My main question: how can I see what triggered my CAS server to reject this message with error 500?
Our user can receive email from other external senders ok. It seems to be just this one sender having trouble.
Our transport rules are not complex, and I see no rules that would block this sender or domain.
We use Exchange Online Protection. The message gets through EOP and hits our CAS server. The CAS server rejects the message - it never gets to the Client.
The CAS server gives the error 500 - but that's all I can find. I need a command or somewhere to look to see what triggered the 500 error.
I've posted the NDR received by the sender and scrubbed our identifying information.
Rcn.com looks like the sender's online forwarding host - the spf record for senderdomain.net points back to rcn.com. I've run an spf record check and it passes, so I do not believe that is the issue.
Here is the NDR:
From: postmaster@ourdomain.onmicrosoft.com
To: sender@senderdomain.net
Sent: Monday, March 30, 2015 1:41 PM
Subject: Undeliverable: Hello from FirstName
CAS1.our_internal_domain.local rejected your message to the following email addresses:
FirstName LastName (Username@ourdomain.com)
A problem occurred while delivering your message to this email address. Try sending your message again. If the problem continues, please contact your email admin.
CAS1.our_internal_domain.local gave this error:
Message rejected
Diagnostic information for administrators:
Generating server: BY1PR0501MB1112.namprd05.prod.outlook.com
Username@ourdomain.com
CAS1.our_internal_domain.local
Remote Server returned '500 Message rejected'
Original message headers:
Received: from BLUPR05CA0049.namprd05.prod.outlook.com (10.141.20.19) by
BY1PR0501MB1112.namprd05.prod.outlook.com (25.160.103.146) with Microsoft
SMTP Server (TLS) id 15.1.118.21; Mon, 30 Mar 2015 17:40:54 +0000
Received: from BL2FFO11FD027.protection.gbl (2a01:111:f400:7c09::115) by
BLUPR05CA0049.outlook.office365.com (2a01:111:e400:855::19) with Microsoft
SMTP Server (TLS) id 15.1.125.19 via Frontend Transport; Mon, 30 Mar 2015
17:40:54 +0000
Received: from smtp.rcn.com (69.168.97.78) by
BL2FFO11FD027.mail.protection.outlook.com (10.173.161.106) with Microsoft
SMTP Server (TLS) id 15.1.130.10 via Frontend Transport; Mon, 30 Mar 2015
17:40:54 +0000
Return-Path: sender@senderdomain.net
X_CMAE_Category: , ,
X-CNFS-Analysis: v=2.0 cv=PMSNCIWC c=1 sm=1 a=gRQJo8bc1j9+0GSSRogFxg==:17 a=NTyKUL13AAAA:8 a=ML7w5Z3_AAAA:8 a=3H5rcUylbt2uBKgiyYQA:9 a=wPNLvfGTeEIA:10 a=XQfDMMe_SRUA:10 a=SEXQnC1BqQAA:10 a=7ZjHjvgxCjAA:10 a=Wcs1mLwGzyUA:10 a=sBa8ZLUje9YA:10 a=k-GqB2yPh3IA:10
a=N4kHG9ehtKzd7-3o534A:9 a=_W_S_7VecoQA:10 a=gRQJo8bc1j9+0GSSRogFxg==:117
X-CM-Score: 0
X-Scanned-by: Cloudmark Authority Engine
X-Authed-Username: ZHAtZm1hQHJjbi5jb20=
Authentication-Results: smtp02.rcn.cmh.synacor.com
header.from=sender@senderdomain.net; sender-id=neutralourdomain.com; dkim=none
(message not signed) header.d=none;ourdomain.com; dmarc=pass action=none
header.from=senderdomain.net;
Authentication-Results: smtp02.rcn.cmh.synacor.com smtp.mail=sender@senderdomain.net; spf=neutral; sender-id=neutral
Authentication-Results: smtp02.rcn.cmh.synacor.com smtp.user=sender; auth=pass (LOGIN)
Received-SPF: neutral (smtp02.rcn.cmh.synacor.com: 69.72.92.252 is neither permitted nor denied by domain of senderdomain.net)
Received: from [69.72.92.252] ([69.72.92.252:2689] helo=FirstNameLastName)
by smtp.rcn.com (envelope-from <sender@senderdomain.net>)
(ecelerity 3.6.2.43620 r(Platform:3.6.2.0)) with ESMTPA
id 58/6E-17115-4AA89155; Mon, 30 Mar 2015 13:40:53 -0400
Message-ID: <011A7DBF0D954F62987032D45778AF29@FirstNameLastName>
From: FirstName LastName <sender@senderdomain.net>
To: FirstName LastName <Username@ourdomain.com>
Subject: Hello from FirstName
Date: Mon, 30 Mar 2015 13:40:49 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01D06AEF.223E4A60"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
X-EOPAttributedMessage: 0
Received-SPF: Pass (protection.outlook.com: domain of senderdomain.net designates
69.168.97.78 as permitted sender) receiver=protection.outlook.com;
client-ip=69.168.97.78; helo=smtp.rcn.com;
Authentication-Results: spf=pass (sender IP is 69.168.97.78)
smtp.mailfrom=sender@senderdomain.net;
X-Forefront-Antispam-Report:
CIP:69.168.97.78;CTRY:US;IPV:NLI;EFV:NLI;SFV:SKN;SFS:;DIR:INB;SFP:;SCL:-1;SRVR:BY1PR0501MB1112;H:smtp.rcn.com;FPR:;SPF:None;LANG:en;
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY1PR0501MB1112;
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test:
BCL:0;PCL:0;RULEID:(601004);SRVR:BY1PR0501MB1112;BCL:0;PCL:0;RULEID:;SRVR:BY1PR0501MB1112;
X-OriginatorOrg: ourdomain.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Mar 2015 17:40:54.1243
(UTC)
X-MS-Exchange-CrossTenant-Id: c92ecf05-92f8-42f4-a246-24bee4988793
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR0501MB111