cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13444
Views
10
Helpful
5
Replies

Rejected by Receiving Control in Mail_logs

Slim.Jimmy
Level 1
Level 1

Hi all,

One of the users where I work has been complaining about either not receiving mails or if they do turn up they arrive 12 - 36 hours later than when they were sent, these are all coming from a specific person only.

Just doing a general grep on mail_logs of the ironport C670 for messages sent by that person then on the MID shows:

To: xxx.yyy.com Rejected by Receiving Control

I was wondering if anyone has seen this message and actually knows what it is referring to, I can't seem to find much on it

Any help would be very much appreciated.

Many Thanks

5 Replies 5

Tze Tai Mak
Level 1
Level 1

Dear Damian,

The sending host (outgoing mail gateway of this external sender) probably falls into SUSPECTLIST or other sender groups of which the corresponding mail flow policy has defined 'max recipients per hour'. This sending host probably reaches the limit of maximum recipients per hour (note that we count by number of recipients, not number of messages) and IronPort starts to throttle (soft bounce) this sending host.

You can check whether the reputation of this sending host is poor from 'Message Tracking'. If you want to allow this host to send more emails to your domain, you can add this sending host IP or hostname into a new sender group and configure a new mail flow policy with higher number for "maximum recipients per hour". (Note: put this new sender group in the Host Access Table above BLACKLIST and SUSPECTLIST).

Cheers,

Tommy

Thanks for your kind response.  They are indeed in the suspect list, I noticed it when I did a grep on the ICID but I thought the log message would give an indication of that being the issue - Something like threshold exceeded.  Might have been expecting more than is realistic by the sounds of things.

The interesting thing I note from the logs is that there are a few messages in the mail_logs from that domain but not as many as I would expect for the throttling to kick in, particularly as I have max recipients per hour set to 100.

Sorry to ask a basic question I have only been using this device for a shortwhile, but is there a way of definitively seeing that the threshold is being exceeded?

Best Regards

Dear Damian,

If you use message tracking, you can find which host IP this sender is using and its reputation. You can then perform message tracking again with 'Advanced' setting based on just "sending IP address". You can see how many emails and email recipients in each email in that hour.

I believe that some of his/her emails have a lot of email recipients.

Under 'Monitor'-'Incoming Mail', you can check whether the sending domain is being throttled from "Stopped by Reputation Filtering".

If you find that adjacent IP addresses are sending a lot of emails to you as well, you can decide whether to make flow control setting change under mail flow policy. (Group by Similarity of IP Addresses).

Cheers,

Tommy

You, were of course, absolutely correct - there were alot of email recipients.

Thank you very, very much, your help has been extremely valuable.

Best Regards

This ocurrs when emails masive coming in the ESA.

 

So, one way to solve it, you have select "Bypass Receiving Control > YES" in the listener that you want.

 

 

Mail Policies > Recipient Access Table (RAT) > Listener >

Select your listener

Bypass Receiving Control > YES

 

This configuration permits masive emails and avoids the receiving control