June 28th, 2007, 04:20 PM
Exchange email problem (S25R) Rule
One of the users here at work has been emailing with a gentlemen for the past week, then all of a sudden, yesterday, she couldn't email him anymore.
This is what we get for a NDR.
This is the SMTP log
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
<mail.XXXX.com #5.5.0 smtp;550 <xx-xxx-xxx-31.static.twtelecom.net[XX.XXX.XXX.31]>: Client host rejected: REJECTED S25R RULE>
Not really that sure where to go from here with it....this is Exchange server 2003, and it does have the GFI mail essentials package on it.
208.XXX.XXX.7, OutboundConnectionCommand, 6/26/2007, 10:04:48, SMTPSVC1, UAM-DC, -, 281, 0, 4, 0, 0, RCPT, -, TO:<XXXX@barfieldinc.com>,
208.XXX.XXX.7, OutboundConnectionResponse, 6/26/2007, 10:04:48, SMTPSVC1, UAM-DC, -, 422, 0, 101, 0, 0, -, -, 450 <XX-XXX-XXX-31.static.twtelecom.net[XX.XXX.XXX.31]>: Client host rejected: 450 REJECTED S25R RULE,
208.XXX.XXX.7, OutboundConnectionCommand, 6/26/2007, 10:04:48, SMTPSVC1, UAM-DC, -, 422, 0, 4, 0, 0, RSET, -, -,
208.XXX.XXX.7, OutboundConnectionResponse, 6/26/2007, 10:04:48, SMTPSVC1, UAM-DC, -, 484, 0, 6, 0, 0, -, -, 250 Ok,
I googled that S25R rule, but have not been able to find much on it other than some sort of Anti-spam tool maybe?
Any help would be appreciated..thanks
June 28th, 2007, 04:52 PM
Do you have a proper reverse lookup for your mail server.
We recently had this issue.
Antispam filters will block mail unless it is registered.
How people treat you is their karma- how you react is yours-Wayne Dyer
June 28th, 2007, 04:58 PM
It is an anti-spam system. Selective SMTP Rejection.
Not much info in English, I've never heard of that name or error message before so I'm guessing that maybe this is something that is used in parts of Asia or East Europe.
June 28th, 2007, 05:11 PM
Yes we do have Reverse DNS setup properly (Had to do this a long time ago).
So...theres not much I can do about this other than possibly contact the administrator of that domain?
From what I can tell, this is out of my hands...am I correct in assuming that?
June 28th, 2007, 05:28 PM
And just to verify my RDNS..here is a Report from dns stuff
mail.xxx.com is not an IP address, so I am using 66.xxx.xx.xx (the A record for mail.xxx.com).
Location: United States [City: Memphis, Tennessee]
The reverse DNS entry for an IP is found by reversing the IP, adding it to "in-addr.arpa", and looking up the PTR record.
So, the reverse DNS entry for 66.xxx.xxx.xx is found by looking up the PTR record for
All DNS requests start by asking the root servers, and they let us know what to do next.
See How Reverse DNS Lookups Work for more information.
How I am searching:
Asking h.root-servers.net for xx.xxx.xxx.66.in-addr.arpa PTR record:
h.root-servers.net says to go to figwort.arin.net. (zone: 66.in-addr.arpa.)
Asking figwort.arin.net. for xx.xxx.xxx.66.in-addr.arpa PTR record:
figwort.arin.net [220.127.116.11] says to go to ns1.milw.twtelecom.net. (zone: 162.66.in-addr.arpa.)
Asking ns1.milw.twtelecom.net. for xx.xxx.xxx.66.in-addr.arpa PTR record: Reports 66-xxx-xxx-xx.static.twtelecom.net. [from 18.104.22.168]
66.xxx.xxx.xx PTR record: 66-xxx-xxx-xx.static.twtelecom.net. [TTL 86400s] [A=66.xxx.xxx.xx]
June 28th, 2007, 06:46 PM
Have you checked if you are blacklisted? This happened on one of my domains a while ago - it turned out the server 'helo' name was not the same as the PTR DNS record, hence we got blacklisted. rDNS worked fine it was just an issue with the server name.
June 28th, 2007, 06:57 PM
They may have instituted spam filters like MX Logic or some other service. I know when I turned mine on I forgot to check the censor list. The word Blow was in the list. So any emails concerning blow molding (plastic) was denied.
Do a MX record lookup through DNSSTUFF dot com and see if their mail is being routed through a service
June 28th, 2007, 07:21 PM
I think it might be what your talking about dino.
Tested this persons email address that we cannot send to..from dnsstuff and this is what I got.
I tried going to the link right above to see what that does, but it doesn't do anything for me.
Getting MX record for barfieldinc.com (from local DNS server, may be cached)... Got it!
Host Preference IP(s) [Country]
mail2.innovativeinternet.net. 20 22.214.171.124 [US]
mail3.innovativeinternet.net. 30 126.96.36.199 [US]
Step 1: Try connecting to the following mailserver:
mail2.innovativeinternet.net. - 188.8.131.52
Step 2: If unsuccessful in step 1, try connecting to the following mailserver:
mail3.innovativeinternet.net. - 184.108.40.206
Step 3: If still unsuccessful, queue the E-mail for later delivery.
Trying to connect to all mailservers:
mail2.innovativeinternet.net. - 220.127.116.11 [Could not connect: Got an unknown RCPT TO response: 550 <85.3b.354a.static.theplanet.com[18.104.22.168]>: Client host rejected: REJECTED S25R RULE
mail3.innovativeinternet.net. - 22.214.171.124 [Could not connect: Got an unknown RCPT TO response: 550 <85.3b.354a.static.theplanet.com[126.96.36.199]>: Client host rejected: REJECTED S25R RULE http://www.innovativeinternet.com/support/rejected_email.html
Notice the main A records go to another IP in a different range...The planet(who I happen to have a few servers at), offer a "Spirius" email filtering solution...maybe thats whats going on.
I'm talking with them over there to see if I can confirm or deny that...if so, then I'll be talking with the admin of that domain to see if they can whitelist us.
THanks for the help guys.
June 29th, 2007, 08:44 AM
You might want to check and make sure your Exchange Server is not an Open Relay.
By rcgreen in forum Cosmos
Last Post: April 20th, 2007, 07:41 PM
By ThePreacher in forum Miscellaneous Security Discussions
Last Post: December 14th, 2006, 08:37 PM
By listener in forum Newbie Security Questions
Last Post: January 18th, 2003, 06:36 AM
By Louie in forum Microsoft Security Discussions
Last Post: August 29th, 2002, 08:31 PM
By Noble Hamlet in forum AntiOnline's General Chit Chat
Last Post: March 17th, 2002, 08:38 AM