cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
840
Views
0
Helpful
1
Replies

Rejected Connection with (Unknown) everywhere and SBRS "not enabled"

ac513
Level 1
Level 1

We are a hosted Cisco Secure Email customer, and our appliances sit in front of Exchange Online for both inbound and outbound mail. (An Exchange rule + connector sends external mail to Secure Email for outbound delivery)

Today I had a complaint of a bounce when a user sent mail to an external recipient:

Reason: [{LED=550 #5.7.1 Your access to submit messages to this e-mail system has been rejected.};{MSG=};{FQDN=ob1.hc[REDACTED_ESA_CLUSTER].iphmx.com};{IP=[REDACTED_ESA_IP]};{LRT=11/3/2022 12:51:29 PM}]. OutboundProxyTargetIP: [REDACTED_ESA_IP]. OutboundProxyTargetHostName: ob1.hc[REDACTED_ESA_CLUSTER].iphmx.com

I found the corresponding rejection in our appliance:

Screenshot 2022-11-03 143433.png

This is the first time I've seen a log like this where it's littered with (Unknown) on both the sender and recipient, SBRS "not enabled", etc. The recipient domain has a good reputation, as does our domain for the sender. Neither domain is on a blacklist. The Exchange Online IP it came from also has a good reputation with Cisco and isn't on any blacklist.

Any advice on what criteria/reason this was rejected?

 

1 Reply 1

UdupiKrishna
Cisco Employee
Cisco Employee

There were few situations when SDR was rejecting the connections and log indicated "Host access table (unknown)". In the latest versions, rejections by SDR isn't logged precisely which creates confusions. Here's a bug for reference - CSCwc69714

Since this isn't the complete message tracking, i would suggest working with TAC