This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mail rejected "Administrative prohibition"

Hello,
some of our partners can't send us emails!
They are not on any blacklist, have valid RDNS, have valid SPF.
I see absolutly no reason why they should be blocked.
What is going on? And how can i avoid that this happens to any of our other partners?
We don't have the administrative Resources to report every false positive to Sophos so please don't just send me the link to report.
I read somewhere that i could disable reject spam at smtp time.
What is the impact of this setting? does every spam goes to quarantine then? what about the wasted disc space then?
The NDR says: "550 Administrative prohibition"

EDIT: then again some of the emails from the same partnerdomain get through without any problems

2019:09:05-08:34:27 asg-1 exim-in[5658]: 2019-09-05 08:34:27 SMTP connection from [x.x.x.x]:37546 (TCP/IP connection count = 1)
2019:09:05-08:34:28 asg-1 exim-in[26476]: 2019-09-05 08:34:28 H=smtp.partnerdomain.xxx [x.x.x.x]:37546 Warning: ourdomain.xxx profile excludes SANDBOX scan
2019:09:05-08:34:28 asg-1 exim-in[26476]: 2019-09-05 08:34:28 [x.x.x.x] F=<someone@partnerdomain.xxx> R=<someone@ourdomain.xxx> Verifying recipient address in Active Directory
2019:09:05-08:34:28 asg-1 exim-in[26476]: 2019-09-05 08:34:28 1i5lLg-0006t2-2C ctasd reports 'Confirmed' RefID:str=0001.0A0C020D.5D70AC74.008D,ss=4,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
2019:09:05-08:34:28 asg-1 exim-in[26476]: 2019-09-05 08:34:28 1i5lLg-0006t2-2C id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="x.x.x.x" from="someone@partnerdomain.xxx" to="someone@ourdomain.xxx" subject="Fehler mit Mailadresse hweigl" queueid="1i5lLg-0006t2-2C" size="16708" reason="as" extra="confirmed

Thanks and Regards



This thread was automatically locked due to age.
Parents
  • Ho  

    Looking into the logs carefully, I see that AntiSpam engine has reported this particular Email as Confirmed Spam which you can see from the following logline;

    Daniel Schatz said:
    2019:09:05-08:34:28 asg-1 exim-in[26476]: 2019-09-05 08:34:28 1i5lLg-0006t2-2C ctasd reports 'Confirmed' RefID:str=0001.0A0C020D.5D70AC74.008D,ss=4,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8

    And the SMTP exim-in log says the same

    Daniel Schatz said:
    2019:09:05-08:34:28 asg-1 exim-in[26476]: 2019-09-05 08:34:28 1i5lLg-0006t2-2C id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="x.x.x.x" from="someone@partnerdomain.xxx" to="someone@ourdomain.xxx" subject="Fehler mit Mailadresse hweigl" queueid="1i5lLg-0006t2-2C" size="16708" reason="as" extra="confirmed

    You may turn off the option Reject at SMTP time and then will definitely increase the Size of Quaranitne List as Mails will be put into Quarantine instead of being Rejected straight away. However, it should not be a concern as you can set a limit after how many days Quarantine Emails will be deleted. You may configure that setting Email Protection > Mail Manager > Configuration. 

    Regards

    Jaydeep

  • Hi Jaydeep and thanks for the answer.
    My Question is still why has this email been blocked in the first place?
    Did the spam confirmed Tag come from Cyren?

    This never happened with valid partner email until recently.
    as already reported some email from the same domain get through without any trouble.
    Sometimes even from the SAME sender

  • Hi  

    Each email is scanned individually and that's why contains a unique "RefID:str" and one cannot tell what was found in the Email to be considered as Confirmed Spam. The tag has come from Cyren. If the rate of False positive is too high, try to find any similarities in the Email and if you're not sure, it might be worth creating a case.

    Regards

    Jaydeep

Reply Children
No Data