cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.2-020
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.1.0-239
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

2757
Views
0
Helpful
7
Replies
afesenko
Cisco Employee

ESA bounce - Unknown address error (450 / 4.1.8)

Hello,

I'm having constant bounces on ESA with following log entries:

Mon Aug 10 06:38:20 2020 Info: New SMTP DCID 3186430 interface <suppressed> address <suppressed> port 25
Mon Aug 10 06:38:20 2020 Info: Delivery start DCID 3186430 MID 12410025 to RID [0]
Mon Aug 10 06:38:23 2020 Info: Delayed: DCID 3186430 MID 12410025 to RID 0 - 4.1.0 - Unknown address error ('450', ['4.1.8 <iwogpood@bhoxporg.cn>: Sender address rejected: Domain not found']) []
Mon Aug 10 06:38:28 2020 Info: DCID 3186430 close

 

Such messages are being delayed a few times and just bounced afterwards. However, in my case all these emails should be accepted and processed. I checked all mail policies and ensured that "Envelope Sender DNS Verification" is disabled. One more thing to mention - all senders have different addresses. I need just to accept such emails somehow but I can't figure out how to do that. Does someone have any ideas?

 

Thanks,

Andrii

1 ACCEPTED SOLUTION

Accepted Solutions

What the HAT is being triggered, go to the MAIL FLOW policy for that for that sender is triggered on, and scroll down to Sender Verification.

 

See if this is enabled. 

image.png

-Jared H.
FireJumper Elite #161

View solution in original post

7 REPLIES 7
jrod1999
Beginner

Andrii,

 

That is bouncing because that domain does not exist.

 

'4.1.8 <iwogpood@bhoxporg.cn>: Sender address rejected: Domain not found']

 

https://www.whatsmydns.net/#A/bhoxporg.cn

https://talosintelligence.com/reputation_center/lookup?search=bhoxporg.cn

 

If you resolve this internally, make sure that the ESA points to the correct DNS server, and that it resolves correctly. If it does resolve internally, make sure an MX record is published. 

 

 

-Jared H.
FireJumper Elite #161

Hi Jared,

Thank you for the reply. Yes, the domain does not exist but the point is that I do need emails that come with invalid domains in "From" field. So the question is how to accept messages with unknown addresses (they are absolutely random).

 

Thanks,

Andrii

Do you know what IPs they are coming from?

Can you verify the HAT sender group its hitting, then verify the Sender group settings for this IP/hostname. 

 

In those settings if the 'Connecting host PTR record does not exist in DNS.' is checked, it might be dropping it there.

-Jared H.
FireJumper Elite #161

What the HAT is being triggered, go to the MAIL FLOW policy for that for that sender is triggered on, and scroll down to Sender Verification.

 

See if this is enabled. 

image.png

-Jared H.
FireJumper Elite #161
Ken Stieers
VIP Advocate

My quesiton was headed the same direction as Jrod1999... Create a sender group for the IPs these come from and turn off sender domain verification for that sender group. Since the domain names are random, you can't apply an exclusion list.
afesenko
Cisco Employee

Jared, Ken,

 

Thank you for replies. I've added a few sender addresses to HAT and bounce rate got decreased. Although my issue isn't 100% solved, the overall situation is acceptable.

 

Thanks,

Andrii

Create
Recognize Your Peers
Content for Community-Ad