Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3075
Views
5
Helpful
1
Replies

Cisco ESA SMTP issue

Go to solution
yevgen1991
Level 1
Level 1

‎01-06-2021 10:18 AM

Hi all,

I have smtp.example.com corporate mail. When the person from other company(person@company.com) send me the mail, i cant receive the mail and the person from other company get an error:

 

554 smtp.example.com Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.

 

I checked "company.com" via "mxtoolbox", a saw that this mail is the "google" mail service. I checked in my FireWall all IPs that "mxtoolbox" provide me, but I did not see any traffic(allow or deny).

I understand that "company.com" uses mail from "google" service, and there are many IPs, so how can I detect the problem?

My IP in not in blacklist in spamhaus and etc.

Maybe one of the "google" IPs is in blacklist in my FireWall(in fact it is a google IP, but I dont see it in mxtoolbox). But how can I detect it? I have too many IPs in my FW`s blacklist.

In addition,

I noticed that sometimes letters from the "@gmail.com" take a long time or do not reach at all. Maybe this is related?

 

Version: Cisco ESA C600V 13.0.0-392

Thanks!

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎01-06-2021 06:58 PM

This was answered in the other thread.

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/200436-Identify-and-allow-poor-SenderBase-Reput.html

 

You'll need to grep mail_logs for the time to determine what IP matched the BLACKLIST sendergroup and allow them if needed.

Current email reputation of IP's can be checked on talosintelligence.com

 

The error suggests an issue with the sender's reputation and not reputation of the receiving ESA.

 

Regards,

Libin

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎01-06-2021 06:58 PM

This was answered in the other thread.

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/200436-Identify-and-allow-poor-SenderBase-Reput.html

 

You'll need to grep mail_logs for the time to determine what IP matched the BLACKLIST sendergroup and allow them if needed.

Current email reputation of IP's can be checked on talosintelligence.com

 

The error suggests an issue with the sender's reputation and not reputation of the receiving ESA.

 

Regards,

Libin

0 Helpful
Customers Also Viewed These Support Documents