This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote server replied: 550 Administrative prohibition

Could anyone shed some light on this please. Two different customers reported that they are unable to send mail to us.

Im posting this with real IPs, I couldt find anything with cyren. The funny thing is in the past 2 days, some mails went through in both directions, mails as spam got blocked before and after that. Today also according to the mail manager.

 

-----Ursprüngliche Nachricht-----
Von: mailer-daemon@server.webmailcheck.de [mailto:mailer-daemon@server.webmailcheck.de]
Gesendet: Sonntag, 4. Dezember 2016 09:29
An: info@werner-zirn.de
Betreff: Undeliverable: Nachricht für Herrn Weber

Your message did not reach some or all of the intended recipients.

   Sent: Sun, 4 Dec 2016 09:28:44 +0100
   Subject: Nachricht für Herrn Weber

The following recipient(s) could not be reached:

info@allforit.de
   Error Type: SMTP
   Remote server (109.192.11.82) issued an error.
   hMailServer sent: .
   Remote server replied: 550 Administrative prohibition



hMailServer

 

------------------------------------------------------------------------------------------------------

 

2016:12:04-09:28:49 gw1 exim-in[5688]: 2016-12-04 09:28:49 SMTP connection from [94.23.229.146]:51697 (TCP/IP connection count = 1)
2016:12:04-09:28:49 gw1 exim-in[14546]: 2016-12-04 09:28:49 H=server.webmailcheck.de [94.23.229.146]:51697 Warning: allforit.de profile excludes greylisting: Skipping greylisting for this message
2016:12:04-09:28:49 gw1 exim-in[14546]: 2016-12-04 09:28:49 H=server.webmailcheck.de [94.23.229.146]:51697 Warning: allforit.de profile excludes SANDBOX scan
2016:12:04-09:28:49 gw1 exim-in[14546]: 2016-12-04 09:28:49 [94.23.229.146] F=<info@werner-zirn.de> R=<info@allforit.de> Verifying recipient address with callout
2016:12:04-09:28:49 gw1 exim-in[14546]: 2016-12-04 09:28:49 1cDSAD-0003mc-1x ctasd reports 'Confirmed' RefID:str=0001.0A0B0206.5843CFB3.0117,ss=4,sh,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
2016:12:04-09:28:49 gw1 exim-in[14546]: 2016-12-04 09:28:49 1cDSAD-0003mc-1x id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="94.23.229.146" from="info@werner-zirn.de" to="info@allforit.de" subject="Nachricht f\303\274r Herrn Weber" queueid="1cDSAD-0003mc-1x" size="11887" reason="as" extra="confirmed"
2016:12:04-09:28:49 gw1 exim-in[14546]: [1\25] 2016-12-04 09:28:49 1cDSAD-0003mc-1x H=server.webmailcheck.de [94.23.229.146]:51697 F=<info@werner-zirn.de> rejected after DATA
2016:12:04-09:28:49 gw1 exim-in[14546]: [2\25] Envelope-from: <info@werner-zirn.de>
2016:12:04-09:28:49 gw1 exim-in[14546]: [3\25] Envelope-to: <info@allforit.de>
2016:12:04-09:28:49 gw1 exim-in[14546]: [4\25] P Received: from server.webmailcheck.de ([94.23.229.146]:51697)
2016:12:04-09:28:49 gw1 exim-in[14546]: [5\25] 	by mx1.allforit.de with smtp (Exim 4.82_1-5b7a7c0-XX)
2016:12:04-09:28:49 gw1 exim-in[14546]: [6\25] 	(envelope-from <info@werner-zirn.de>)
2016:12:04-09:28:49 gw1 exim-in[14546]: [7\25] 	id 1cDSAD-0003mc-1x
2016:12:04-09:28:49 gw1 exim-in[14546]: [8\25] 	for info@allforit.de; Sun, 04 Dec 2016 09:28:49 +0100
2016:12:04-09:28:49 gw1 exim-in[14546]: [9\25] P Received: from PCZirn ([84.140.239.159])
2016:12:04-09:28:49 gw1 exim-in[14546]: [10\25] 	by server.webmailcheck.de
2016:12:04-09:28:49 gw1 exim-in[14546]: [11\25] 	; Sun, 4 Dec 2016 09:28:47 +0100
2016:12:04-09:28:49 gw1 exim-in[14546]: [12\25]   X-CTCH-RefID: str=0001.0A0B0206.5843CFB3.0117,ss=4,sh,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
2016:12:04-09:28:49 gw1 exim-in[14546]: [13\25] F From: "Werner Zirn" <info@werner-zirn.de>
2016:12:04-09:28:49 gw1 exim-in[14546]: [14\25] T To: <info@allforit.de>
2016:12:04-09:28:49 gw1 exim-in[14546]: [15\25]   References: 
2016:12:04-09:28:49 gw1 exim-in[14546]: [16\25]   In-Reply-To: 
2016:12:04-09:28:49 gw1 exim-in[14546]: [17\25]   Subject: =?utf-8?Q?Nachricht_f=C3=BCr_Herrn_Weber?=
2016:12:04-09:28:49 gw1 exim-in[14546]: [18\25]   Date: Sun, 4 Dec 2016 09:28:44 +0100
2016:12:04-09:28:49 gw1 exim-in[14546]: [19\25] I Message-ID: <000001d24e08$6d5c5c00$48151400$@werner-zirn.de>
2016:12:04-09:28:49 gw1 exim-in[14546]: [20\25]   MIME-Version: 1.0
2016:12:04-09:28:49 gw1 exim-in[14546]: [21\25]   Content-Type: multipart/related;
2016:12:04-09:28:49 gw1 exim-in[14546]: [22\25] 	boundary="----=_NextPart_000_0001_01D24E10.CF20C400"
2016:12:04-09:28:49 gw1 exim-in[14546]: [23\25]   X-Mailer: Microsoft Outlook 15.0
2016:12:04-09:28:49 gw1 exim-in[14546]: [24\25]   Thread-Index: AdJOBeq2UYFuagT9R2KNENHgQyqGmgAAjRjg
2016:12:04-09:28:49 gw1 exim-in[14546]: [25/25]   Content-Language: de
2016:12:04-09:28:49 gw1 exim-in[14546]: 2016-12-04 09:28:49 1cDSAD-0003mc-1x SMTP connection from server.webmailcheck.de [94.23.229.146]:51697 closed by DROP in ACL


This thread was automatically locked due to age.
  • Hi,

    1cDSAD-0003mc-1x ctasd reports 'Confirmed' RefID:str=0001.0A0B0206.5843CFB3.0117,ss=4,sh,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
    2016:12:04-09:28:49 gw1 exim-in[14546]: 2016-12-04 09:28:49 1cDSAD-0003mc-1x id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="94.23.229.146" from="info@werner-zirn.de" to="info@allforit.de" subject="Nachricht f\303\274r Herrn Weber" queueid="1cDSAD-0003mc-1x" size="11887" reason="as" extra="confirmed"
    2016:12:04-09:28:49 gw1 exim-in[14546]: [1\25] 2016-12-04 09:28:49 1cDSAD-0003mc-1x H=server.webmailcheck.de [94.23.229.146]:51697 F=<info@werner-zirn.de> rejected after DATA

    It states Commtouch Advance Security Deamon (CTASD) recognised the mail as infected and the id=1003 means that the mail is rejected. Moreover, you are using the callout method to verify the recipient verification so UTM will query the mail server to do recipient verification. 550 error code means that your SMTP server isn't able to deliver the sent email to the user because his mailbox does not exist. Can you verify this at the server's end.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • The info@allforit.de mail is reachable and was before and after. So I do not understand the issue. And yes, we are using callout against aur Exchange Server.

    Ist there something else possible, I have no idea what causes this. Maybe the sending "hhmail server" speaks jibberish SMTP?

  • Hi,

    What do the logs from the mail server reflect?

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Like Sachin said, the issue is that your SMTP Proxy rejected the mail as spam.  If you regularly receive email from info@werner-zirn.de, the easiest thing to do is to make an Exception for AntiSpam for that address.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA