This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[solved] What does rejected after DATA mean? Additional RBL questions

Hi there,

a customer has been unable to receive messages from various sender addresses. The permanent bounce message was 550 Administrative prohibition. It turned out that the target ip address has been blacklisted on the Commtouch IP Reputation (cyren.org) list.


Here are some additional question:

a) What does rejected after DATA mean?
b) Does reason="as" stand for the UTM Antispam tab?
c) We noticed that the RBL IP reputation check is not only performed against sender but also against the Routing Target (Domains Target). Can someone confirm this behavior as well?


Here's the logfile exerpt:

2017:05:20-00:59:39 utm9 exim-in[13754]: 2017-05-20 00:59:39 [XXX.XXX.XXX.XX] F=<sender@mail.com> R=<receiver@mail.com> Verifying recipient address with callout
2017:05:20-00:59:40 utm9 exim-in[13754]: 2017-05-20 00:59:40 1dBqrz-0003Zq-2O DKIM: d=domain.com s=mail c=simple/simple a=rsa-sha256 [verification succeeded]
2017:05:20-00:59:40 utm9 exim-in[13754]: 2017-05-20 00:59:40 1dBqrz-0003Zq-2O ctasd reports 'Confirmed' RefID:str=0001.0A0C0208.591F78DC.0079,ss=4,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
2017:05:20-00:59:40 utm9 exim-in[13754]: 2017-05-20 00:59:40 1dBqrz-0003Zq-2O id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="XXX.XXX.XXX.XX" from="info@domain.com" to="receiver@mail.com" subject="[Ticket #3471] WG: Mail delivery failed: returning message to sender" queueid="1dBqrz-0003Zq-2O" size="727967" reason="as" extra="confirmed"
2017:05:20-00:59:40 utm9 exim-in[13754]: [1\39] 2017-05-20 00:59:40 1dBqrz-0003Zq-2O H=mail1.domain.com [XXX.XXX.XXX.XX]:49699 F=<receiver@mail.com> rejected after DATA
2017:05:20-00:59:40 utm9 exim-in[13754]: [2\39] Envelope-from: <sender@mail.com>



This thread was automatically locked due to age.
Parents
  • I believe rhat the RFC specifies that the receiver can only blick the message at two points in the session - either

    1) after the helo, when it only knows source ip, target address and supposed sender.

    Or

    2) after the whole message is accepted.  ( after data = whole message)

    The rbl check was apparently not announced until after the whole message was received.

    It is the sender's job to get himself off the blacklist, if the message is legitimate.

Reply
  • I believe rhat the RFC specifies that the receiver can only blick the message at two points in the session - either

    1) after the helo, when it only knows source ip, target address and supposed sender.

    Or

    2) after the whole message is accepted.  ( after data = whole message)

    The rbl check was apparently not announced until after the whole message was received.

    It is the sender's job to get himself off the blacklist, if the message is legitimate.

Children
No Data