Hi there,
a customer has been unable to receive messages from various sender addresses. The permanent bounce message was 550 Administrative prohibition. It turned out that the target ip address has been blacklisted on the Commtouch IP Reputation (cyren.org) list.
Here are some additional question:
a) What does rejected after DATA mean?
b) Does reason="as" stand for the UTM Antispam tab?
c) We noticed that the RBL IP reputation check is not only performed against sender but also against the Routing Target (Domains Target). Can someone confirm this behavior as well?
Here's the logfile exerpt:
2017:05:20-00:59:39 utm9 exim-in[13754]: 2017-05-20 00:59:39 [XXX.XXX.XXX.XX] F=<sender@mail.com> R=<receiver@mail.com> Verifying recipient address with callout
2017:05:20-00:59:40 utm9 exim-in[13754]: 2017-05-20 00:59:40 1dBqrz-0003Zq-2O DKIM: d=domain.com s=mail c=simple/simple a=rsa-sha256 [verification succeeded]
2017:05:20-00:59:40 utm9 exim-in[13754]: 2017-05-20 00:59:40 1dBqrz-0003Zq-2O ctasd reports 'Confirmed' RefID:str=0001.0A0C0208.591F78DC.0079,ss=4,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
2017:05:20-00:59:40 utm9 exim-in[13754]: 2017-05-20 00:59:40 1dBqrz-0003Zq-2O id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="XXX.XXX.XXX.XX" from="info@domain.com" to="receiver@mail.com" subject="[Ticket #3471] WG: Mail delivery failed: returning message to sender" queueid="1dBqrz-0003Zq-2O" size="727967" reason="as" extra="confirmed"
2017:05:20-00:59:40 utm9 exim-in[13754]: [1\39] 2017-05-20 00:59:40 1dBqrz-0003Zq-2O H=mail1.domain.com [XXX.XXX.XXX.XX]:49699 F=<receiver@mail.com> rejected after DATA
2017:05:20-00:59:40 utm9 exim-in[13754]: [2\39] Envelope-from: <sender@mail.com>
This thread was automatically locked due to age.