Thanks In Advance...

Need help to identify a Critical Issue in Live Environment. 

We have Setup a Email server for out organization domain.com which is working properlly and the mail flow is also works fine with other domain. Since last week we observe that one of our client company based in UK complain that they are unable to send mails to our domain. 

We start investigating and found that some mails are coming properly and some are don't even hit out Trend Micro Mail Gateway server. After 6 Hrs client get the NDR over return receipt. 

Our Enviorment :-

Domain :- Domain.com

MX:- 11.12.124.15 & 200.225.112.23 (mail.domain.com) Preference 10

11.12.1247.16 & 200.225.112.24 (Gateway.domain.com) Preference 20

11.12.124.17 & 200.225.112.25 (relay.apeejaygroup.com) Preference 30

Mail Gateway Appliance :- Trend Micro InterScan Messaging Security Gateway 9.0

Client Environment:-

Domain :- clientdomain.com

MX :- brightmail by Symantec Messagelabs Cloud. 

=========================================

When Client sent a mail it don't even hit any of our mail gateway server. But the user gets the Non Delivery Message. In from Brightmail NDR following error message is showing.

Delivery attempt failure - transient Attempted delivery 71/31-01753-DD55DE55 to 11.12.124.15 on Mon Sep 7 09:36:23 2015 Error Message: "451 4.4.2 [internal] send HELO/EHLO failed" Providing this log to the recipient, hopefully they would be able to explain this answer when we try to connect to their Server 11.12.124.15

=======================

Need help to identify that where is the issue and how to fix this so that we can start communication between our client over mail smoothly. 

Symantec reports that this could be an issue with an email loop: https://support.symantec.com/en_US/article.TECH131314.html. 

Have you checked to see whether your Trend mail gateway is reporting any performance issues? Check the SMTP logs on the Trend mail gateway to find out more information on failed connections.

Thanks.

Hi Mark,

Can you please describe what is email loop. And how to fix this. 

Thanks in advance. 

An example of an email loop is where the sender sends an email to a recipient who has an autoreply back to the sender who also has an autoreply back to the recipient. The email flows in a loop like this. Check that this is not happening for your recipients.

Please also check for Trend mail gateway performance issues and the SMTP logs on the Trend mail gateway.

Thanks.

Hi Mark,

Thanks for give me a clear view about email loop. But in our current scenario there is no loop available. Sender and the recipient both confirmed. 

As per you we also check the SMTP gateway server performance its under 50 %  which is absolutely normal. And after go through the SMTP log we found that only those mails which are successfully received from recipient domain are listed on the log with timestamp but do not find any logs for those NDR mails. Still 3/5 mails are failed to delivered in our domain whereas rest all the domains are send and receive email from our side. Only this issue is happening with this particular recipient domain. 

Any other suggestion please let me know. 

Perhaps it's worth contacting the recipient IT team and discussing with them. They may be having network problems or problems with their mail gateways.

Thanks.

Hi Koustov,

I have seen this happening someties when the other side is sending you lots of emails per sec, mainly when some automate email or notification\monitoring system is setup via internet.

The  SMTP gateway server thinks (TrendMIcro in your case) its under attack (Denial of Service (DoS) spam attacks) and hence starts blocking the traffic and connection from Brightmail(your client other side).

Check on the mail count and then if found to be guilty ask the client to stop sending it like this. If required, talk with Trendicro and ask them to not consider it as attack and add the IP to trusted list.

Hi,

You can also check the message tracking logs on the Trend mail gateway - this may give more information. This error has also been associated with email being marked as spam. Generally, if you meet the below requirements, your email shouldn't be rejected. Please check each one and correct any problems.

1) You have a valid SPF record for your IP. See more here: http://markgossa.blogspot.com/2015/08/understanding-spf-records-part-1.html. 

2) You have configured reverse DNS correctly. This means that the PTR record for the IP you are sending from matches the SMTP banner.

3) You have checked to see if the IP you are sending from is on any blacklist. You can check these sites: https://www.spamhaus.org/lookup/, http://mxtoolbox.com/blacklists.aspx.

The outbound SMTP test on https://testconnectivity.microsoft.com/ will also be helpful here.

Thanks.

Hi All,

Thanks for revert. 

But our scenario is we don't even have any Access / SMTP log on our Mail gateway (Trend Micro) because the traffic don't even come to out gateway. 

Only the recipient received NDR with following error.

Delivery attempt failure - transient Attempted delivery 71/31-01753-DD55DE55 to 11.12.124.15 on Mon Sep 7 09:36:23 2015 Error Message: "451 4.4.2 [internal] send HELO/EHLO failed" Providing this log to the recipient, hopefully they would be able to explain this answer when we try to connect to their Server11.12.124.15

--- Mails are not delivered on my mailbox because the mails are not even reach to my email gateway. But user confirmed the NDR for delivery fail.