Email Security.cloud

 View Only

  • 1.  Customers emails being blocked by Clusterlabs help!

    Posted Mar 15, 2016 06:00 AM

    Hi, 

    We are currently having our emails blocked by Symantec's clusterlabs solution, this has been occurring for 2 weeks now. See an example email block message below, this one was an email we sent to OFCOM, but there are many many more examples:

    Delivery to the following recipient failed permanently:

         email removed for obvious reasons

    Technical details of permanent failure:
    Google tried to deliver your message, but it was rejected by the server for the recipient domain ofcom.org.uk by cluster3.eu.messagelabs.com. [85.158.139.3].

    The error that the other server returned was:
    553-Message filtered. Refer to the Troubleshooting page at
    553-http://www.symanteccloud.com/troubleshooting for more
    553 information. (#5.7.1)

    -We have followed all the requirements set out in Symantec's support logs and sent example blocked email headers to their Brightmail email account (5 times now). (https://support.symantec.com/en_US/article.TECH233678.html#Instructions) (CLOUDfeedback@feedback-87.brightmail.com), heard no response. 

    -We have gone onto the IP Removal site http://ipremoval.sms.symantec.com/lookup/ and checked our MAIL IP and it is not listed. 

    -We believe our domain has been listed thekmgroup.co.uk but we can't find anywhere on the Symantec sites where you can check to see if its been blacklisted.

    -We have tried everything to get this block removed which was applied in error I imagine by Symantec, but to no avail. 

    It's very unlike us to post on forums directly but there is simply no other official channel we can use to get this resolved, is there anyone who can advise us what more we can do, we are losing business because we can't get our communications through to customers and other businesses. 

    Thanks for any help



  • 2.  RE: Customers emails being blocked by Clusterlabs help!

    Posted Mar 16, 2016 09:25 AM

    Hi Simon,

    Can you please send me a private message with a copy of a full bounce and I will take a look at what is happening.

    Regards,

    Ben Beaulieu
    Senior Technical Support Engineer



  • 3.  RE: Customers emails being blocked by Clusterlabs help!

    Posted Mar 16, 2016 11:54 PM

    Hi,

    I am currently with a massive issue of our Emails from unlockd.com being blocked. Any Help that I can receive would be greatly appreciated.

     

    Thanks

    John

     

    server-2.tower-90.messagelabs.com rejected your message to the following email addresses:

    bin.wang@betfair.com (bin.wang@betfair.com)
    Your message couldn't be delivered. When Office 365 tried to send the message, the external email server returned the error below. This is probably due to a problem or policy setting on the recipient's email system.

    Check the error for information about the problem. The error might tell you what went wrong and how to fix it. For example, if it says the message was blocked due to a potential virus, try sending the message again without attachments.

    For Email Admins
    This error was reported by an email server outside Office 365, and if the sender is unable to fix the problem by modifying their message then it's likely that it's a problem that only the recipient's email admin can fix.

    1. Check the error for information about the problem. The error might tell you what went wrong and provide clues for how to fix it. For example, if it says the message was rejected due a Sender Policy Framework (SPF) issue then you'll have to work with your domain registrar to properly configure your SPF record.

     

    1. Check the error for information about where the problem is happening. For example, look for a domain name like contoso.com. This tells you which organization was responsible for the error. The recipient's email server could be causing the problem, or it could be due to a third-party service that your organization or the recipient's organization is using to process or filter email messages.

     

    1. If you can't fix the problem, contact the responsible party's email admin. This could be the recipient's email admin, your smart host service admin, or someone similar. Provide them with the error code and error message from this non-delivery report (NDR) to help them troubleshoot the issue.

    Unfortunately, Office 365 support is unlikely to be able to help with these kinds of externally reported errors.

     

    server-2.tower-90.messagelabs.com gave this error:
    Remote server returned an error -> 553 Message filtered. Refer to the Troubleshooting page at;http://www.symanteccloud.com/troubleshooting for more;information. (#5.7.1)





     

    Diagnostic information for administrators:

    Generating server: ME1PR01MB0354.ausprd01.prod.outlook.com

    bin.wang@betfair.com
    server-2.tower-90.messagelabs.com
    Remote Server returned '550 5.0.350 Remote server returned an error -> 553 Message filtered. Refer to the Troubleshooting page at;http://www.symanteccloud.com/troubleshooting for more;information. (#5.7.1)'

    Original message headers:

    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=unlockd.com;
     s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version;
     bh=1pQrepPsFgWTkMIYFoOL0Cq1iHpFv1z+JVY22cb9lGs=;
     b=ZoD45YdRz+VSTUtRJPq/u285NK3zihrKXtHtHgGlqwOU/WljVOkM9nGkFZY1xduyU3R9qfFXCPyJND8GBYtzVzFeXP5xy9gJNQTdmZ6W2zmlk4q/3oAgbC5NIBthfMzsBBXwOZvkKLYTklp6NjycKHzDurnuiwsOEyYqfLZvruQ=
    Received: from ME1PR01MB0354.ausprd01.prod.outlook.com (10.162.66.28) by
     ME1PR01MB0354.ausprd01.prod.outlook.com (10.162.66.28) with Microsoft SMTP
     Server (TLS) id 15.1.427.16; Thu, 17 Mar 2016 02:36:55 +0000
    Received: from ME1PR01MB0354.ausprd01.prod.outlook.com ([10.162.66.28]) by
     ME1PR01MB0354.ausprd01.prod.outlook.com ([10.162.66.28]) with mapi id
     15.01.0427.021; Thu, 17 Mar 2016 02:36:55 +0000
    From: Ramesh Subbarayalu <ramesh@unlockd.com>
    To: "bin.wang@betfair.com" <bin.wang@betfair.com>
    Subject: Test Email again.
    Thread-Topic: Test Email again.
    Thread-Index: AdF/9cC920wTvuG7QhyoX+nVTyZuGg==
    Date: Thu, 17 Mar 2016 02:36:55 +0000
    Message-ID: <ME1PR01MB03542B72324E357E333346BEC18B0@ME1PR01MB0354.ausprd01.prod.outlook.com>
    Accept-Language: en-AU, en-US
    Content-Language: en-US
    X-MS-Has-Attach:
    X-MS-TNEF-Correlator:
    authentication-results: betfair.com; dkim=none (message not signed)
     header.d=none;betfair.com; dmarc=none action=none header.from=unlockd.com;
    x-originating-ip: [220.244.6.174]
    x-ms-office365-filtering-correlation-id: ff8aebaf-0c31-4e43-2795-08d34e0d01b0
    x-microsoft-exchange-diagnostics: 1;ME1PR01MB0354;5:F1gsxLLIXbNGw6dKh+G1QYCVZRa2fQiScFTZfTOrRWACgUqlL5ppscEAHzO+Z2grefsVk/KiSeb3JnD0Vk5VkyyVoSt6x2ySWmcV0Jis08GHHsMlbeI6SZMRtuPmvxYAmNZ6C/drO+eCvbTB0igCfQ==;24:q234QReqmaqPAm8E3uPgSOadprvcWS+Lz3y2nq4sNZ9J2roRicleI2ldJhHep/lLVM+e79EDRjTPAv/PablIQJKwvKbsBEvwvVVdKjpS3JE=
    x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:ME1PR01MB0354;
    x-microsoft-antispam-prvs: <ME1PR01MB03543D02553935B2FA8CF3F6C18B0@ME1PR01MB0354.ausprd01.prod.outlook.com>
    x-exchange-antispam-report-test: UriScan:;
    x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(2401047)(5005006)(8121501046)(3002001)(10201501046);SRVR:ME1PR01MB0354;BCL:0;PCL:0;RULEID:;SRVR:ME1PR01MB0354;
    x-forefront-prvs: 0884AAA693
    x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(16236675004)(92566002)(19300405004)(19580405001)(19580395003)(19618635001)(110136002)(2906002)(15395725005)(107886002)(16865895004)(1220700001)(86362001)(790700001)(3660700001)(33656002)(18206015028)(102836003)(2501003)(87936001)(5640700001)(586003)(11100500001)(3846002)(5008740100001)(74316001)(1096002)(5002640100001)(10400500002)(81166005)(6116002)(5630700001)(50986999)(122556002)(5003600100002)(2351001)(77096005)(229853001)(19627405001)(2900100001)(54356999)(15975445007)(5004730100002)(66066001)(19622755009)(189998001)(19625215002)(76576001)(19617315012)(3480700003)(3280700002)(450100001)(7099028)(16866105001)(15669805003);DIR:OUT;SFP:1102;SCL:1;SRVR:ME1PR01MB0354;H:ME1PR01MB0354.ausprd01.prod.outlook.com;FPR:;SPF:None;MLV:ovrnspm;PTR:InfoNoRecords;LANG:en;
    spamdiagnosticoutput: 1:23
    spamdiagnosticmetadata: NSPM
    Content-Type: multipart/alternative;
            boundary="_000_ME1PR01MB03542B72324E357E333346BEC18B0ME1PR01MB0354ausp_"
    MIME-Version: 1.0
    X-OriginatorOrg: unlockd.com
    X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Mar 2016 02:36:55.8297
     (UTC)
    X-MS-Exchange-CrossTenant-fromentityheader: Hosted
    X-MS-Exchange-CrossTenant-id: 6cdfee48-72ca-4bf4-b331-c1bd0b7d4402
    X-MS-Exchange-Transport-CrossTenantHeadersStamped: ME1PR01MB0354


  • 4.  RE: Customers emails being blocked by Clusterlabs help!

    Broadcom Employee
    Posted Apr 05, 2016 08:36 AM

    Hello John, 

    Looking at the bounce back, the message triggered spam verdict. You can submit a false positive using the below steps.

    To analyze a false positive sample, Symantec must receive the original false positive email:

        As an "message/rfc822" email attachment*
        One email attachment per submission**

    Send the false positive sample as an email attachment to the following address:

    CLOUDfeedback@feedback-87.brightmail.com

    Instructions on how to attach samples for common email clients can be found in the following article:
    https://support.symantec.com/en_US/article.TECH233678.html