Rejected Connection with (Unknown) everywhere and SBRS "not enabled"

ac513 · ‎11-03-2022

We are a hosted Cisco Secure Email customer, and our appliances sit in front of Exchange Online for both inbound and outbound mail. (An Exchange rule + connector sends external mail to Secure Email for outbound delivery)

Today I had a complaint of a bounce when a user sent mail to an external recipient:

Reason: [{LED=550 #5.7.1 Your access to submit messages to this e-mail system has been rejected.};{MSG=};{FQDN=ob1.hc[REDACTED_ESA_CLUSTER].iphmx.com};{IP=[REDACTED_ESA_IP]};{LRT=11/3/2022 12:51:29 PM}]. OutboundProxyTargetIP: [REDACTED_ESA_IP]. OutboundProxyTargetHostName: ob1.hc[REDACTED_ESA_CLUSTER].iphmx.com

I found the corresponding rejection in our appliance:

This is the first time I've seen a log like this where it's littered with (Unknown) on both the sender and recipient, SBRS "not enabled", etc. The recipient domain has a good reputation, as does our domain for the sender. Neither domain is on a blacklist. The Exchange Online IP it came from also has a good reputation with Cisco and isn't on any blacklist.

Any advice on what criteria/reason this was rejected?

UdupiKrishna · ‎11-03-2022

There were few situations when SDR was rejecting the connections and log indicated "Host access table (unknown)". In the latest versions, rejections by SDR isn't logged precisely which creates confusions. Here's a bug for reference - CSCwc69714

Since this isn't the complete message tracking, i would suggest working with TAC