Troubleshoot rejected emails

Forums › IT Pro and developers › Troubleshoot rejected emails

martyyn

1971 posts

Uber Geek

ID Verified

Subscriber

#171730 29-Apr-2015 12:19

I have a couple of sites for local small businesses hosted with JoneSolutions in the US and they all use the JS IMAP email. Everything in the most part has been great but over the last couple of weeks issues have been coming up with email for a couple of the sites.

One is receiving masses of spam, which I've put down to the dozens of websites and newsletters they have registered for. We can handle that with Outlook rules. They also had issues with root certificates which I deleted in Outlook and reinstalled to fix the problem.

One uses Windows Live Mail and this week has had issues with security certificates not being verified when opening WLM. Today they have an error saying it cant get a secure connection to the IMAP server. After clicking 'ok' everything works fine though. The root certificate issue should be fixed the same as above.

But another has started seeing recipients email servers rejecting their email. On the latest occasion the header states 'Recipient address rejected: ERS-RBL.' The header seems to state the IP being rejected is a 'blah.cable.telstraclear.co.nz' IP.

Googling 'ERS-RBL' takes me to a TrendMicro site and on entering the telstraclear IP it tells me it's 'bad' and on a blacklist. Checking both the JS and Telstraclear IP's on MXToolbox shows JS being all ok but TC has an issue. Entering the email header into MXToolbox's email header analyzer also states the telstraclear IP is on a blacklist.

So can I assume from this they are using a telstraclear SMTP server for outgoing mail ? Or is it not that simple ?

None of the other accounts have ever had any problems.

Is there anything in particular I can do to troubleshoot the returned email to find out why it's being rejected ?

Thanks

1 | 2

3122 posts

Uber Geek

#1293513 29-Apr-2015 13:04

You need to find out how they send email : ie what ISP/mail host service.
Can they not send via JoneSolutions ? since they arnt blocked (from your testing)
is it definitely Trend Spam thats rejecting emails, if so the bounceback will mention trend spam

You will need to get TC(or whoever they send through) to sort this out. They will need to apply to trend(and or any other blacklisters) to get the blacklisting/blocking removed.

There also may be an issue with PTR/reverse lookups ?

martyyn

1971 posts

Uber Geek

ID Verified

Subscriber

#1293554 29-Apr-2015 13:47

Thanks 1101, this is the error....

host in-mig03.hes.trendmicro.com [54.219.191.100]
SMTP error from remote mail server after RCPT
TO:<blah@blah.co.nz>:
550 5.7.1 <blah@blah.co.nz>: Recipient address rejected:
ERS-RBL.

They have been having problems on and off with TC/VF for a few months. Poor speeds, dropped connections, etc. I assume it's all related.

richms

28168 posts

Uber Geek

Trusted

Lifetime subscriber

#1293557 29-Apr-2015 13:51

If they are sending thru a SMTP server that they pay for and authenticate to then there should be no RBL blocking happening on that connection.

If they are directly sending from their TCL connection then its probably everything working as intended.

Richard rich.ms

martyyn

1971 posts

Uber Geek

ID Verified

Subscriber

#1293571 29-Apr-2015 13:58

richms: If they are sending thru a SMTP server that they pay for and authenticate to then there should be no RBL blocking happening on that connection.

If they are directly sending from their TCL connection then its probably everything working as intended.

Great, that confirms what I was thinking.

I'm just trying to verify they have set up the email account correctly, in particular they should be using the JS SMTP server and not a TCL one.

mattwnz

20141 posts

Uber Geek

#1293575 29-Apr-2015 14:00

Sounds like telstras IP is blacklisted for spamming in the RBL. Telstra will need to get the blacklisting removed and find the source of the spamming. It is probably a customers free email address on a hijacked email account. Very difficult for Telstra to manage these.
But why are they sending through the ISPs SMTP server? You could set it up to use Googles SMTP server, as googles IPs are rarely blacklisted, as it would be a pretty silly company to start blocking googles IPs. Although some NZ providers have done.

richms

28168 posts

Uber Geek

Trusted

Lifetime subscriber

#1293576 29-Apr-2015 14:02

mattwnz: Sounds like telstras IP is blacklisted for spamming. Telstra will need to get it removed. But why are they sending through the ISPs SMTP server? You could set it up to use Googles SMTP server, as googles IPs are rarely blacklisted, as it would be a pretty silly company to start blocking googles IPs. Although some NZ providers have done.

No, they should send thru the SMTP server of the provider they are paying for email service. Using googles one means that you get all that "on behalf of" header stuff going on revealing the google account that authenticated etc.

Richard rich.ms

mattwnz

20141 posts

Uber Geek

#1293577 29-Apr-2015 14:03

martyyn:
richms: If they are sending thru a SMTP server that they pay for and authenticate to then there should be no RBL blocking happening on that connection.

If they are directly sending from their TCL connection then its probably everything working as intended.

Great, that confirms what I was thinking.

I'm just trying to verify they have set up the email account correctly, in particular they should be using the JS SMTP server and not a TCL one.

Shared hosting SMTP servers can suffer from the same problem with RBLS and blacklisting as as you can have hundred of accounts sharing the same IPs. They are possibly best to get a dedicated IP for the email.

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

martyyn

1971 posts

Uber Geek

ID Verified

Subscriber

#1293580 29-Apr-2015 14:05

mattwnz: .... But why are they sending through the ISPs SMTP server? ....

I don't know the answer to that one. They wanted to set it up themselves initially and I assume they have either not followed my instructions or have been advised to change it somewhere along the line.

mattwnz

20141 posts

Uber Geek

#1293583 29-Apr-2015 14:07

martyyn:
mattwnz: .... But why are they sending through the ISPs SMTP server? ....

I don't know the answer to that one. They wanted to set it up themselves initially and I assume they have either not followed my instructions or have been advised to change it somewhere along the line.

They could set it up to send from multiple SMTP providers, so if they have a problem with one, they can send through another.

mattwnz

20141 posts

Uber Geek

#1293585 29-Apr-2015 14:10

richms:
mattwnz: Sounds like telstras IP is blacklisted for spamming. Telstra will need to get it removed. But why are they sending through the ISPs SMTP server? You could set it up to use Googles SMTP server, as googles IPs are rarely blacklisted, as it would be a pretty silly company to start blocking googles IPs. Although some NZ providers have done.

No, they should send thru the SMTP server of the provider they are paying for email service. Using googles one means that you get all that "on behalf of" header stuff going on revealing the google account that authenticated etc.

The problem with shared hosting is that they are likely to encounter the same RBL blocking problem as ISP email, as shared hosting also shares the IPs across multiple accounts. Not unless they get a dedicated IP. The problem is more about the amount of abuse the email server may get. With shared hosting you just need a hacked Wordpress website on the server that is sending out spam, and it could cause the blacklisting of the IP. From my experience most shared email providers will get blocked at some time or other on RBLs, even Google.

richms

28168 posts

Uber Geek

Trusted

Lifetime subscriber

#1293596 29-Apr-2015 14:25

mattwnz:
The problem with shared hosting is that they are likely to encounter the same RBL blocking problem as ISP email, as shared hosting also shares the IPs across multiple accounts. Not unless they get a dedicated IP. The problem is more about the amount of abuse the email server may get. With shared hosting you just need a hacked Wordpress website on the server that is sending out spam, and it could cause the blacklisting of the IP. From my experience most shared email providers will get blocked at some time or other on RBLs, even Google.

Then they should pay for proper email hosting and not use a shared server with websites etc. Move it to google, office365 etc.

Places that wont pay for proper email infrastructure an services are just being stupid. It would be like expecting all the staff to share a pre-paid cellphone or similar, mind you I know of places that pay for 8 basic rate ISDN lines for their PABX but wont get proper email hosting so it does happen quite often. Just people making decisions that dont understand the results of them.

Richard rich.ms

mattwnz

20141 posts

Uber Geek

#1293607 29-Apr-2015 14:41

richms:
mattwnz:
The problem with shared hosting is that they are likely to encounter the same RBL blocking problem as ISP email, as shared hosting also shares the IPs across multiple accounts. Not unless they get a dedicated IP. The problem is more about the amount of abuse the email server may get. With shared hosting you just need a hacked Wordpress website on the server that is sending out spam, and it could cause the blacklisting of the IP. From my experience most shared email providers will get blocked at some time or other on RBLs, even Google.

Then they should pay for proper email hosting and not use a shared server with websites etc. Move it to google, office365 etc.

Places that wont pay for proper email infrastructure an services are just being stupid. It would be like expecting all the staff to share a pre-paid cellphone or similar, mind you I know of places that pay for 8 basic rate ISDN lines for their PABX but wont get proper email hosting so it does happen quite often. Just people making decisions that dont understand the results of them.

I agree. Although getting a dedicated IP maybe the cheaper option if more than a couple of email accounts, then using 360 our googles service.

johnr

19282 posts

Uber Geek
Inactive user

#1293635 29-Apr-2015 15:01

martyyn: They have been having problems on and off with TC/VF for a few months. Poor speeds, dropped connections, etc. I assume it's all related.

If they are having issues with internet dropping then tell us about what type of connection have they got? If xDSL have they had the house wiring checked out or a master filter installed and removed the line filters?

John

martyyn

1971 posts

Uber Geek

ID Verified

Subscriber

#1293683 29-Apr-2015 16:06

Ok, thanks everyone for your help.

I'm going around there tomorrow to see for myself. They swear they are using the correct servers but are now telling me 80% of their email is ending up in the recipients spam folders. How they can identify an exact figure I don't know, but there you go. I'm assuming if they are using an blacklisted IP that could explain why the emails are arriving as spam ?

I'll see what I can find out about their recent issues too John.

richms

28168 posts

Uber Geek

Trusted

Lifetime subscriber

#1293688 29-Apr-2015 16:08

Possibly that.

I have seen "IT Professionals" set client PCs up with direct to ISP SMTP for sending and getting from a webhosts imap in the past and they were swearing that it was the way that it should be done because the ISP is responsible for sending email. That would mean the customers would say it is set up correctly because their "IT professional" has said so.

Richard rich.ms

1 | 2