Re: Need help understanding why certain incoming emails are rejected

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

I saw that when I searched. In your opinion, is this a better method than putting the desired mail server IPs in ESM > Global Settings > Properties > Connection Filtering > Accept?

"Les Connor [SBS MVP]" <les.connor@xxxxxxxxxxxx> wrote in message news:Omku3iEnJHA.3644@xxxxxxxxxxxxxxxxxxxxxxx
You're looking for custom xml for IMF

http://www.google.ca/search?hl=en&q=imf+custom+xml&meta=



--
-----------------------------------------------
Les Connor [SBS MVP]

"Mike in Nebraska" <Mike_in_Nebraska@xxxxxxxxxxxxxxxx> wrote in message news:u#7DVYEnJHA.1216@xxxxxxxxxxxxxxxxxxxxxxx
You'd think I'd get the idea by now with the scar tissue on my head from banging on the wall.

Did as suggested and see that IMF is indeed rejecting those messages. (Sooooo much easier your way.) I'll go do some searches for "SBS whitelist" or something like it, to find how to properly ease that domain through Exchange.

Mike

Thanks!
"Les Connor [SBS MVP]" <les.connor@xxxxxxxxxxxx> wrote in message news:%23gyO5QEnJHA.504@xxxxxxxxxxxxxxxxxxxxxxx
We know you Mike, you're looking for the complicated answer ;-).

Honestly, hardly a day goes by when I don't go into message tracking on a server, somewhere. Whenever there's a "I didn't get it" or "they didn't get it" or a "email vanished", message tracking will generally further your knowledge of what happened, if not provide the entire answer.

--
-----------------------------------------------
Les Connor [SBS MVP]

"Mike in Nebraska" <Mike_in_Nebraska@xxxxxxxxxxxxxxxx> wrote in message news:u3UfxMEnJHA.1216@xxxxxxxxxxxxxxxxxxxxxxx
Will do. And thanks for the "rap on the desk"; I should know by now the basics.

"Les Connor [SBS MVP]" <les.connor@xxxxxxxxxxxx> wrote in message news:%23p7bClDnJHA.3380@xxxxxxxxxxxxxxxxxxxxxxx
Start > All Programs > Microsoft Exchange > System Manager
Expand Tools
Click on Message Tracking Centre

Enter your servername in the Server box, and appropriate "logged between" settings for the time period you expect the transmission to have been in.

When you find a message of interest, double click on it. If IMF rejected it, that will be logged "SMTP: Message rejected by Intelligent Message Filtering."

Message Tracking is a basic, fundamental, first place to look when email delivery is in question.

--
-----------------------------------------------
Les Connor [SBS MVP]

"Mike in Nebraska" <Mike_in_Nebraska@xxxxxxxxxxxxxxxx> wrote in message news:OoR5XYDnJHA.4540@xxxxxxxxxxxxxxxxxxxxxxx
I found the following in C:\Program Files\Exchsrvr\<servername>.log directory. Its the log for yesterday and I snipped out where our contact was sending both myslef and our Office Manager some tests:

2009-3-2 15:36:40 GMT - - - WCT - <sender>@esri.com 1027 040EB01186A55F4D87EC4F9086C3D8D20FEC84@xxxxxxxxxxxxxxxxx 0 0 3237 1 2009-3-2 15:36:40 GMT 0 - c=US;a= ;p=WHOOPER;l=WCT-090302153640Z-42 TEST EX:/O=WHOOPER/OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=<office manager> -

2009-3-2 15:36:40 GMT - - - WCT - <sender>@esri.com 1019 040EB01186A55F4D87EC4F9086C3D8D20FEC84@xxxxxxxxxxxxxxxxx 0 0 3237 1 2009-3-2 15:36:40 GMT 0 - - TEST - -

2009-3-2 15:36:40 GMT - - - WCT - <sender>@esri.com 1025 040EB01186A55F4D87EC4F9086C3D8D20FEC84@xxxxxxxxxxxxxxxxx 0 0 3237 1 2009-3-2 15:36:40 GMT 0 - - TEST - -

2009-3-2 15:36:40 GMT - - - WCT - <sender>@esri.com 1024 040EB01186A55F4D87EC4F9086C3D8D20FEC84@xxxxxxxxxxxxxxxxx 0 0 3237 1 2009-3-2

And this is from a bit later:
-

2009-3-2 15:37:48 GMT 98.136.44.61 smtp106.prem.mail.sp1.yahoo.com - WCT 192.168.1.10 <office manager>@whoopingcrane.org 1019 49ABFD07.3070309@xxxxxxxx 0 0 2146 1 2009-3-2 15:37:47 GMT 0 Version: 6.0.3790.3959 - Re: TEST <vendor?@esri.com -

2009-3-2 15:37:48 GMT 98.136.44.61 smtp106.prem.mail.sp1.yahoo.com - WCT 192.168.1.10 <office Manager)@whoopingcrane.org 1025 49ABFD07.3070309@xxxxxxxx 0 0 2146 1 2009-3-2 15:37:47 GMT 0 Version: 6.0.3790.3959 - Re: TEST <vendor>@esri.com

2009-3-2 15:37:47 GMT 0 Version: 6.0.3790.3959 - Re: TEST <vendor>@esri.com -

2009-3-2 15:37:48 GMT 98.136.44.61 smtp106.prem.mail.sp1.yahoo.com - WCT 192.168.1.10 <office manager>@whoopingcrane.org 1024 49ABFD07.3070309@xxxxxxxx 0 0 2146 1 2009-3-2 15:37:47 GMT 0 Version: 6.0.3790.3959 - Re: TEST <vendor>@esri.com -

2009-3-2 15:37:48 GMT 98.136.44.61 smtp106.prem.mail.sp1.yahoo.com - WCT 192.168.1.10 <office manager> @whoopingcrane.org 1033 49ABFD07.3070309@xxxxxxxx 0 0 2146 1 2009-3-2 15:37:47 GMT 0 Version: 6.0.3790.3959 - Re: TEST <vendor>@esri.com -

2009-3-2 15:37:48 GMT 98.136.44.61 smtp106.prem.mail.sp1.yahoo.com - WCT 192.168.1.10 Journal@xxxxxxxxxxxxxxxxx 1033 49ABFD07.3070309@xxxxxxxx 0 0 2146 1 2009-3-2 15:37:47 GMT 0 Version: 6.0.3790.3959 - Re: TEST sbeckwitt@xxxxxxxx -

2009-3-2 15:37:48 GMT 98.136.44.61 smtp106.prem.mail.sp1.yahoo.com - WCT 192.168.1.10 rpalazzola@xxxxxxxxxxxxxxxxx 1036 49ABFD07.3070309@xxxxxxxx 0 0 2146 1 2009-3-2 15:37:47 GMT 0 Version: 6.0.3790.3959 - Re: TEST <vendor>@esri.com -

2009-3-2 15:37:48 GMT 98.136.44.61 smtp106.prem.mail.sp1.yahoo.com - WCT 192.168.1.10 Journal@xxxxxxxxxxxxxxxxx 1036 49ABFD07.3070309@xxxxxxxx 0 0 2146 1 2009-3-2 15:37:47 GMT 0 Version: 6.0.3790.3959 - Re: TEST <vendor>@esri.com -

2009-3-2 15:37:48 GMT 98.136.44.61 smtp106.prem.mail.sp1.yahoo.com - WCT 192.168.1.10 <office manager>@whoopingcrane.org 1023 49ABFD07.3070309@xxxxxxxx 0 0 2146 1 2009-3-2 15:37:47 GMT 0 Version: 6.0.3790.3959 - Re: TEST <vendor>@esri.com -

2009-3-2 15:37:48 GMT - - - WCT - <officemanager>@whoopingcrane.org 1028 49ABFD07.3070309@xxxxxxxx 0 0 2146 1 2009-3-2 15:37:47 GMT 0 - - Re: TEST <vendor>@esri.com -


And these are some rejection email's (I think) that the vendor was trying to send me:

2009-3-2 15:56:43 GMT 0 - c=US;a= ;p=WHOOPER;l=WCT-090302155643Z-47 FW: failure notice EX:/O=WHOOPER/OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=MIKEWEBB -

2009-3-2 15:56:43 GMT - - - WCT - <vendor>@esri.com 1019 040EB01186A55F4D87EC4F9086C3D8D20FEC89@xxxxxxxxxxxxxxxxx 0 0 24728 1 2009-3-2 15:56:43 GMT 0 - - FW: failure notice - -

2009-3-2 15:56:43 GMT - - - WCT - <vendor>@esri.com 1025 040EB01186A55F4D87EC4F9086C3D8D20FEC89@xxxxxxxxxxxxxxxxx 0 0 24728 1 2009-3-2 15:56:43 GMT 0 - - FW: failure notice - -

2009-3-2 15:56:43 GMT - - - WCT - <vendor>@esri.com 1024 040EB01186A55F4D87EC4F9086C3D8D20FEC89@xxxxxxxxxxxxxxxxx 0 0 24728 1 2009-3-2 15:56:43 GMT 0 - - FW: failure notice - -

2009-3-2 15:56:43 GMT - - - WCT - Journal@xxxxxxxxxxxxxxxxx 1033 040EB01186A55F4D87EC4F9086C3D8D20FEC89@xxxxxxxxxxxxxxxxx 0 0 24728 1 2009-3-2 15:56:43 GMT 0 - - FW: failure notice <> -

2009-3-2 15:56:43 GMT - - - WCT - <vendor>@esri.com 1033 040EB01186A55F4D87EC4F9086C3D8D20FEC89@xxxxxxxxxxxxxxxxx 0 0 24728 1 2009-3-2 15:56:43 GMT 0 - - FW: failure notice <me>@whoopingcrane.org -

2009-3-2 15:56:43 GMT - - - WCT - Journal@xxxxxxxxxxxxxxxxx 1036 040EB01186A55F4D87EC4F9086C3D8D20FEC89@xxxxxxxxxxxxxxxxx 0 0 24728 1 2009-3-2 15:56:43 GMT 0 - - FW: failure notice <> -

2009-3-2 15:56:43 GMT - - - WCT - <vendor>@esri.com 1034 040EB01186A55F4D87EC4F9086C3D8D20FEC89@xxxxxxxxxxxxxxxxx 0 0 24728 1 2009-3-2 15:56:43 GMT 0 - - FW: failure notice <me>@whoopingcrane.org -

2009-3-2 15:56:43 GMT - - - WCT - Journal@xxxxxxxxxxxxxxxxx 1023 040EB01186A55F4D87EC4F9086C3D8D20FEC89@xxxxxxxxxxxxxxxxx 0 0 24728 1 2009-3-2 15:56:43 GMT 0 - - FW: failure notice <> -

2009-3-2 15:56:43 GMT - - - WCT - Journal@xxxxxxxxxxxxxxxxx 1028 040EB01186A55F4D87EC4F9086C3D8D20FEC89@xxxxxxxxxxxxxxxxx 0 0 24728 1 2009-3-2 15:56:43 GMT 0 - - FW: failure notice <> -

2009-3-2 15:56:43 GMT - - - WCT - <vendor>@esri.com 1020 040EB01186A55F4D87EC4F9086C3D8D20FEC89@xxxxxxxxxxxxxxxxx 0 0 24728 1 2009-3-2 15:56:43 GMT 0 - - FW: failure notice <me>@whoopingcrane.org -

2009-3-2 15:56:44 GMT - - pleakley2.kdsi.net WCT - <vendor>@esri.com 1031 040EB01186A55F4D87EC4F9086C3D8D20FEC89@xxxxxxxxxxxxxxxxx 0 0 24728 1 2009-3-2 15:56:43 GMT 0 - - FW: failure notice <me>@whoopingcrane.org -

2009-3-2 15:56:59 GMT - - - WCT - ecpgrant@xxxxxxxx 1027 040EB01186A55F4D87EC4F9086C3D8D20FEC8A@xxxxxxxxxxxxxxxxx 0 0 2212 1 2009-3-2 15:56:59 GMT 0 - c=US;a= ;p=WHOOPER;l=WCT-090302155659Z-48 - EX:/O=WHOOPER/OU=FIRST ADMINISTRATIVE GROUP/CN=RECIPIENTS/CN=MIKEWEBB - [This is the grant application in ASCII I asked for, but didn't get.]

2009-3-2 15:56:59 GMT - - - WCT - ecpgrant@xxxxxxxx 1019 040EB01186A55F4D87EC4F9086C3D8D20FEC8A@xxxxxxxxxxxxxxxxx 0 0 2212 1 2009-3-2 15:56:59 GMT 0 - - - - -

2009-3-2 15:56:59 GMT - - - WCT - ecpgrant@xxxxxxxx 1025 040EB01186A55F4D87EC4F9086C3D8D20FEC8A@xxxxxxxxxxxxxxxxx 0 0 2212 1 2009-3-2 15:56:59 GMT 0 - - - - -

2009-3-2 15:56:59 GMT - - - WCT - ecpgrant@xxxxxxxx 1024 040EB01186A55F4D87EC4F9086C3D8D20FEC8A@xxxxxxxxxxxxxxxxx 0 0 2212 1
2009-3-2 15:56:59 GMT 0 - - - - -

2009-3-2 15:56:59 GMT - - - WCT - Journal@xxxxxxxxxxxxxxxxx 1033 040EB01186A55F4D87EC4F9086C3D8D20FEC8A@xxxxxxxxxxxxxxxxx 0 0 2212 1 2009-3-2 15:56:59 GMT 0 - - - <> -

2009-3-2 15:56:59 GMT - - - WCT - Journal@xxxxxxxxxxxxxxxxx 1036 040EB01186A55F4D87EC4F9086C3D8D20FEC8A@xxxxxxxxxxxxxxxxx 0 0 2212 1 2009-3-2 15:56:59 GMT 0 - - - <> -

2009-3-2 15:56:59 GMT - - - WCT - ecpgrant@xxxxxxxx 1033 040EB01186A55F4D87EC4F9086C3D8D20FEC8A@xxxxxxxxxxxxxxxxx 0 0 2212 1 2009-3-2 15:56:59 GMT 0 - - - <me>@whoopingcrane.org -

2009-3-2 15:56:59 GMT - - - WCT - ecpgrant@xxxxxxxx 1034 040EB01186A55F4D87EC4F9086C3D8D20FEC8A@xxxxxxxxxxxxxxxxx 0 0 2212 1 2009-3-2 15:56:59 GMT 0 - - - <me>@whoopingcrane.org -

2009-3-2 15:56:59 GMT - - - WCT - Journal@xxxxxxxxxxxxxxxxx 1023 040EB01186A55F4D87EC4F9086C3D8D20FEC8A@xxxxxxxxxxxxxxxxx 0 0 2212 1 2009-3-2 15:56:59 GMT 0 - - - <> -

2009-3-2 15:57:0 GMT - - - WCT - Journal@xxxxxxxxxxxxxxxxx 1028 040EB01186A55F4D87EC4F9086C3D8D20FEC8A@xxxxxxxxxxxxxxxxx 0 0 2212 1 2009-3-2 15:56:59 GMT 0 - - - <> -

2009-3-2 15:57:0 GMT - - - WCT - ecpgrant@xxxxxxxx 1020 040EB01186A55F4D87EC4F9086C3D8D20FEC8A@xxxxxxxxxxxxxxxxx 0 0 2212 1 2009-3-2 15:56:59 GMT 0 - - - <me>@whoopingcrane.org -

2009-3-2 15:57:0 GMT - - pleakley2.kdsi.net WCT - ecpgrant@xxxxxxxx 1031 040EB01186A55F4D87EC4F9086C3D8D20FEC8A@xxxxxxxxxxxxxxxxx 0 0 2212 1 2009-3-2 15:56:59 GMT 0 - - - <me>@whoopingcrane.org -

I don't know if this will help or not.

Mike

"Les Connor [SBS MVP]" <les.connor@xxxxxxxxxxxx> wrote in message news:eFXtJ$CnJHA.4904@xxxxxxxxxxxxxxxxxxxxxxx
Message tracking in Exchange should indicate the refusal, if it's IMF. Also, if using spamhaus or similar block list, that could cause a reject. You can set that type of reject to a custom message, if need be, so the reason is more obvious.

--
-----------------------------------------------
Les Connor [SBS MVP]

"Mike in Nebraska" <Mike_in_Nebraska@xxxxxxxxxxxxxxxx> wrote in message news:#sQ471CnJHA.5420@xxxxxxxxxxxxxxxxxxxxxxx
SBS 2003 Premium, current with patches and updates. Exchange 2003 w/IMF, SQL 2000, ISA 2004, WSUS 3.0, Symantec Corp. AV ver. 8.2, Windows Defender.
=====================
I found out yesterday that emails from a vendor we very infrequently use has all their email being rejected (550-'5.7.1 Requested action not taken: message refused'). My guess is the IMF settings, but I don't know how to be sure. Nothing in the ISA or Event Viewer logs, just a phone call from the vendor saying it was rejected with the above code. My contact there often uses Yahoo to relay his business email in and out, so I suspect that might be one reason. However, it doesn't explain my main problem in communicating with them.
Each year I am to send them (ESRI, Inc. - makers of GIS software) a blank email to request a grant to waive the software maintenance fees. This email to them triggers an auto-email response back with the full ASCII application we are to use. Well ... I'm not getting them.

Would a look-see in the Exchange log provide the answer? (My IMF settings are at SCL-7 -- Reject -- Junk-5.)

I have also heard that Yahoo incoming email is rejected with the same error code.


TIA,
--
Mike Webb
Platte River Whooping Crane Maintenance Trust, Inc.
a conservation non-profit (501 (c)(3)) organization
Wood River, NE





.

Relevant Pages