Users send surveys in the name of the company from Mailchimp and Symantec blocks them because it catalogs them as SPAM.
There is a way to configure a rule so that Symantec doesnt block these emails other than to place the domain as secure
Hi Folks
I wonder if there is any Message Labs gurus out there taht can give me some advise:
We recently moved over to 365 email system and ever since any of our previous senders on message labs are getting bounce back messages with an error
Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.
The #< #5.7.1 smtp; 550 5.7.1 <>... Relaying denied> #SMTP#
any help would be apprecated
My client cannot send email to message lab addresses. We do not send bulk mail and are not listed on any blacklist including Symantec.
Returned emails have a header like this:
Subject: dmcsmtp.dansmanagement.com Mail delivery failed : returning message to sender
This message was created automatically by the SMTP relay on dmcsmtp.dansmanagement.com.
A message that you sent could not be delivered to all of its recipients.
The following address(es) failed:
SMTP error from remote mail server after RCPT TO:@coloniallifesales.com>:
host cluster9.us.messagelabs.com [52.73.243.182]:
421 Service Temporarily Unavailable: retry timeout exceeded
------ This is a copy of the message, including all the headers. ------
Return-path: <aaraujo@dansmanagement.com>
Received: from [200.0.0.54] (port=40176 helo=dmcsmtp.dansmanagement.com)
by dmcsmtp.dansmanagement.com with esmtp (Exim 4.82_1-5b7a7c0-XX)
(envelope-from <aaraujo@dansmanagement.com>)
id 1gUZwM-00008V-2X
for <message lab client>; Wed, 05 Dec 2018 11:22:22 -0500
Received: from dmc-Mail2010.dmcdomain.local ([fe80::9c64:df94:9c18:229c]) by dmc-Mail2010.dmcdomain.local ([fe80::9c64:df94:9c18:229c%10]) with mapi id 14.03.0415.000; Wed, 5 Dec 2018 11:22:22 -0500
X-CTCH-RefID: str=0001.0A020205.5C07FB3E.00DD,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
From: Abigail Araujo <aaraujo@dansmanagement.com>
To: <message lab client>
Subject: Test
Thread-Topic: Test
Thread-Index: AdSMtqTriyykCgvwQCKUl+Jmuj+kSQ==
Date: Wed, 5 Dec 2018 16:22:21 +0000
Message-ID: <3C7074C5333CC54287CD83E334D3105709CD65C7@dmc-Mail2010.dmcdomain.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [200.0.0.152]
Content-Type: multipart/related;
boundary="_004_3C7074C5333CC54287CD83E334D3105709CD65C7dmcMail2010dmcd_";
type="multipart/alternative"
MIME-Version: 1.0
--_004_3C7074C5333CC54287CD83E334D3105709CD65C7dmcMail2010dmcd_
Content-Type: multipart/alternative;
boundary="_000_3C7074C5333CC54287CD83E334D3105709CD65C7dmcMail2010dmcd_"
--_000_3C7074C5333CC54287CD83E334D3105709CD65C7dmcMail2010dmcd_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Our email filter shows a smtp spool like this:
2018-12-09 15:01:18 cluster9.us.messagelabs.com [67.219.246.102]:25 Connection timed out 2018-12-09 15:03:25 cluster9.us.messagelabs.com [67.219.247.54]:25 Connection timed out 2018-12-09 15:05:33 cluster9.us.messagelabs.com [67.219.246.198]:25 Connection timed out 2018-12-09 15:07:40 cluster9.us.messagelabs.com [67.219.251.54]:25 Connection timed out 2018-12-09 15:09:47 cluster9.us.messagelabs.com [67.219.250.198]:25 Connection timed out 2018-12-09 15:09:47 SMTP error from remote mail server after RCPT TO:<postmaster@coloniallifesales.com>: host cluster9a.us.messagelabs.com [52.206.215.254]: 421 Service Temporarily Unavailable 2018-12-09 15:09:47 postmaster@coloniallifesales.com R=dnslookup T=remote_smtp defer (-44): SMTP error from remote mail server after RCPT TO:<postmaster@coloniallifesales.com>: host cluster9a.us.messagelabs.com [52.206.215.254]: 421 Service Temporarily Unavailable
This is my 2nd post and I have emailed the investigation email address twice. So far I have no replies
Messages sent from our domain which contain our URL, www.lakesidebank.com, are being filtered. If I turn off the URL in our signature line, the messages go through OK. This happened about 2 weeks ago as well and I sent an email to investigation@review.symantec.com and they seemed to fix it. But now it's back.
Error details:
Error Details | ||||||
|
Last week, we signed on with Symantec Email Security.cloud and I'm looking for a feature wherein, when communication between Symantec Email Security.cloud system and the customer's on-premise mail server is disrupted or broken (which would occur, for example, if customer's Internet connection goes down, or if customer's mail server is down), and thereafter, incoming emails start queuing up at Symantec Email Security.cloud system, it does the following:
- after a pre-configured/specified time lapse (say 30 minutes), Symantec Email Security.cloud system sends out alert via SMS and email (can be personal email), both of which can be specified via a config page on Symantec Email Security.cloud system portal page.
Right now, Symantec Email Security.cloud system appears to wait 'til incoming emails piling up in a customer's queue reaches certain threshold limit (which can be pre-configured, and I'm told that it should be around 10 to 15% of daily email volume), and when someone at Symantec Email Security.cloud notices the threshold limit being reached or exceeding, that person picks up the phone and calls the customer admin. So, it's a queue volume-based system, and it's clearly a manual system. A problem I see with this system is, this type of breakage in communications between a email security cloud system and customer's network or server typically occurs at late night hours (ask me how I know). And during those off-peak hours, the volume of emails is substantially lower than during peak/business hours. So, 10 to 15% is going to be reached after probably (throwing out a random number here) like 8 hours. In such case, well, that's next business day morning, and users are already at the office. So, for faster reaction, I suppose this threshold limit can be lowered to like 1 to 5%, but that probably rquires several adjustments to reach an optimum figure. So, instead of threshold limit-based trigger, if it can be setup for time-based (again, let's say 30 minutes after the customer can't be reached), it'll be a far better and more responsive alerting mechanism. We've had this with MX Logic and Proofpoint, two competitors of Symantec Email Security.cloud, and we found it tremendously useful.
Also, if and when said trigger condition occurs, instead of some live person picking up the phone to call the admin, wouldn't be easier for everyone involved if the cloud system just SMS texts the admin's mobile number? (and, perhaps double that effort by emailing said admin also, to his or her personal/secondary email address). And, only call the admin if there's no resolution even after 4 or 8 hours. Right now, I get SMS texts every evening from Symantec Email Security.cloud announcing that Email Encryption Maintenance is in progress and, later, that said maintenance has finished. I personally don't find this particular notification useful, but the point is, Symantec Email Security.cloud system already, on some levels, utilize SMS texting to notifiy/alert customer admins. So, would it be too difficult to apply this SMS alerting mechanism to the above-described connection-to-customer-system-broken type of situation??
Implementing this type of feature is obviously a matter of deploying some developers and cranking out some codes. Please get this done. Symantec Email Security.cloud is behind on its competitors on a number of features as it is.
Regards,
Randall Yoo
Hello,
We can’t send messages to recipients who use messagelabs email service,
Our email server mail.aitelecom.net is at IP address 200.9.182.24 and 200.9.182.6
Is it possible to remove this IP address from the blacklist?
Last month we had an issue with one of our accounts sending spam, but we have fixed since then.
this is a sample of rejected message:
De: Mail Delivery System <MAILER-DAEMON@messagelabs.com> Enviado el: viernes, 14 de diciembre de 2018 05:42 a.m.
Para: ocastillo@aitelecom.net
Asunto: Mail Delivery Failure
This is the mail delivery agent at Symantec Email Security.cloud.
I was unable to deliver your message to the following addresses:
we ha
Reason: 554 5.7.1 <ocastillo@aitelecom.net>: Recipient address rejected: SMTP AUTH is required, or it is a spam with forged sender domain
The message subject was: Directorio Empresarial Mexicano 2019 The message date was: Fri, 14 Dec 2018 05:41:52 -0600 The message identifier was: 0F/69-08740-217931C5 The message reference was: server-9.tower-346.messagelabs.com!1544787715!3047177!8
Please do not reply to this email as it is sent from an unattended mailbox.
Contact your email administrator if you need more information, or instructions for resolving this issue.
Regards,
Manuel Canto
Greetings All.
I need some assistance regarding my email server ip keeps getting added to the blacklist and i'm not sure why that is.
What info do i need to provide to try and get this sorted please.
Richard
We are receiving conneciton time out from one of our IP addresses 65.52.22.183
Meanwhile we have connection all over the world from this source IP. Is there any throttling limit that might be applied to this source address ?
Hello,
I have issues sending emails to several of my customers which are using messagelabs.com email edge. I'm getting 421 Timeouts when sending messages from two of my edge servers. What is the proper way to have my IP addresses removed from throttling on your end?
IPs in question are 188.114.87.134 & 91.150.167.126
Thanks!
We are experiancing timeout when we are sending emails to some of our clients.
Host cluster5.us.messagelabs.com reply is connection time out. Meanwhile we can connect to other services via 25 port , but only message labs give us this error.
Source IP address: 65.52.22.183
Trying to telnet to the device directly from our device to port 25 but we still got an error. Any ideas ?
We have a third party who is using the website www.checktls.com to verify that emails sent to our domain covermycab.com use TLS, I have setup an encryption partnership in the messagelabs portal but the website check is still failing. The primary MX record is using TLS but the secondary MX record isn't, is there anyway to correct this?
Thanks
Trying TLS on cluster9a.eu.messagelabs.com[52.59.102.191:25] (20):
| seconds | test stage and result | |
|---|---|---|
| [000.089] | Connected to server | |
| [000.180] | <-- | 220 mail555.messagelabs.com ESMTP Fri, 28 Dec 2018 11:51:32 +0000 |
| [000.180] | We are allowed to connect | |
| [000.180] | --> | EHLO www6.CheckTLS.com |
| [000.268] | <-- | 250-mail555.messagelabs.com Hello ip-100-113-13-142.eu-central-1.aws.symcld.net [100.113.13.142] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-CHUNKING 250-PRDR 250 HELP |
| [000.269] | We can use this server | |
| [000.269] | TLS is not an option on this server | |
| [000.269] | --> | MAIL FROM:<test@checktls.com> |
| [000.357] | <-- | 250 OK |
| [000.358] | Sender is OK | |
| [000.358] | --> | QUIT |
| [000.446] | <-- | 221 mail555.messagelabs.com closing connection |
Hi Guys
We have been using the Policy Based Encryption Advanced Encrypted Portal for a while now.
Just a quick question whicvh one of our compliance people brought up , is there any way to ensure that mail is readable only by the intended recipient?
For example if an encryped mail is sent to the wrong email address and the mistaken recipient already has an account for the encrypted portal , that person would be able to read the mail right?
The question they are asking is , is there a PBE Advanced way to ensure only the intended recipient can read the email.
Thanks
John
This is the mail delivery agent at Symantec Email Security.cloud.
I was unable to deliver your message to the following addresses:
**********@salesianer.com
Reason: 550 5.7.23 Please see http://www.openspf.org/Why?id=customercare.at=leas...
The message subject was: Reklamation Salesianer 917541 Pool xxxXXXTTGXJR52925 / 917552 ID 157 xxxXXXTTGXJR52926 [ ref:_00D20Cg7Q._5001Gbag1l:ref ]
The message date was: Wed, 2 Jan 2019 12:25:54 +0000 (GMT)
The message identifier was: F3/4E-21338-3DDACxxx
The message reference was: server-12.tower-306.messagelabs.com!1546431952!4056936!2
Please do not reply to this email as it is sent from an unattended mailbox.
Contact your email administrator if you need more information, or
instructions for resolving this issue.
Is anyone aware of an issue adding new O365 hostnames to inbound routes on Symantec Email Security.Cloud
When I try and add O365 hostname for email delivery, I get an error message. I'm told this is a symantec issue at present (I've not seen any other status posts).
Thanks
H
We cannot email vendors and customers using message labs. Our domain is adveng.com One vendor is ra.rockwell.com.
Generating server: Artemis.adveng.com
Receiving server: cluster6a.us.messagelabs.com (52.206.215.254)
sbkent@ra.rockwell.com
Remote Server at cluster6a.us.messagelabs.com (52.206.215.254) returned '400 4.4.7 Message delayed'
1/7/2019 10:39:15 PM - Remote Server at cluster6a.us.messagelabs.com (52.206.215.254) returned '451 4.4.0 Primary target IP address responded with: "421 4.4.1 Connection timed out." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was 52.206.215.254:25'
We are not on spam lists.
Thank you for your help on this matter.
Hi
The requirement is need to change 14 days to 30 days once the email quarantine. From where i can change this settings in email security.cloud ? As per understaing once email qurantine it will stay 14 days only in qurantine portal. Apprecaite any assistance.
Thanks
Muamamd
I have already indeed email a sample message to Symantec (investigation@review.symantec.com) for the NDR message delayed emails.
I poseted in hopes to maybe help with this issue and see if someone else has any ideas.
In the Send connector protocol logs, we see:
2019-01-09T16:42:03.318Z,Internet,08D1234567811DF6,0,,x.x.x.x:25,*,,attempting to connect
2019-01-09T16:42:03.334Z,Internet,08D6723456789DF6,1,x.x.x.x:32944,x.x.x.x:25,+,,
<,220 server-5.tower-347.messagelabs.com ESMTP,
>,EHLO Mail.xxxx.com,
<,250-server-5.tower-347.messagelabs.com,
<,250-STARTTLS,
<,250-PIPELINING,
<,250 8BITMIME,
>,STARTTLS,
<,220 ready for TLS,
*,,Sending certificate
*,"CN=mail.xxxx.com, O=""xxxx, Inc."", L=xxxx, S=xxxx, C=US",Certificate subject
*,"CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US",Certificate issuer name
*,09024235443534F8234324,Certificate serial number
*,FDA0D53434343D933F32345123456789681DAAC3,Certificate thumbprint
*,mail.xxxx.com;autodiscover.xxxx.com;owa.xxxx.com;,Certificate alternate names
*,,TLS negotiation failed with error IllegalMessage
-,,Local
Then we Also See:
2019-01-09T19:35:50.765Z,Internet,08D67123445551F4,0,,x.x.x.x:25,*,,attempting to connect
2019-01-09T19:35:50.765Z,Internet,08D67123445551F4,1,x.x.x.x:48897,x.x.x.x:25,+,,
2019-01-09T19:35:51.093Z,Internet,08D67123445551F4,2,x.x.x.x:48897,x.x.x.x:25,<,"220 mail555.messagelabs.com ESMTP Wed, 09 Jan 2019 19:35:50 +0000",
2019-01-09T19:35:51.093Z,Internet,08D67123445551F4,3,x.x.x.x:48897,x.x.x.x:25,>,EHLO mail.xxxx.com,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,4,x.x.x.x:48897,x.x.x.x:25,<,250-mail555.messagelabs.com Hello ip-100-112-14-171.us-east-1.aws.symcld.net [100.112.14.171],
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,5,x.x.x.x:48897,x.x.x.x:25,<,250-SIZE 52428800,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,6,x.x.x.x:48897,x.x.x.x:25,<,250-8BITMIME,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,7,x.x.x.x:48897,x.x.x.x:25,<,250-PIPELINING,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,8,x.x.x.x:48897,x.x.x.x:25,<,250-CHUNKING,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,9,x.x.x.x:48897,x.x.x.x:25,<,250-PRDR,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,10,x.x.x.x:48897,x.x.x.x:25,<,250 HELP,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,11,x.x.x.x:48897,x.x.x.x:25,*,,sending message with RecordId 10261234567442 and InternetMessageId <1523344547606.84370@xxxx.com>
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,12,x.x.x.x:48897,x.x.x.x:25,>,MAIL FROM:<Paul.xxxx@xxxx.com> SIZE=34071,
2019-01-09T19:35:51.140Z,Internet,08D67123445551F4,13,x.x.x.x:48897,x.x.x.x:25,>,RCPT TO:<jschxxxx@xxxx.com>,
2019-01-09T19:35:51.186Z,Internet,08D67123445551F4,14,x.x.x.x:48897,x.x.x.x:25,<,250 OK,
2019-01-09T19:35:51.186Z,Internet,08D67123445551F4,15,x.x.x.x:48897,x.x.x.x:25,<,421 Service Temporarily Unavailable,
All Message Labs Servers we see with TLS Negoiation Problems:
server-6.tower-367.messagelabs.com
server-14.tower-387.messagelabs.com
server-35.tower-384.messagelabs.com
server-9.tower-347.messagelabs.com
server-13.tower-407.messagelabs.com
server-35.tower-404.messagelabs.com
server-3.tower-327.messagelabs.com
server-35.tower-344.messagelabs.com
server-8.tower-341.messagelabs.com
server-16.tower-381.messagelabs.com
server-3.tower-361.messagelabs.com
server-4.tower-246.messagelabs.com
MessageLabs with 421 Service Temporarily Unavailable:
mail555.messagelabs.com
Dear sirs,
I am writing as an e-mail system administrator of Alizon Industrie in France.
Since last week, it seems that our IP address is blacklisted by Symantec (negative reputation) and we need a delist as soon as possible.
To send from 185.147.64.22 to domains which are securized by Symantec our addresses use these domain names:
Today, we encounter problems with schneider-electric.com (the mails are dropped in quarantine) and michelin.com (the mails seem to be sent but do not appear in mailboxes). I've already sent a mail to investigation@review.symantec.com, but in order to solve this issue as soon as possible I create this discussion.
Could you provide us more information about this issue and about your investigations? Are there any actions you require from us?
Thank you in advance.
Kind regards
Hi,
I have repeatedly contacted you through the IP removal tool available at https://ipremoval.sms.symantec.com/ipr/lookup.
My question is in regards to how long it takes for this request to be processed. Should I expect this to take more than a week?
I would very much appreciate an answer.
Thank you kindly.
Best Regards,
Johan
Hi there,
I have done all testing I can do before posting here, I believe this to be an issue outside of my control but willing to check anything as required.
The below happens when trying telnet on any of the IPs.. EXIM gets connection timed out.
$ telnet 46.226.52.198
Trying 46.226.52.198...
telnet: connect to address 46.226.52.198: Connection refused
Please advise as I need this to be resolved before I add extra clients, unfortunately I use messagelabs so its impacting me more than anything!
If it is blocked/trottled, could you advise when the last seen spammy content was?