of your customer domains. That is probably already the case since you got a 10/10 result of mail-tester.

Next to that, also make sure you have a postmaster and/or abuse address present for the server. We use that on our hostname domain. I mean if our hostname is server.maindomain.com then we have both postmaster and [email protected] addresses.

It's also wise to become a member of SNDS and JMPR if you're not already (it's free), and if you are, remove old ip and add this ip.

As for German rules, maybe things to fix this or maybe encountered this, we can ask @ikkeben who knows something about German things. However, it might be he can not answer due to personal issues.
And maybe @mxroute has some idea's I might have forgotten.

As for why only user's ip is in there and not your server, I don't know, it could be they only send back part of the header.

 

[ikkeben]

Only for Telekom mail blocked spam problem but yup no time for help here sorry

 

[Fields]

There is little you can do as the reputation will change as the flow of mail will pass over time. On systems with little mail it can improve to "neutral" which is already good enough.

Yeah, I was pretty sure that this may be a temporary problem and might fix itself in the near future.

Ofcourse to speed up things be sure that you already have SPF and DKIM records present also for all of your customer domains. That is probably already the case since you got a 10/10 result of mail-tester.

Exactly, all SPF and DKIM records are perfectly fine.

Next to that, also make sure you have a postmaster and/or abuse address present for the server.

We have a postmaster, abuse and hostmaster address, so this should be good to go.

It's also wise to become a member of SNDS and JMPR if you're not already (it's free), and if you are, remove old ip and add this ip.

Thank you, I did not know that! We just signed up at SNDS and JMPR, Microsoft indeed is listing our IP as "Junked due to user complaints or other evidence of spamming". I will monitor this and check back regularly if this improves.

Only for Telekom mail blocked spam problem

We had problems a few times in the past with Telekom mail addresses, but they whitelisted our IP after a very short time when we contacted their postmaster, so no issue here.

Again, thank you for all your replies, it's highly appreciated.
Currently, I think that I just have to wait a little longer as we own our server IP only for a few weeks now.
However, if there's anyone who has further suggestions or had a similar problem, I'm looking forward for your reply!

 

[Richard G]

I will monitor this and check back regularly if this improves.

Yes please do. Good that you became a member there and listed the ip. If you keep having issues with MS, it's a requirement of them to be of good help. And then you can argue with them that you are a SNDS and JMPR member and did not receive notice of spam. And you can argue that you're a new user of hat ip. I would send in the form immediatly and not wait, since you already have the ip a few weeks.
Mostly they are of good help if you do enough to stop spam coming from your system.

As for my reply's you're welcome ofcourse, that's where this forum is for.