cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
54443
Views
0
Helpful
11
Replies
Highlighted
Beginner

MTA's poor reputation

In recent years, cases of receiving the report of non-delivery of letters.

Basically that's the error:

554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.

Our mail server is not involved in blacklists.

Can you tell me what should i do in this situation?

What settings in C360 can I check and configure?

Thanks in advance.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Cisco Employee

Hello DISmekalin,

Hello DISmekalin,

Generally it would be due to some reports of spam coming from your IP by other users so it gets caught by the senderbase sensors.

You can track your IP or domain for mail server reputation in senderbase.org

Essentially if good mail traffic exits from the servers, the reputation score could recover.

Else if you need to establish what may be the issue to begin to correct it, you can reach out to the senderbase team directly in senderbase.org or open a TAC case to reach out to the senderbase team for information for you.

A checklist would be to just audit your mail servers, make sure you can track the type of mails leaving exchange side see if there is any suspicious behaviour and stop it at the source.

Else ensure on your ESA antispam and antivirus scanning is enabled on outgoing mail as well to further protect your mailing environment.

Regards,

Matthew

View solution in original post

Highlighted
Cisco Employee

Hello DISmekalin,

Hello DISmekalin,

Ah! So you have set your ESA to an open relay for the moment, this would really attribute into your reputation score getting lowered as being an open relay, spammers will exploit this.

Please change this RAT Default action to - Reject.

RAT Should only allow your internally hosted domains as accept.

If you need to create a setup for an external server to send emails outbound to other addresses that isn't your own.


If you are using 1 listener (which is what i'm suspecting).

Please go to GUI > Mail Policies > Mail Flow Policies


If you do not have a policy called "RELAYED" Please go ahead to create one.

Click Add Policy

Name: RELAYED

Connection Behavior : Choose "Relay"

Leave the rest as it is (default)

Scroll right down to the bottom and Submit.

After this is done.

Go to GUI > Mail Policies > HAT Overview 

If you do not have a RELAYLIST then please click on.

"Add new Sendergroup"

Here you will have an option to input a name

Name it: RELAYLIST

Order: 1

Comment : Leave it blank

Policy : Select RELAYED from your drop down menu

Leave everything else blank and click Submit and Add Sender.

Now add the Mail server IP or hostname to allow this server to relay through your ESA without a RAT check.

Once this is done, submit and commit changes and test.

(If you are confused on where to get the mail-server hostname/IP, you can obtain this with message tracking GUI > Monitor > Message Tracking and find an email sent by this sender before.

Click on Show Details and look under Sending Host Summary, this is what you add to the RELAYLIST sendergroup)

I hope this helps, please let me know.

Regards,

Matthew

View solution in original post

11 REPLIES 11
Highlighted
Cisco Employee

Hello DISmekalin,

Hello DISmekalin,

Generally it would be due to some reports of spam coming from your IP by other users so it gets caught by the senderbase sensors.

You can track your IP or domain for mail server reputation in senderbase.org

Essentially if good mail traffic exits from the servers, the reputation score could recover.

Else if you need to establish what may be the issue to begin to correct it, you can reach out to the senderbase team directly in senderbase.org or open a TAC case to reach out to the senderbase team for information for you.

A checklist would be to just audit your mail servers, make sure you can track the type of mails leaving exchange side see if there is any suspicious behaviour and stop it at the source.

Else ensure on your ESA antispam and antivirus scanning is enabled on outgoing mail as well to further protect your mailing environment.

Regards,

Matthew

View solution in original post

Highlighted
Beginner

Thank you for answer.

Thank you for answer.

Tell me, please, is it possible to create a separate policy without the use of RAT (Recipient Access Table) ?

We have an external server that needs to send emails to different addresses, but they are rejected by RAT every time, until you have added the address in RAT with default action - allow.

Highlighted
Cisco Employee

Hello DISmekalin,

Hello DISmekalin,

Ah! So you have set your ESA to an open relay for the moment, this would really attribute into your reputation score getting lowered as being an open relay, spammers will exploit this.

Please change this RAT Default action to - Reject.

RAT Should only allow your internally hosted domains as accept.

If you need to create a setup for an external server to send emails outbound to other addresses that isn't your own.


If you are using 1 listener (which is what i'm suspecting).

Please go to GUI > Mail Policies > Mail Flow Policies


If you do not have a policy called "RELAYED" Please go ahead to create one.

Click Add Policy

Name: RELAYED

Connection Behavior : Choose "Relay"

Leave the rest as it is (default)

Scroll right down to the bottom and Submit.

After this is done.

Go to GUI > Mail Policies > HAT Overview 

If you do not have a RELAYLIST then please click on.

"Add new Sendergroup"

Here you will have an option to input a name

Name it: RELAYLIST

Order: 1

Comment : Leave it blank

Policy : Select RELAYED from your drop down menu

Leave everything else blank and click Submit and Add Sender.

Now add the Mail server IP or hostname to allow this server to relay through your ESA without a RAT check.

Once this is done, submit and commit changes and test.

(If you are confused on where to get the mail-server hostname/IP, you can obtain this with message tracking GUI > Monitor > Message Tracking and find an email sent by this sender before.

Click on Show Details and look under Sending Host Summary, this is what you add to the RELAYLIST sendergroup)

I hope this helps, please let me know.

Regards,

Matthew

View solution in original post

Highlighted
Beginner

Thank you.

Thank you.

The problem is solved. But for some reason the emails come twice. The first session aborts, second session takes place.

08 Jun 2016 12:42:59 (GMT +03:00) Protocol SMTP interface Data 1 (IP x.x.x.x) on incoming connection (ICID 1104099503) from sender IP y.y.y.y. Reverse DNS host None verified no.
08 Jun 2016 12:42:59 (GMT +03:00) (ICID 1104099503) RELAY sender group RELAYLIST match y.y.y.y SBRS -1.9
08 Jun 2016 12:43:00 (GMT +03:00) (ICID 1104099503) Sender <sender@domain.zone>allowed. Envelope sender matched domain exception
08 Jun 2016 12:43:00 (GMT +03:00) Start message 47181187 on incoming connection (ICID 1104099503).
08 Jun 2016 12:43:00 (GMT +03:00) Message 47181187 enqueued on incoming connection (ICID 1104099503) from sender@domain.zone.
08 Jun 2016 12:43:00 (GMT +03:00) Message 47181187 on incoming connection (ICID 1104099503) added recipient (recipient@domain.zone).
08 Jun 2016 12:43:00 (GMT +03:00) Message 47181187 aborted: Receiving aborted by sender
08 Jun 2016 12:43:00 (GMT +03:00) (ICID 1104099503) Sender <sender@domain.zone>allowed. Envelope sender matched domain exception
Highlighted
Cisco Employee

Hey DISmekalin,

Hey DISmekalin,

Receiving aborted is normally due to the sending side closing the connection prematurely for whatever reason.

For what I can see you've also deployed domain exception list envelope sender verification on this RELAY mail flow.

You can disable this at the bottom in GUI > Mail Policies > Mail Flow Policies > Click into RELAY

And see if that helps.


Regards,

Matthew

Highlighted
Beginner

I disabled exception list

I disabled exception list envelope sender verification on this RELAY mail flow.

But emails still come twice :)

Highlighted
Beginner

Re: Hello DISmekalin,

Hello,

 

We have the same problem - 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means. The IP address is 68.233.33.90, please assist.

Highlighted
Beginner

Re: Hello DISmekalin,

You should be able to go to https://talosintelligence.com/ and request that the IP address be "unblocked".  Reputation at the top, then "Reputation support"

Highlighted
Beginner

Re: Hello DISmekalin,

Hello,

I have made some requests from there, but no luck.

 

Thanks,

HostColor LLC

 
Highlighted
Cisco Employee

Re: Hello DISmekalin,

Hello,

 

The reputation score from Talos is dynamic and will automatically recover assuming you've put a stop to the bad sender(s). If you're trying to expedite the request you can open a case with Cisco TAC, otherwise you'll need to wait and monitor the Talos submission and/or be patient for the score to improve.

 

Thanks!

-Dennis M.

Highlighted

Re: MTA's poor reputation

I have the same problem.

 

Informações de diagnóstico para administradores:
Servidor de origem: exchg.hcb.org.br
Servidor de recebimento: srvmail13.embratel.com.br (200.255.122.144)
ROSE.SILVA@embratel.com.br

Server at srvmail13.embratel.com.br (200.255.122.144) returned '400 4.4.7 Message delayed'
6/19/2020 5:16:06 AM - Server at srvmail13.embratel.com.br (200.255.122.144) returned '451 4.4.395 Target host responded with error. -> 554 srvmail13.embratel.com.br;Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.'

Cabeçalhos de mensagem originais:
Received: from exchg-0.hcb.org.br (187.108.194.119) by exchg.hcb.org.br
(187.108.194.188) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1591.10; Thu, 18 Jun
2020 22:20:42 -0300

Received: from exchg-1.hcb.org.br (187.108.194.64) by exchg-0.hcb.org.br
(187.108.194.119) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1591.10; Thu, 18 Jun
2020 22:20:42 -0300
Received: from exchg-1.hcb.org.br ([::1]) by exchg-1.hcb.org.br
([fe80::985:bbd9:c18b:fefe%6]) with mapi id 15.01.1591.008; Thu, 18 Jun 2020
22:20:42 -0300

From: User Teste <user.teste@hcb.org.br>
To: "ROSE.SILVA@embratel.com.br" <ROSE.SILVA@embratel.com.br>
CC: Atendimento Mra <atendimento.mra@eveo.com.br>
Subject: Teste de Envio HCB - Suporte EVEO
Thread-Topic: Teste de Envio HCB - Suporte EVEO
Thread-Index: AQHWRdej5Q26gh+O00mkvDiimLJXnw==
Date: Fri, 19 Jun 2020 01:20:42 +0000
Message-ID: <48ef43bcc9bb452c927fc2dbc25c72b0@hcb.org.br>
Accept-Language: pt-BR, en-US
Content-Language: pt-BR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [187.108.192.26]
Content-Type: multipart/alternative;
boundary="_000_48ef43bcc9bb452c927fc2dbc25c72b0hcborgbr_"
MIME-Version: 1.0
Return-Path: user.teste@hcb.org.br