Unexplained bounce backs from Ironport

We have a C10 device and last week we receved instanct bounce backs from the Ironport when trying to send to several different external email addresses at different domains.
The bounce backs were being generated by our internal Ironport itself instead of the destination email server so it is as if the email never left our company.
After serval days and no configuration changes on the Ironport I sent several test emails to these external domains. They are being recevied okay without any problems. Can any one explain what is going on here and how the problem recitifed itself?
Thanks for your help!

What may be happening:
It could be that your mailserver(e.g. Exchange) handed the mail off to the Ironport appliance, who took responsibility for the message. Then, after any last outbound scanning and appending disclaimers, the Ironport appliance did a MX lookup to deliver the message and then upon trying to deliver the message to the appropriate destination, the Ironport MTA received a SMTP 5## error code.
Upon receiving the SMTP 5## error code, the Ironport appliance will consider this undeliverable to the destination and then turnaround and bounce it back to the original sender, which may be what you're observing.
Where to go from here:
It would be useful if you still have those bounce messages that were generated by the Ironport appliance. You can look up the original sender and intended recipient or subject line through the mail logs and find the corresponding timeframe when the Ironport MTA tried to establish a connection to the destination host. This will show up as an ICID event where the Ironport tried to connect to the destination host. I'm surprised that the bounce message didn't provide some info on the cause of the bounce.
References:
1. findevent is a good tool on the command line that you can use to search for messages.
How can I determine the disposition of a message using the mail logs?
http://tinyurl.com/jb7z4

Similar Messages

  • Mails getting bounce back from only one account,why?

    Hi Every one,
    I have a strange problem, I'm using postfix mail server and LDAP directory service.
    From last few day I'm facing strange problem. Like I have 15 user account configured for accessing emails.
    In that, only one user gets bounce back messages. I found the issue but not sure how to fix it.
    Issue:
    If I stop the (LDAP) directory and mail service and restart my Leopard server and services. I can send emails through. But after few days or a week later i have to face the same issue.
    Help Please
    Thanks,
    Gulab Pasha

    If you right-click on an accont's inbox and select "Synchronize {name}", that should perform the "get new mail" function as part of the general synchronization.

  • Exchange 2010 - Bounce backs from unknown accounts

    Hi There,
    I am running exchange 2010 and i had a " Catch all " mailbox setup so any email sent to *@domain.com would get caught in this mailbox using a policy even if the account did not exist. I went to remove the " catch all " mailbox
    as it was no longer needed but if someone external was to email " [email protected] " or spelt a users name wrong the external user will not receive a bounce back telling them that the address is invalid.
    Any ideas?
    Regards,
    Jack 

    Check out the Set-RemoteDomain -NDREnabled parameter.
    http://technet.microsoft.com/en-us/library/aa997857(v=exchg.141).aspx
    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

  • Can't access yahoo account. continues to bounce back from mail box asking password?

    I can not access my Yahoo account.  When I log in and go to mail box I get bounced back to "Verify Password".  Need held.

    A number of posters are reporting this problem. It could be a problem with the Yahoo server. If deleting and setting up thevaccount again is not the solution then give it a few hours.

  • Email bounced back from valid addresses

    Hello,
    When I send email using Mail, people with certain email addresses (i.e. "pacbell" or "hotmail") don't receive them. Even though they are valid addresses, they are bounced back to me. I have a ".mac" address; when I send mail to these people through .mac's webmail, the mail goes through fine. Any ideas why?
    Thanks!
    -Vincas

    hi allan,
    this is what i get:
    "A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:"
    (even though the address is valid; this happens with newly composed and replied emails)
    when i send through webmail, they go through fine.
    thanks for any advice!
    -vincas

  • My phone keeps buzzing, it keeps bouncing back from silent mode to ringer mode. It doesn't seem to be a switch issue. Help me! It's extremely annoying!

    When the ringer switch is set to loud, it constantly bounces back and forth between on and off, buzzing and showing me the ringer on, ringer off symbol. Help'

    i have a very similar problem, but my iPod nano is the same way. I've tried restoring and synching but nothing. May I asked what measure and methods you took? thanks in advance!!

  • HT4899 I  have received over a hundred emails today as bounce backs from emails I didn't send to email addresses unknown to me.  Obvious spam type content.  Anyone else have issues on a .ME account?

    I am receiving multiple "undeliverable" emails as response to emails I did not send.  I am getting deluged on my .ME account.  Anyone?

    When people receive emails which appear to come from their own address but they haven't sent they naturally tend to be concerned: however it's most unlikely that anyone has hacked their account, they've just been targeted by one of two common spammers' techniques: both arise because it's all too easy to forge the 'from' address on messages to be something other than the real one.
    There are two things that can happen. One is that the sender has forged the 'from' address to be the same as the 'to' address (so other people will see it coming from themselves, not you), presumably in the hope of confusing spam filters. It's harmless, if extremely annoying. Delete it (never ever answer spam or try to unsubscribe from it), and you don't need to be worried about it.
    The other problem, which appears to be what is affecting you, is that a spammer is forging your address as the 'from' address on a whole batch of messages. The first thing you hear about this is when you start getting bounce messages because the spam has been sent to non-existent addresses and is being bounced to you. There's no point at all in responding to it. It's infuriating but normally stops after a bit as they move on to another forged address.
    There isn't really anything you can do about it: closing the account isn't really worth the hassle unless you are totally swamped, because you will have to tell everyone your new address. Apple can't really do any more than they already are about spam.

  • Weird Bounce-back of an email address that is not even in my contacts!

    Hey folks,
    Recently I have been getting a bounced back email from an address that is not even in my contacts (I use outlook). It's only when I send an email to a particular person. She gets the email, but I get this bounce back from a SIMILAR email. It is annoying, and confounding.
    I have scanned my laptop regularly with updated McAfee and Spybot, and have found nothing. I am using Vista Home and it is all updated as well.
    Thanks!
    Jim

    If the message is being received and you are only sending to a single address on the sending line, then I would say the error is likely on the receiver's end (maybe they have a forward setup to the bogus address?).  If you could include the full headers (email addresses redacted) of the message which is bouncing back, maybe someone here can spot something and suggest something further.

  • AOL mail bounce back

    I am getting bounce backs from any mail sent to an AOL account. The mail will go through if I log onto my mailbox at my ISP provider (Optimum Online). The bounce back has this message:
    Reason: SMTP transmission failure has occurred
    Diagnostic code: smtp;554-: (ISP:B2) http://postmaster.info.aol.com/errors/554ispb2.html TRANSACTION FAILED
    Remote system: dns;mailin-01.mx.aol.com (TCP|167.206.4.199|54475|205.188.156.185|25) (rly-ya06.mx.aol.com ESMTP mailrelayin-ya6.5; Thu, 31 May 2007 10:17:46 -0400)
    If I go to the aol link in the message I get this explanation;
    554 ISP:B2
    http://postmaster.info.aol.com/errors/554ispb2.html
    EXPLANATION:
    Your IP address has generated a high volume of mail to AOL which exceeded our rate limit or has generated AOL member complaints. Possible causes include a compromised or virus-infected personal computer or a non-disclosed server relaying mail within the ISP's network. Note, this block is automatically removed within 24 hours.
    SOLUTION:
    The IP address in question is not the connecting MTA, but is commonly the originating IP. If your originating IP is static and has valid and meaningful reverse DNS, then please contact us with that IP. If you are not sure what your originating IP address is or if you are unsure as to whether your originating IP is dynamic or static, please contact your ISP for further information regarding your type of service.
    If you are sending large volumes of mail from a dynamic IP address, please contact your ISP and inquire about purchasing a static IP or business class IP address. Furthermore you can attempt to reduce the amount of email recipients sent during one session. If you are sending to a mailing list you should verify that the recipients on your list are still interested in receiving your email.
    If you did not send an extraordinary amount of email, we recommend scanning your computer or network for viruses and malicious applications.
    If you are an ISP receiving this error from an excessive number of your customers you may have an undisclosed proxy or relay on your network. Please contact us to resolve this issue.
    I am not sending high volumes of mail to AOL unless one or two emails a day is large. This is a recent problem. Has anyone experienced this or does someone have a solution? My ISP says there is nothing they can do on their end and AOL won't talk to you unless you have a paid account.
    Dan

    AOL's explanation per the link provided covers your options.
    * You contacted your ISP which indicated there is nothing they can do or there is nothing they are willing to do in your behalf.
    * You are not sending high volumes of mail to AOL.
    * You can scan your Mac for viruses and malware which can't hurt but will be a waste of time in this situation.
    This leaves contacting AOL. Other than that, wait until the 24 hour block period has expired.

  • Spoofer email Bounce backs create invalid account on server

    Every now and then one of those bottom feeding spoofers starts spoofing our domain name with a random account name to send out scads of spam - and of course the inevitable slew of bounce backs from the unfortunate "spamees" then flood our server. Fortunately I do use the excellent Frontline spam defense which helps tremendously.
    What I am finding really odd is that these spoofers sometimes use a username of the variety "<[email protected]>" and for whatever reason this actually creates(?!) an account name in our email directory on the server?! (Acl privileges are l,r,s (any))
    I have analyzed the traffic and there is absolutely no outbound mail going from our server with this username from our server (i.e. our server has definitely not been cracked)- I further verify this by checking the IP address of initial sender from some of the bouncebacks which have ALL info of the email transaction and it is definitely the work of a spoofer.
    The "account" is relatively easy to delete with Siradmin - create an acl for the administrator with all privileges and then delete the account. There is nothing in it.
    However I am just wondering if A) This odd "feature" (read bug!) is something that is known, and B) How can I possibly stop this strange behavior from happening again.
    Any help or advise would be most appreciated.
    Regards,
    Rohin
    p.s. a bit of my log is listed below FYI
    Mar 15 14:03:14 dns postfix/smtp[4976]: E7D2423F87E: to=<[email protected]>, relay=127.0.0.1[127.0.0.1], delay=15, status=sent (250 2.6.0 Ok, id=02844-07, from MTA: 250 Ok: queued as AA9E423F8AA)
    Mar 15 14:03:14 dns postfix/pipe[4985]: AA9E423F8AA: to=<[email protected]>, relay=cyrus, delay=1, status=bounced (data format error. Command output: jirfinesseembroideriesxyf: Mailbox does not exist )
    Mar 15 15:08:06 dns postfix/pipe[5331]: 5225323DC99: to=<[email protected]>, relay=cyrus, delay=35729, status=deferred (temporary failure)
    Mar 15 16:14:46 dns postfix/pipe[5681]: 5225323DC99: to=<[email protected]>, relay=cyrus, delay=39729, status=deferred (temporary failure)

    Could verify this.
    Mails to non existent shared folders create this shared folders like you mentioned above:
    (imapd.conf: "postuser: test")
    Apr 20 16:43:44 mc postfix/pipe[44755]: AFE26165AB4: to=<[email protected]>, relay=cyrus, delay=0.07, delays=0/0.01/0/0.06, dsn=5.6.0, status=bounced (data format error. Command output: test+xxx.test2: Permission denied )
    this creates the shared folder "Shared Folders/xxx.test2"
    If the part in front of the + is not defined in imapd.conf and no user with this name is present it gets rejected:
    Apr 20 16:47:19 mc postfix/pipe[44878]: 9F148165AEB: to=<[email protected]>, relay=cyrus, delay=0.08, delays=0/0.01/0/0.06, dsn=5.6.0, status=bounced (data format error. Command output: test2+xxx.test2: Mailbox does not exist )

  • Bounced back emails I have never sent!

    I am receiving at least 50 emails everyday from: 
    Mail Delivery System <[email protected]>
    Mail delivery failed: returning message to sender
    However, I NEVER sent eamils to the email addresses that they are bounce back from!!!  What can I do to stop this?

    Jo-Jo ,
    This sounds like your email account has been compromised, someone has used it to send spam emails out, and you are receiving those back.
    ASAP change you password for the email account to something different, difficult to guess. Change the Secret Questions and Answers for your account security profile. Run virus/spyware/malware scan on your machines.
    Once this is done and your email account is secure, you will probably still continue to receive those delivery failed messages for few days until its all filtered out from the spam messages that were sent from your account.
    Hope this helps, if you have any other Questions or Concerns, please let us know.
    ~STA

  • Email to TMO BIS user bouncing back after a few weeks

    I'm working with a colleague whose messages to a coworker are bouncing back from her @tmo.blackberry.net address a few weeks after the original message was sent.  The error messages are very generic of the form :
    Subject: Delivery Status Notification(Failure)
    From:  [email protected]
    Date:  Thu, 5 Nov 2009 12:41:43 GMT
    To:  *sender*@georgetown.edu
    Your message:
    To: *recipient*@tmo.blackberry.net
    Subject: TMD departing RESIDENCE
    Sent Date: 26:16 +0000
    has not been delivered to the recipient's BlackBerry Handheld.
    Final-Recipient: RFC822;*recipient*@tmo.blackberry.net
    Action: Failed
    Status: 5.0.0
    Any idea what could be causing this?  It isn't consistent; the recipient receives a lot of other email at her @tmo.blackberry.net address.  The sender is sending from a different BlackBerry on a BES server, but this was also happening when he was also using a TMO BIS account.

    Quite honestly I would tell the recipient to get a free Gmail account and quit using the tmo.blackberry.net account.
    Several reasons, the tmo.blackberry.net account has not spam filters or controls, and it has no webmail viewing (if the device is lost, all the emails are lost).
    But to answer your question, no idea. It could be an odd glitch or burp in the system from a recent BIS server downtime. It could have been delivered anyway.
    Good luck.
    1. If any post helps you please click the below the post(s) that helped you.
    2. Please resolve your thread by marking the post "Solution?" which solved it for you!
    3. Install free BlackBerry Protect today for backups of contacts and data.
    4. Guide to Unlocking your BlackBerry & Unlock Codes
    Join our BBM Channels (Beta)
    BlackBerry Support Forums Channel
    PIN: C0001B7B4   Display/Scan Bar Code
    Knowledge Base Updates
    PIN: C0005A9AA   Display/Scan Bar Code

  • Can't copy files from desktop to external hardrive, it just bounces back?

    Hello!
    I can't just drop and drag any files from my macbook pro desktop into my hard drive icon, they just bounce back. But it will work in windows VM, any idea how i can get it to work on mac?
    Thanks

    Found it throught the apple site.
    very helpful
    thanks guys

  • Sending From Shared Mailboxes bounce back or underliverable

    Exchange 2013 CU6
    Issue with Outlook 2007 and Exchange 2013
    When a user sends as a shared mailbox (e.g Mailroom) they either gets the do not have permissions or they get a bounce back message.
    1. User would get you do not have permissions then 5 mins later it will work again and same for the bounce back.  Any issues with CU6 with sending from shared mailboxes?

    Hi,
    From your description, I would like to clarify the following thing:
    The issue will occur if the address in the From box is automatically populated by using outdated, locally cached information when User A typed User B's address.
    You can follow the steps below for troubleshooting:
    1. In the new email message in Outlook, click From, and then click Other Email Address.
    2. In the Send From Other E-mail Address window, click From, change the address book to the GAL, and then select the user to whose mailbox you were granted Send As permissions.
    Hope this can be helpful to you.
    Best regards,
    If you have feedback for TechNet Subscriber Support, contact
    [email protected]
    Amy Wang
    TechNet Community Support

  • HT4864 Emails from .mac or .me emails being bounced by Cisco Ironports

    Is anyone else having problems with their .mac or .me email being bounced by Cisco Ironports?  Mine recently began bouncing when sending email to my wife at work.  She investigated it with their IT team and got the following response.
    We did some research and with the system administrators assistance we've figured out what is causing this. Seems that a lot of @mac.com accounts have been compromised lately and have earned themselves a bad reputation with our spam blocking service, Cisco IronPorts. What this means is that it's not any settings on either side, nor anything we control but it is in Apple's court to remedy the issue with their e-mail servers to get a proper reputation again. This is causing e-mails to be blocked from @mac.com, @me.com and @icloud.com accounts worldwide.

    I have also been having this issue for the last several weeks. Apple seriously needs to adjust whatever is causing outbound emails to get flagged. Apple also has the ability to work on their end to remove accounts that cause our email accounts to be lumped in with those causing the bad reputation. They also have the ability to work with upper level people at the companies where the rejection as spam is occuring, to help create specific algorithms to work around this for those not at fault. This has caused major disruptions in my business and is strangly unpredictable. Sometimes I get rejected, and sometimes it goes through to the same address. It doesn't make any sense to me but then again, I'm not a programmer. APPLE, PLEASE FIX THIS!

Maybe you are looking for

  • Why won't all the photos from iPhoto sync onto my iPhone 5?

    I am trying to put all the photos from iPhoto on my Mac onto my iPhone 5. Through iTunes, I select sync photos with iPhoto, then sync all photos, albums, events and faces. There are 285 photos in my iPhoto library and I would like to sync them all, b

  • Horizontal Menu - Submenu position

    I have delayed the new version of my site because I was looking for the solution, but now, I couldn't wait anymore and it is online with the following problems on the horizontal menu bar: 1- On IE, the submenus' position is wrong and becomes vertical

  • Relink many files at once

    I was wondering if anyone can help.  I'm using Illustrator CS6.  I have an artboard with 200 of the same placed file.  I now want to use this same layout for 30 other views, they are the same size, but different images.  If I relink them I have to cl

  • Cisco Prime NCS 1.3

    I am running Cisco Prime NCS 1.3 and I have two questions that I hope someone can help me out with.  Question 1). Is it possible to forward the Rogue Device Logs back to our SIEM server? If so how? Question 2). How do I setup the Mail Server Configur

  • Javascript ASP

    CS3 ASP - VB Script mySQL version 5 I have a simple insert statement using the dreamweaver cs3 wizard. Text Area inserts to varchar field type no problem. I have a dynamic list next to the Text Area which is populated using this code. <% While ((Repe