cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4215
Views
0
Helpful
7
Replies

ESA bounce - Unknown address error (450 / 4.1.8)

afesenko
Cisco Employee
Cisco Employee

Hello,

I'm having constant bounces on ESA with following log entries:

Mon Aug 10 06:38:20 2020 Info: New SMTP DCID 3186430 interface <suppressed> address <suppressed> port 25
Mon Aug 10 06:38:20 2020 Info: Delivery start DCID 3186430 MID 12410025 to RID [0]
Mon Aug 10 06:38:23 2020 Info: Delayed: DCID 3186430 MID 12410025 to RID 0 - 4.1.0 - Unknown address error ('450', ['4.1.8 <iwogpood@bhoxporg.cn>: Sender address rejected: Domain not found']) []
Mon Aug 10 06:38:28 2020 Info: DCID 3186430 close

 

Such messages are being delayed a few times and just bounced afterwards. However, in my case all these emails should be accepted and processed. I checked all mail policies and ensured that "Envelope Sender DNS Verification" is disabled. One more thing to mention - all senders have different addresses. I need just to accept such emails somehow but I can't figure out how to do that. Does someone have any ideas?

 

Thanks,

Andrii

1 Accepted Solution

Accepted Solutions

What the HAT is being triggered, go to the MAIL FLOW policy for that for that sender is triggered on, and scroll down to Sender Verification.

 

See if this is enabled. 

image.png

-Jared H.
FireJumper Elite #161

View solution in original post

7 Replies 7

jrod1999
Level 1
Level 1

Andrii,

 

That is bouncing because that domain does not exist.

 

'4.1.8 <iwogpood@bhoxporg.cn>: Sender address rejected: Domain not found']

 

https://www.whatsmydns.net/#A/bhoxporg.cn

https://talosintelligence.com/reputation_center/lookup?search=bhoxporg.cn

 

If you resolve this internally, make sure that the ESA points to the correct DNS server, and that it resolves correctly. If it does resolve internally, make sure an MX record is published. 

 

 

-Jared H.
FireJumper Elite #161

Hi Jared,

Thank you for the reply. Yes, the domain does not exist but the point is that I do need emails that come with invalid domains in "From" field. So the question is how to accept messages with unknown addresses (they are absolutely random).

 

Thanks,

Andrii

Do you know what IPs they are coming from?

Can you verify the HAT sender group its hitting, then verify the Sender group settings for this IP/hostname. 

 

In those settings if the 'Connecting host PTR record does not exist in DNS.' is checked, it might be dropping it there.

-Jared H.
FireJumper Elite #161

What the HAT is being triggered, go to the MAIL FLOW policy for that for that sender is triggered on, and scroll down to Sender Verification.

 

See if this is enabled. 

image.png

-Jared H.
FireJumper Elite #161

My quesiton was headed the same direction as Jrod1999... Create a sender group for the IPs these come from and turn off sender domain verification for that sender group. Since the domain names are random, you can't apply an exclusion list.

afesenko
Cisco Employee
Cisco Employee

Jared, Ken,

 

Thank you for replies. I've added a few sender addresses to HAT and bounce rate got decreased. Although my issue isn't 100% solved, the overall situation is acceptable.

 

Thanks,

Andrii

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: