Email Security.cloud

We have several Linux servers on ultiple domains that are not able to send email to messagelab managed domains.  It is starting to cause real issues and I am not able to work out the cause.  Just looking for some assistance.  We are not getting any rejection reason other than "connection timed out". Example of source IP's

49.255.32.194
 

Submit a sample of the email that's blocked to:

investigation@review.symantec.com 

reference link: http://www.symantec.com/docs/TECH82881

Symantec may have some throttling in place:

https://www.symantec.com/connect/forums/messagelabscom-blocking-our-mail-even-though-our-reputation-good?list_context_id=3672721&list_context_type=symantec_product

Hi Marcus

I've taken a look at the one IP you mention and I can;t see any blocks or throttling in place on this.

You mention though that this is one example.

Can you give me a list of the affected IPs as whilst this one looks fine from our side others may need to be investigated.

Regards

Ian Tiller

Tier 2 Senior Product Support Engineer

Hi Ian,

yes ths is another - different domain, but the same network

49.255.32.193

The errors are always the same: connect to cluster1.us.messagelabs.com:25 connection timed out

We only have issues going through messagelabs.  

I did send a sample email to investigation as well
 

Marcus

More information:

commands executed from server.  Can lookup but not ping, however can ping 8.8.8.8

It looks to me as if the server address is beng blocked?

user@mail01:~$ nslookup cluster1.us.messagelabs.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   cluster1.us.messagelabs.com
Address: 216.82.241.131
Name:   cluster1.us.messagelabs.com
Address: 216.82.249.211
Name:   cluster1.us.messagelabs.com
Address: 216.82.241.243
Name:   cluster1.us.messagelabs.com
Address: 216.82.242.44
Name:   cluster1.us.messagelabs.com
Address: 216.82.251.43
Name:   cluster1.us.messagelabs.com
Address: 216.82.249.179

user@mail01:~$ ping 216.82.241.131
PING 216.82.241.131 (216.82.241.131) 56(84) bytes of data.
^C
--- 216.82.241.131 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4025ms

user@mail01:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=59 time=12.7 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=59 time=12.6 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 12.662/12.706/12.750/0.044 ms

 

Hi Marcus

I checked the second IP and again I can see no issue with it. Do you have a range I could check?

Also in regards to pinging our servers this is expected behaviour, we will reject pings by default. If you were to telnet to it then this should give you a respons.

Can you advise if this was working previously? If so can you give me details of a mail within the last week or so so that I can pull logs and see if I can see any clues in there as to why this is an issue for you still.

Additionally, can you enable verbose SMTP logging and send a few test mails and then provide me with a copy of those logs. I'd need to see sender, recipient, subject, server and tower you connected to and the timestamp.

Regards

Ian Tiller

Tier 2 Senior Product Support Engineer

Hi Marcus

Can you also give me the details of the mail you sent to the investigation address?

Sender address and date/time sent?

Thanks

Ian Tiller

Tier 2 Senior Product Support Engineer

Hi Ian,

our smtp is timing out when trying to connect to your servers so there is no SMTP handshake - nothing in the logs - the emails do not appear to be given the opportunity to be rejected.  Our server is working with other SMTP gateways - this is the only issue that I am aware of. 

The test email was sent from marcus@incarta.com.au at 6:53 am server time.

Marcus

Hi Marcus

Thanks for the info. I've checked with the team that received it and we can see no issues at all with the IP or domain you mention. We have no blacklisting or throttling of any kind in place.

I think the next step is to do a traceroute to cluster1.us and see where it falls off. If you could do that 2-3 times over port 25 and then drop the results here for me I can take a look.

Regards

Ian Tiller

Tier 2 Senior Product Support Engineer

Good morning,

I’m Christian Francischiello member of IT Team of MultiMedica Goup, an Italian Company.

I’m writing you because we have some problems with email delivery to some domains managed by messaglabs.com service provider.

our servers (multimedica.it)

212.239.122.242         smtp2.multimedica.it

212.239.122.243         smtp3.multimedica.it

Could you please check if source IP of our infrastructure are banned by your systems?

Thanks in advance for your cooperation and best regards,

Christian Francischiello.

Hi Christian

I've checked the IPs you mentioned and I can't see any issues with them at all.

Can you give me some examples of error messages you've been seeing? And some example mails so I can check our logs and see if I can see where the issue lies?

Regards

Ian Tiller

Tier 2 Senior Product Support Engineer