I am brand new to Ironport. This is our first school year using the product. We have recently had a problem with our students or faculty replying to emails from Notre Dame University. When a student or faculty member tries to reply we get this message back.
"Your message did not reach some or all of the intended recipients.
Subject: RE: Visit to Cathedral Prep Sent: 9/8/2009 9:57 AM
The following recipient(s) cannot be reached:
Maureen.E.Clark.firstname.lastname@example.org on 9/11/2009 9:57 AM The e-mail system was unable to deliver the message, but did not report a specific reason. Check the address and try again. If it still fails, contact your system administrator. <ironport>"
Any one have any ideas why this would happen? Any help would be greatly appreciated. Also, so far this has happened to two emails that have been replied to that were going to two different people at nd.edu.
First thing you should do is look thru your mail_logs and locate the emails. Check if the receiving domain is kicking back any 4xx or 5xx errors. Also as a general rule you should always make sure that DNS is working correctly for you and you are able to resolve the MX records for that domain. If all that checks, and they indeed are rejecting your mail. Ask them politely why :D
This is from the bounce log: "RID 0 - 4.1.0 - Unknown address error ('451', ['4.1.8 Possibly forged hostname for 126.96.36.199']) "
I see other emails addressed to people at nd.edu that also were kicked back with the same error. The email addresses are valid since the emails that were sent were replies to emails that were received.
I assume that 188.8.131.52 is the IP address of your IronPort sending the emails. It's really hard to tell exactly what they mean with that 4xx error they are kicking back RID 0 - 4.1.0 - Unknown address error ('451', ['4.1.8 Possibly forged hostname. Only they can tell you exactly what they mean by that, since those errors can be customized. My best guess would be that they are doing some multilpe DNS checks on the host name of your box, reverse, forward etc. and seeing if IP matches to host name, perhaps domain as well etc. I would engage the admin of the domain to find out exactly why they are rejecting your emails. Definitely make sure DNS is configured correctly on your side to avoid problems with external checks. Hope that helps.
If you google "dns tools" it should come up with a list of sites that offer some DNS checks. Usually a good place to start. I know dnsstuff.com is pretty good I think you have to pay now thought. dnstools.com as well ;-) maybe others can post some better ones.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...