Exchange email problem (S25R) Rule

[cheyenne1212]

One of the users here at work has been emailing with a gentlemen for the past week, then all of a sudden, yesterday, she couldn't email him anymore.

This is what we get for a NDR.

Code:

There was a SMTP communication problem with the recipient's email server.  Please contact your system administrator.

            <mail.XXXX.com #5.5.0 smtp;550 <xx-xxx-xxx-31.static.twtelecom.net[XX.XXX.XXX.31]>: Client host rejected: REJECTED S25R RULE>

This is the SMTP log

Code:

208.XXX.XXX.7, OutboundConnectionCommand, 6/26/2007, 10:04:48, SMTPSVC1, UAM-DC, -, 281, 0, 4, 0, 0, RCPT, -, TO:<XXXX@barfieldinc.com>,
208.XXX.XXX.7, OutboundConnectionResponse, 6/26/2007, 10:04:48, SMTPSVC1, UAM-DC, -, 422, 0, 101, 0, 0, -, -, 450 <XX-XXX-XXX-31.static.twtelecom.net[XX.XXX.XXX.31]>: Client host rejected: 450 REJECTED S25R RULE,
208.XXX.XXX.7, OutboundConnectionCommand, 6/26/2007, 10:04:48, SMTPSVC1, UAM-DC, -, 422, 0, 4, 0, 0, RSET, -, -,
208.XXX.XXX.7, OutboundConnectionResponse, 6/26/2007, 10:04:48, SMTPSVC1, UAM-DC, -, 484, 0, 6, 0, 0, -, -, 250 Ok,

Not really that sure where to go from here with it....this is Exchange server 2003, and it does have the GFI mail essentials package on it.

I googled that S25R rule, but have not been able to find much on it other than some sort of Anti-spam tool maybe?

Any help would be appreciated..thanks

[morganlefay]

Do you have a proper reverse lookup for your mail server.

We recently had this issue.

Antispam filters will block mail unless it is registered.

MLF

[mohaughn]

It is an anti-spam system. Selective SMTP Rejection.

http://www.gabacho-net.jp/en/anti-spam/

Not much info in English, I've never heard of that name or error message before so I'm guessing that maybe this is something that is used in parts of Asia or East Europe.

[cheyenne1212]

Yes we do have Reverse DNS setup properly (Had to do this a long time ago).

So...theres not much I can do about this other than possibly contact the administrator of that domain?

From what I can tell, this is out of my hands...am I correct in assuming that?

Thanks.

[cheyenne1212]

And just to verify my RDNS..here is a Report from dns stuff

Code:

mail.xxx.com is not an IP address, so I am using 66.xxx.xx.xx (the A record for mail.xxx.com).

Location: United States [City: Memphis, Tennessee]

Preparation:
The  reverse DNS entry for an IP is found by reversing the IP, adding it to "in-addr.arpa", and looking up the PTR record.
So, the reverse DNS entry for 66.xxx.xxx.xx is found by looking up the PTR record for
 31.xxx.xxx.66.in-addr.arpa.
All DNS requests start by asking the root servers, and they let us know what to do next.
See How Reverse DNS Lookups Work for more information.

How I am searching:
Asking h.root-servers.net for xx.xxx.xxx.66.in-addr.arpa PTR record:  
       h.root-servers.net says to go to figwort.arin.net. (zone: 66.in-addr.arpa.)
Asking figwort.arin.net. for xx.xxx.xxx.66.in-addr.arpa PTR record:  
       figwort.arin.net [192.42.93.32] says to go to ns1.milw.twtelecom.net. (zone: 162.66.in-addr.arpa.)
Asking ns1.milw.twtelecom.net. for xx.xxx.xxx.66.in-addr.arpa PTR record:  Reports 66-xxx-xxx-xx.static.twtelecom.net. [from 216.136.95.2]

Answer:
66.xxx.xxx.xx PTR record: 66-xxx-xxx-xx.static.twtelecom.net. [TTL 86400s] [A=66.xxx.xxx.xx]

[Nokia]

Have you checked if you are blacklisted? This happened on one of my domains a while ago - it turned out the server 'helo' name was not the same as the PTR DNS record, hence we got blacklisted. rDNS worked fine it was just an issue with the server name.

[dinowuff]

cheyenne1212:

They may have instituted spam filters like MX Logic or some other service. I know when I turned mine on I forgot to check the censor list. The word Blow was in the list. So any emails concerning blow molding (plastic) was denied.

Oops!

Do a MX record lookup through DNSSTUFF dot com and see if their mail is being routed through a service

[cheyenne1212]

I think it might be what your talking about dino.

Tested this persons email address that we cannot send to..from dnsstuff and this is what I got.

Code:

Getting MX record for barfieldinc.com (from local DNS server, may be cached)... Got it!

Host	Preference	IP(s) [Country]
mail2.innovativeinternet.net.	20	208.244.165.7 [US]
mail3.innovativeinternet.net.	30	207.44.168.240 [US]




Step 1:  Try connecting to the following mailserver:
         mail2.innovativeinternet.net. - 208.244.165.7

Step 2:  If unsuccessful in step 1, try connecting to the following mailserver:
         mail3.innovativeinternet.net. - 207.44.168.240

Step 3:  If still unsuccessful, queue the E-mail for later delivery.



Trying to connect to all mailservers:

   mail2.innovativeinternet.net. - 208.244.165.7  [Could not connect: Got an unknown RCPT TO response: 550 <85.3b.354a.static.theplanet.com[74.53.59.133]>: Client host rejected: REJECTED S25R RULE
]
   mail3.innovativeinternet.net. - 207.44.168.240  [Could not connect: Got an unknown RCPT TO response: 550 <85.3b.354a.static.theplanet.com[74.53.59.133]>: Client host rejected: REJECTED S25R RULE http://www.innovativeinternet.com/support/rejected_email.html

I tried going to the link right above to see what that does, but it doesn't do anything for me.

Notice the main A records go to another IP in a different range...The planet(who I happen to have a few servers at), offer a "Spirius" email filtering solution...maybe thats whats going on.

I'm talking with them over there to see if I can confirm or deny that...if so, then I'll be talking with the admin of that domain to see if they can whitelist us.


THanks for the help guys.

[WolfeTone]

You might want to check and make sure your Exchange Server is not an Open Relay.