This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mail rejected "Administrative prohibition"

Hello,
some of our partners can't send us emails!
They are not on any blacklist, have valid RDNS, have valid SPF.
I see absolutly no reason why they should be blocked.
What is going on? And how can i avoid that this happens to any of our other partners?
We don't have the administrative Resources to report every false positive to Sophos so please don't just send me the link to report.
I read somewhere that i could disable reject spam at smtp time.
What is the impact of this setting? does every spam goes to quarantine then? what about the wasted disc space then?
The NDR says: "550 Administrative prohibition"

EDIT: then again some of the emails from the same partnerdomain get through without any problems

2019:09:05-08:34:27 asg-1 exim-in[5658]: 2019-09-05 08:34:27 SMTP connection from [x.x.x.x]:37546 (TCP/IP connection count = 1)
2019:09:05-08:34:28 asg-1 exim-in[26476]: 2019-09-05 08:34:28 H=smtp.partnerdomain.xxx [x.x.x.x]:37546 Warning: ourdomain.xxx profile excludes SANDBOX scan
2019:09:05-08:34:28 asg-1 exim-in[26476]: 2019-09-05 08:34:28 [x.x.x.x] F=<someone@partnerdomain.xxx> R=<someone@ourdomain.xxx> Verifying recipient address in Active Directory
2019:09:05-08:34:28 asg-1 exim-in[26476]: 2019-09-05 08:34:28 1i5lLg-0006t2-2C ctasd reports 'Confirmed' RefID:str=0001.0A0C020D.5D70AC74.008D,ss=4,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
2019:09:05-08:34:28 asg-1 exim-in[26476]: 2019-09-05 08:34:28 1i5lLg-0006t2-2C id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="x.x.x.x" from="someone@partnerdomain.xxx" to="someone@ourdomain.xxx" subject="Fehler mit Mailadresse hweigl" queueid="1i5lLg-0006t2-2C" size="16708" reason="as" extra="confirmed

Thanks and Regards



This thread was automatically locked due to age.
Parents
  • Ho  

    Looking into the logs carefully, I see that AntiSpam engine has reported this particular Email as Confirmed Spam which you can see from the following logline;

    Daniel Schatz said:
    2019:09:05-08:34:28 asg-1 exim-in[26476]: 2019-09-05 08:34:28 1i5lLg-0006t2-2C ctasd reports 'Confirmed' RefID:str=0001.0A0C020D.5D70AC74.008D,ss=4,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8

    And the SMTP exim-in log says the same

    Daniel Schatz said:
    2019:09:05-08:34:28 asg-1 exim-in[26476]: 2019-09-05 08:34:28 1i5lLg-0006t2-2C id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="x.x.x.x" from="someone@partnerdomain.xxx" to="someone@ourdomain.xxx" subject="Fehler mit Mailadresse hweigl" queueid="1i5lLg-0006t2-2C" size="16708" reason="as" extra="confirmed

    You may turn off the option Reject at SMTP time and then will definitely increase the Size of Quaranitne List as Mails will be put into Quarantine instead of being Rejected straight away. However, it should not be a concern as you can set a limit after how many days Quarantine Emails will be deleted. You may configure that setting Email Protection > Mail Manager > Configuration. 

    Regards

    Jaydeep

Reply
  • Ho  

    Looking into the logs carefully, I see that AntiSpam engine has reported this particular Email as Confirmed Spam which you can see from the following logline;

    Daniel Schatz said:
    2019:09:05-08:34:28 asg-1 exim-in[26476]: 2019-09-05 08:34:28 1i5lLg-0006t2-2C ctasd reports 'Confirmed' RefID:str=0001.0A0C020D.5D70AC74.008D,ss=4,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8

    And the SMTP exim-in log says the same

    Daniel Schatz said:
    2019:09:05-08:34:28 asg-1 exim-in[26476]: 2019-09-05 08:34:28 1i5lLg-0006t2-2C id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="x.x.x.x" from="someone@partnerdomain.xxx" to="someone@ourdomain.xxx" subject="Fehler mit Mailadresse hweigl" queueid="1i5lLg-0006t2-2C" size="16708" reason="as" extra="confirmed

    You may turn off the option Reject at SMTP time and then will definitely increase the Size of Quaranitne List as Mails will be put into Quarantine instead of being Rejected straight away. However, it should not be a concern as you can set a limit after how many days Quarantine Emails will be deleted. You may configure that setting Email Protection > Mail Manager > Configuration. 

    Regards

    Jaydeep

Children