This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

why? rejected: Spam (Confirmed)

Our appliance is rejecting email from 209.85.214.170.  It shows in mail manager as simply "rejected: Spam (confirmed)".

We are using the recommended blacklist checkbox, with additional servers specified as zen.spamhaus.org and b.barracudacentral.org.

I checked that IP against blacklists and cant find it listed. 

any ideas?


This thread was automatically locked due to age.
Parents
  • Those look like gmail IPs, so they probably weren't blacklisted.  Post the relevant lines from today's SMTP log file, and maybe we can see why one was rejected.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Those look like gmail IPs, so they probably weren't blacklisted.  Post the relevant lines from today's SMTP log file, and maybe we can see why one was rejected.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • First half

    2012-07-06 11:30:35 SMTP connection from [207.8.156.51]:6575 (TCP/IP connection count = 1)
    2012:07:06-11:30:36 ex01 exim-in[11234]: 2012-07-06 11:30:36 [207.8.156.51] F= R= Verifying recipient address with callout
    2012:07:06-11:30:36 ex01 exim-in[11234]: 2012-07-06 11:30:36 1SnBQS-0002vC-1I ctasd reports 'Unknown' RefID:str=0001.0A090203.4FF712AC.008F,ss=1,re=0.000,fgs=0
    2012:07:06-11:30:36 ex01 exim-in[11234]: 2012-07-06 11:30:36 1SnBQS-0002vC-1I Greylisting: 207.8.156.51 is a known retry host
    2012:07:06-11:30:36 ex01 exim-in[11234]: 2012-07-06 11:30:36 1SnBQS-0002vC-1I REMOVED@meetingconsultants.com H=(mcweb1.meetingconsultants.com) [207.8.156.51]:6575 P=esmtp S=5066 id=OF836C2353.D342F4E8-ON85257A33.005B007E-85257A33.005AAF79@meetingconsultants.com
    2012:07:06-11:30:36 ex01 exim-in[11234]: 2012-07-06 11:30:36 SMTP connection from (mcweb1.meetingconsultants.com) [207.8.156.51]:6575 closed by QUIT
    2012:07:06-11:30:38 ex01 exim-in[6321]: 2012-07-06 11:30:38 SMTP connection from [209.85.214.170]:58038 (TCP/IP connection count = 1)
    2012:07:06-11:30:38 ex01 exim-in[6321]: 2012-07-06 11:30:38 SMTP connection from [209.85.214.170]:38291 (TCP/IP connection count = 2)
    2012:07:06-11:30:38 ex01 exim-in[11238]: 2012-07-06 11:30:38 H=mail-ob0-f170.google.com [209.85.214.170]:58038 Warning: Exception matched: Skipping greylisting for this message
    2012:07:06-11:30:38 ex01 exim-in[11239]: 2012-07-06 11:30:38 H=mail-ob0-f170.google.com [209.85.214.170]:38291 Warning: Exception matched: Skipping greylisting for this message
    2012:07:06-11:30:38 ex01 exim-in[11238]: 2012-07-06 11:30:38 [209.85.214.170] F= R= Verifying recipient address with callout
    2012:07:06-11:30:38 ex01 exim-in[11239]: 2012-07-06 11:30:38 [209.85.214.170] F= R= Verifying recipient address with callout
    2012:07:06-11:30:38 ex01 smtpd[6285]: QMGR[6285]: 1SnBQS-0002vC-1I moved to work queue
    2012:07:06-11:30:39 ex01 exim-in[11238]: 2012-07-06 11:30:39 1SnBQU-0002vG-2A ctasd reports 'Confirmed' RefID:str=0001.0A090203.4FF712AF.0011,ss=4,re=0.000,vtr=str,vl=0,fgs=0
    2012:07:06-11:30:39 ex01 exim-in[11239]: 2012-07-06 11:30:39 1SnBQU-0002vH-2A ctasd reports 'Confirmed' RefID:str=0001.0A090207.4FF712AF.001B,ss=4,re=0.000,vtr=str,vl=0,fgs=0
    2012:07:06-11:30:39 ex01 exim-in[11238]: 2012-07-06 11:30:39 1SnBQU-0002vG-2A id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="209.85.214.170" from="REMOVED@THEIRDOMAIN.COM" to="REMOVED@OURDOMAIN.COM" subject="Fwd: REMOVED partner paperwork to REMOVED 3 in Houston\342\200\246trying again" queueid="1SnBQU-0002vG-2A" size="148859" reason="as" extra="confirmed"
    2012:07:06-11:30:39 ex01 exim-in[11238]: [1\42] 2012-07-06 11:30:39 1SnBQU-0002vG-2A H=mail-ob0-f170.google.com [209.85.214.170]:58038 F= rejected after DATA
    2012:07:06-11:30:39 ex01 exim-in[11238]: [2\42] Envelope-from: 
    2012:07:06-11:30:39 ex01 exim-in[11238]: [3\42] Envelope-to: 
    2012:07:06-11:30:39 ex01 exim-in[11238]: [4\42] P Received: from mail-ob0-f170.google.com ([209.85.214.170]:58038)
    2012:07:06-11:30:39 ex01 exim-in[11238]: [5\42]  by smtp01.OURDOMAIN.COM with esmtps (TLSv1:RC4-SHA:128)
    2012:07:06-11:30:39 ex01 exim-in[11238]: [6\42]  (Exim 4.76)
    2012:07:06-11:30:39 ex01 exim-in[11238]: [7\42]  (envelope-from )
    2012:07:06-11:30:39 ex01 exim-in[11238]: [8\42]  id 1SnBQU-0002vG-2A
    2012:07:06-11:30:39 ex01 exim-in[11238]: [9\42]  for REMOVED@OURDOMAIN.COM; Fri, 06 Jul 2012 11:30:38 -0500
    2012:07:06-11:30:39 ex01 exim-in[11238]: [10\42] P Received: by obfk16 with SMTP id k16so17637763obf.29
    2012:07:06-11:30:39 ex01 exim-in[11238]: [11\42]         for ; Fri, 06 Jul 2012 09:30:38 -0700 (PDT)
    2012:07:06-11:30:39 ex01 exim-in[11238]: [12\42]   X-CTCH-RefID: str=0001.0A090203.4FF712AF.0011,ss=4,re=0.000,vtr=str,vl=0,fgs=0
    2012:07:06-11:30:39 ex01 exim-in[11238]: [13\42]   X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
    2012:07:06-11:30:39 ex01 exim-in[11238]: [14\42]         d=google.com; s=20120113;
    2012:07:06-11:30:39 ex01 exim-in[11238]: [15\42]         h=from:content-type:subject[:D]ate:references:to:message-id
    2012:07:06-11:30:39 ex01 exim-in[11238]: [16\42]          :mime-version:x-mailer:x-gm-message-state;
    2012:07:06-11:30:39 ex01 exim-in[11238]: [17\42]         bh=HxqOdgnZ//S4tZxNBhU9EYZoDaBgWYsAWI0GxNx6P08=;
    2012:07:06-11:30:39 ex01 exim-in[11238]: [18\42]         b=Bc3qaYMz8p1CL5PSx/XCwHZw/9C9qz7iGjWfMN5YCBkVr6xjfuLZrsSeaIgRRNJ5kl
    2012:07:06-11:30:39 ex01 exim-in[11239]: 2012-07-06 11:30:39 1SnBQU-0002vH-2A id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="209.85.214.170" from="REMOVED@THEIRDOMAIN.COM" to="REMOVED@OURDOMAIN.COM" subject="Fwd: REMOVED partner paperwork to REMOVED 3 in Houston\342\200\246trying again" queueid="1SnBQU-0002vH-2A" size="148867" reason="as" extra="confirmed"
    2012:07:06-11:30:39 ex01 exim-in[11239]: [1\42] 2012-07-06 11:30:39 1SnBQU-0002vH-2A H=mail-ob0-f170.google.com [209.85.214.170]:38291 F= rejected after DATA
    2012:07:06-11:30:39 ex01 exim-in[11239]: [2\42] Envelope-from: 
    2012:07:06-11:30:39 ex01 exim-in[11239]: [3\42] Envelope-to: 
    2012:07:06-11:30:39 ex01 exim-in[11239]: [4\42] P Received: from mail-ob0-f170.google.com ([209.85.214.170]:38291)
    2012:07:06-11:30:39 ex01 exim-in[11239]: [5\42]  by smtp01.OURDOMAIN.COM with esmtps (TLSv1:RC4-SHA:128)
    2012:07:06-11:30:39 ex01 exim-in[11239]: [6\42]  (Exim 4.76)
    2012:07:06-11:30:39 ex01 exim-in[11239]: [7\42]  (envelope-from )
    2012:07:06-11:30:39 ex01 exim-in[11239]: [8\42]  id 1SnBQU-0002vH-2A
    2012:07:06-11:30:39 ex01 exim-in[11239]: [9\42]  for REMOVED@OURDOMAIN.COM; Fri, 06 Jul 2012 11:30:38 -0500
  • 2012:07:06-11:30:39 ex01 exim-in[11239]: [10\42] P Received: by obfk16 with SMTP id k16so17637764obf.29
    2012:07:06-11:30:39 ex01 exim-in[11239]: [11\42]         for ; Fri, 06 Jul 2012 09:30:38 -0700 (PDT)
    2012:07:06-11:30:39 ex01 exim-in[11239]: [12\42]   X-CTCH-RefID: str=0001.0A090207.4FF712AF.001B,ss=4,re=0.000,vtr=str,vl=0,fgs=0
    2012:07:06-11:30:39 ex01 exim-in[11239]: [13\42]   X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
    2012:07:06-11:30:39 ex01 exim-in[11239]: [14\42]         d=google.com; s=20120113;
    2012:07:06-11:30:39 ex01 exim-in[11239]: [15\42]         h=from:content-type:subject[:D]ate:references:to:message-id
    2012:07:06-11:30:39 ex01 exim-in[11239]: [16\42]          :mime-version:x-mailer:x-gm-message-state;
    2012:07:06-11:30:39 ex01 exim-in[11239]: [17\42]         bh=HxqOdgnZ//S4tZxNBhU9EYZoDaBgWYsAWI0GxNx6P08=;
    2012:07:06-11:30:39 ex01 exim-in[11239]: [18\42]         b=DNQj96kI8tFHPtUw8LwXRpaJwX5aVZc6YFSiQkgQhvwRb+HzSWZsDUh0lc1c66w/ls
    2012:07:06-11:30:39 ex01 exim-in[11239]: [19\42]          if/P42aG2a09oOSSOX0UpFZi2+d4YMOp9d6kbdCJR5zEaMYXIXas1WE1HurFcSx7HmqR
    2012:07:06-11:30:39 ex01 exim-in[11239]: [20\42]          m2sVXukXs3DoEC12tqT+iI/9lW1wSKEAb9qtLA/WlOOsD4DdvZ5iH3zrHodfkAASKCNe
    2012:07:06-11:30:39 ex01 exim-in[11239]: [21\42]          vWCGGXNi8mS6wDzvK5/Sb4wCz1SAO+7lO3TZD99e7oUWAApiloUVE8ic6HGmmuO8s3Jj
    2012:07:06-11:30:39 ex01 exim-in[11239]: [22\42]          IYoKrTwjOJZ2ljrn7PuzIW3Y2ema33HYEOeUabcF6Bc4IbbnUuWPpfAAwX8/mKaHVnU8
    2012:07:06-11:30:39 ex01 exim-in[11239]: [23\42]          15sw==
    2012:07:06-11:30:39 ex01 exim-in[11239]: [24\42] P Received: by 10.182.17.8 with SMTP id k8mr11817667obd.25.1341592238183;
    2012:07:06-11:30:39 ex01 exim-in[11239]: [25\42]         Fri, 06 Jul 2012 09:30:38 -0700 (PDT)
    2012:07:06-11:30:39 ex01 exim-in[11239]: [26\42] * Return-Path: 
    2012:07:06-11:30:39 ex01 exim-in[11239]: [27\42] P Received: from [192.168.255.141] ([192.131.86.10])
    2012:07:06-11:30:39 ex01 exim-in[11239]: [28\42]         by mx.google.com with ESMTPS id g8sm3438833obz.16.2012.07.06.09.30.36
    2012:07:06-11:30:39 ex01 exim-in[11239]: [29\42]         (version=SSLv3 cipher=OTHER);
    2012:07:06-11:30:39 ex01 exim-in[11239]: [30\42]         Fri, 06 Jul 2012 09:30:36 -0700 (PDT)
    2012:07:06-11:30:39 ex01 exim-in[11239]: [31\42] F From: REMOVED 
    2012:07:06-11:30:39 ex01 exim-in[11239]: [32\42]   Content-Type: multipart/alternative; boundary="Apple-Mail=_A49C8B9D-85FD-46A9-9764-613E8E9841A9"
    2012:07:06-11:30:39 ex01 exim-in[11239]: [33\42]   Subject: =?windows-1252?Q?Fwd=3A_REMOVED_partner_paperwork_to_REMOVED_3_in_H?=
    2012:07:06-11:30:39 ex01 exim-in[11239]: [34\42]  =?windows-1252?Q?ouston=85trying_again?=
    2012:07:06-11:30:39 ex01 exim-in[11239]: [35\42]   Date: Fri, 6 Jul 2012 11:25:15 -0500
    2012:07:06-11:30:39 ex01 exim-in[11238]: [19\42]          zsXXeoJZpvv6qun5cxfKUd5hTqxE2sdLo12rF0+afu9uXv55LrTGTIHkicx3Tn4br6+O
    2012:07:06-11:30:39 ex01 exim-in[11238]: [20\42]          IAK4LuO2ZU81nDauPSIDeN0XXWGI3EvIeCm4QM+tgZEsJdOkcz8HVG7tLP75hiaI6gpS
    2012:07:06-11:30:39 ex01 exim-in[11238]: [21\42]          Hqu3RTpfn8BPUyO0N4YEUZh52a8bpDpEh/x/5/QlvmdjTncpPOXzvGttODApqyO/RLGd
    2012:07:06-11:30:39 ex01 exim-in[11238]: [22\42]          pNibRnoyhs9THBk76rr00BoP0lUovcTz+ole/h2unOpw+kPmZJEzpFOlLNICK2EBvxZC
    2012:07:06-11:30:39 ex01 exim-in[11238]: [23\42]          IXEg==
    2012:07:06-11:30:39 ex01 exim-in[11238]: [24\42] P Received: by 10.182.17.8 with SMTP id k8mr11817667obd.25.1341592238183;
    2012:07:06-11:30:39 ex01 exim-in[11238]: [25\42]         Fri, 06 Jul 2012 09:30:38 -0700 (PDT)
    2012:07:06-11:30:39 ex01 exim-in[11238]: [26\42] * Return-Path: 
    2012:07:06-11:30:39 ex01 exim-in[11238]: [27\42] P Received: from [192.168.255.141] ([192.131.86.10])
    2012:07:06-11:30:39 ex01 exim-in[11238]: [28\42]         by mx.google.com with ESMTPS id g8sm3438833obz.16.2012.07.06.09.30.36
    2012:07:06-11:30:39 ex01 exim-in[11238]: [29\42]         (version=SSLv3 cipher=OTHER);
    2012:07:06-11:30:39 ex01 exim-in[11238]: [30\42]         Fri, 06 Jul 2012 09:30:36 -0700 (PDT)
    2012:07:06-11:30:39 ex01 exim-in[11238]: [31\42] F From: REMOVED 
    2012:07:06-11:30:39 ex01 exim-in[11238]: [32\42]   Content-Type: multipart/alternative; boundary="Apple-Mail=_A49C8B9D-85FD-46A9-9764-613E8E9841A9"
    2012:07:06-11:30:39 ex01 exim-in[11238]: [33\42]   Subject: =?windows-1252?Q?Fwd=3A_REMOVED_partner_paperwork_to_REMOVED_3_in_H?=
    2012:07:06-11:30:39 ex01 exim-in[11238]: [34\42]  =?windows-1252?Q?ouston=85trying_again?=
    2012:07:06-11:30:39 ex01 exim-in[11238]: [35\42]   Date: Fri, 6 Jul 2012 11:25:15 -0500
    2012:07:06-11:30:39 ex01 exim-in[11238]: [36\42]   References: 
    2012:07:06-11:30:39 ex01 exim-in[11238]: [37\42] T To: REMOVED ,
    2012:07:06-11:30:39 ex01 exim-in[11238]: [38\42]  REMOVED@OURDOMAIN.COM
    2012:07:06-11:30:39 ex01 exim-in[11238]: [39\42] I Message-Id: 
    2012:07:06-11:30:39 ex01 exim-in[11238]: [40\42]   Mime-Version: 1.0 (Apple Message framework v1278)
    2012:07:06-11:30:39 ex01 exim-in[11238]: [41\42]   X-Mailer: Apple Mail (2.1278)
    2012:07:06-11:30:39 ex01 exim-in[11238]: [42/42]   X-Gm-Message-State: ALoCoQlHvwEUTNZb4l2w0OQPfECqQpIJtBDJD7S8fZnfIQ12AhU105gl33FY1RYzgaPvzrSfX5Rc
    2012:07:06-11:30:39 ex01 exim-in[11238]: 2012-07-06 11:30:39 1SnBQU-0002vG-2A SMTP connection from mail-ob0-f170.google.com [209.85.214.170]:58038 closed by DROP in ACL
    2012:07:06-11:30:39 ex01 exim-in[11239]: [36\42]   References: 
    2012:07:06-11:30:39 ex01 exim-in[11239]: [37\42] T To: REMOVED ,
    2012:07:06-11:30:39 ex01 exim-in[11239]: [38\42]  REMOVED@OURDOMAIN.COM
    2012:07:06-11:30:39 ex01 exim-in[11239]: [39\42] I Message-Id: 
    2012:07:06-11:30:39 ex01 exim-in[11239]: [40\42]   Mime-Version: 1.0 (Apple Message framework v1278)
    2012:07:06-11:30:39 ex01 exim-in[11239]: [41\42]   X-Mailer: Apple Mail (2.1278)
    2012:07:06-11:30:39 ex01 exim-in[11239]: [42/42]   X-Gm-Message-State: ALoCoQmmgidzhotkXNd4JD2sEs85GRXhbDQ0CBHu9qzusCkfU/1UjZfiWGFFeoXke78BFfABzByE
    2012:07:06-11:30:39 ex01 exim-in[11239]: 2012-07-06 11:30:39 1SnBQU-0002vH-2A SMTP connection from mail-ob0-f170.google.com [209.85.214.170]:38291 closed by DROP in ACL