Announcement

Collapse
No announcement yet.

Mimecast rejection

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Mimecast rejection

    Hi

    On Axigen version "Axigen server version: 10.2.2.41 (Linux/x64)" and getting the following error emailing my work account which is behind Mimecast" -

    2019-02-06 11:41:00 +0000 08 ip-172-31-2-13 SMTP-OUT:0000000B: Use 91.220.42.196 to relay mail 24DF28 for domain computacenter.com
    2019-02-06 11:41:00 +0000 08 ip-172-31-2-13 SMTP-OUT:0000000C: Relay mail 24DF28: connecting to 91.220.42.196:25
    2019-02-06 11:42:03 +0000 08 ip-172-31-2-13 SMTP-OUT:0000000C: Relay mail 24DF28: connected to 91.220.42.196:25
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: << 220 eu-smtp-1.mimecast.com ESMTP; Wed, 06 Feb 2019 11:42:03 +0000
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: >> EHLO thebassoms.co.uk
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: << 250-eu-smtp-1.mimecast.com Hello [35.177.142.188]
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: << 250-AUTH LOGIN
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: << 250-AUTH=LOGIN
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: << 250-STARTTLS
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: << 250 HELP
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: >> STARTTLS
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: << 220 Starting TLS [q6m5ahUqMdC2zaBC18Yi8A.uk117]
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: >> SSL: client hello, remote 91.220.42.196:25, version TLS 1.2 (0303)
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: >> SSL: client hello, remote 91.220.42.196:25, 85 cipher suites: c030c02cc028c024c014c00a00a500a300a1009f006b006a00 69006800390038003700360088008700860085c032c02ec02a c026c00fc005009d003d00350084c02fc02bc027c023c013c0 0900a400a200a0009e00670040003f003e0033003200310030 009a0099009800970045004400430042c031c02dc029c025c0 0ec004009c003c002f00960041c011c007c00cc00200050004 c012c008001600130010000dc00dc003000a00ff
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: << SSL: server hello, remote 91.220.42.196:25, version TLS 1.2 (0303)
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: << SSL: server hello, remote 91.220.42.196:25, session id 5c5ac80ba7c1e9b77d27292bbfec175195f013d4e4d0b4e6de 3214ee76c83b54
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: << SSL: server hello, remote 91.220.42.196:25, cipher suite c030
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: << SSL: server write cert, remote 91.220.42.196:25, version TLS 1.2 (0303)
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: << SSL: server write cert, remote 91.220.42.196:25, certificate 1: serial 0203768097F604C6FC0649D8E72AB6A9
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: << SSL: server write cert, remote 91.220.42.196:25, certificate 2: serial 0C8EE0C90D6A89158804061EE241F9AF
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: << SSL: server write cert, remote 91.220.42.196:25, certificate 3: serial 033AF1E6A711A9A0BB2864B11D09FAE5
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: >> EHLO thebassoms.co.uk
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: << 250-eu-smtp-1.mimecast.com Hello [35.177.142.188]
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: << 250-AUTH LOGIN
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: << 250-AUTH=LOGIN
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: << 250 HELP
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: >> AUTH LOGIN ZGVuaXNAdGhlYmFzc29tcy5jby51aw==
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: << 334 UGFzc3dvcmQ6
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: >> Q3JAY2szdHQ5
    2019-02-06 11:42:03 +0000 16 ip-172-31-2-13 SMTP-OUT:0000000C: << 535 Incorrect authentication data - https://community.mimecast.com/docs/DOC-1369#535 [q6m5ahUqMdC2zaBC18Yi8A.uk117]
    2019-02-06 11:42:03 +0000 04 ip-172-31-2-13 SMTP-OUT:0000000C: AUTH LOGIN rejected for domain <computacenter.com> with code 535 (Incorrect authentication data - https://community.mimecast.com/docs/DOC-1369#535 [q6m5ahUqMdC2zaBC18Yi8A.uk117])

    This is my filters file -

    event onConnect {
    set (allowedCountries_0, " ");
    set (bannedCountries_0, "");
    set (isGeoIPBanned_0, "%isGeoIPBanned%");
    set (GeoIPResult_0, "%GeoIPResult%");
    call (WA_Acceptance_basic_banner);
    }

    event onEhlo {
    call (WA_Routing_basic_delivery);
    call (WA_Greylisting);
    call (WA_Acceptance_basic);
    call (wizard_generated_relay);
    }

    event onMailFrom {
    set (DNSBLServer_0, "zen.spamhaus.org");
    if (
    allOf (
    not (
    ipRange (remoteSmtpIP, "40.107.10.1-40.107.11.250")
    )
    )
    ) {
    if (
    is (authUser, "") ) {
    set (DNSBLServer, "%DNSBLServer_0%");
    call (checkDNSBL);
    set (DNSBLResult_0, "%DNSBLResult%");
    }
    }
    call (checkSPF);
    call (WA_AntiSpam_SPF_Fail);
    call (WA_AntiSpam_SPF_Err);
    call (WA_AntiSpam_SPF_None);
    call (WA_AntiSpam_DNSBL_spamhaus);
    call (Exceptions_Greylisting);
    call (Exceptions_SPF);
    }

    event onRcptTo {
    }

    event onHeadersReceived {
    }

    event onBodyChunk {
    }

    event onDataReceived {
    call (Check_DomainKeys_and_DKIM);
    }

    event onRelay {
    call (WA_Routing_basic);
    call (EHLO);
    call (WA_Routing_basic_delivery_domain_0);
    call (WA_Routing_basic_delivery_domain_1);
    }

    event onDeliveryFailure {
    }

    event onTemporaryDeliveryFailure {
    }

    event onProcessing {
    }

    event onDeliverySuccess {
    }

    method WA_Acceptance_basic_banner {
    set (smtpGreeting, "eu-west-2.compute.amazonaws.com");
    }

    method WA_GeoIP {
    if (
    anyOf (
    isCase (isGeoIPBanned_0, "no")
    )
    ) {
    }
    }

    method WA_AntiSpam_WHITELIST_DNSBL {
    if (
    allOf (
    not (
    ipRange (remoteSmtpIP, "40.107.10.1-40.107.11.250")
    )
    )
    ) {
    }
    }

    method WA_Routing_basic_delivery {
    set (remoteDelivery, "auth");
    }

    method WA_Greylisting {
    set (activateGreylisting, "yes");
    }

    method WA_Acceptance_basic {
    set (maxDataSize, "10240");
    set (maxReceivedHeaders, "30");
    set (maxRcptCount, "1000");
    set (waitProcessingTimeout, "10");
    set (allowStartTLS, "yes");
    set (allow8bitMime, "yes");
    set (allowBinaryData, "yes");
    set (allowPipelining, "yes");
    set (allowDSN, "no");
    set (localDelivery, "all");
    }

    method WA_AntiSpam_SPF_OnEhlo_Fail {
    if (
    anyOf (
    isCase (SPFResult, "fail")
    )
    ) {
    set (smtpAction, "reject");
    set (smtpExplanation, "SPF check failed for <%ehloHost%> with result <%SPFResult%>: <%SPFExplanation%>");
    }
    }

    method WA_AntiSpam_SPF_OnEhlo_Err {
    if (
    anyOf (
    isCase (SPFResult, "temperror"),
    isCase (SPFResult, "permerror")
    )
    ) {
    }
    }

    method WA_AntiSpam_SPF_OnEhlo_None {
    if (
    anyOf (
    isCase (SPFResult, "none")
    )
    ) {
    }
    }

    method wizard_generated_relay {
    if (
    anyOf (
    ipRange (remoteSmtpIp, "172.31.2.13/255.255.240.0")
    )
    ) {
    set (remoteDelivery, "all");
    }
    }

    method WA_AntiSpam_SPF_Fail {
    if (
    anyOf (
    isCase (SPFResult, "fail")
    )
    ) {
    set (smtpAction, "reject");
    set (smtpExplanation, "SPF check failed for <%ehloHost%> with result <%SPFResult%>: <%SPFExplanation%>");
    }
    }

    method WA_AntiSpam_SPF_Err {
    if (
    anyOf (
    isCase (SPFResult, "temperror"),
    isCase (SPFResult, "permerror")
    )
    ) {
    }
    }

    method WA_AntiSpam_SPF_None {
    if (
    anyOf (
    isCase (SPFResult, "none")
    )
    ) {
    }
    }

    method WA_DNS_Checks_RDNS {
    if (
    anyOf (
    isCase (ReverseDNSResult, "neutral"),
    isCase (ReverseDNSResult, "fail")
    )
    ) {
    set (smtpAction, "reject");
    set (smtpExplanation, "Reverse DNS check failed for <%ehloHost%> connected from <%remoteSmtpIp%>");
    }
    }

    method WA_DNS_Checks_MX {
    if (
    anyOf (
    isCase (SenderMXCheckResult, "fail")
    )
    ) {
    set (smtpAction, "reject");
    set (smtpExplanation, "Sender domain <%mailFromDomain%> has no DNS MX entry");
    }
    }

    method WA_AntiSpam_DNSBL_spamhaus {
    if (
    anyOf (
    match (DNSBLResult_0, "^..*$")
    )
    ) {
    set (smtpAction, "reject");
    set (smtpExplanation, "DNSBL record found");
    }
    }

    method Exceptions_Greylisting {
    if (
    anyOf (
    ipRange (remoteSmtpIP, "127.0.0.1-127.0.0.1"),
    isCase (mailFromDomain, "gmail.com"),
    isCase (mailFromDomain, "yahoo.com")
    )
    ) {
    set (activateGreylisting, "no");
    }
    }

    method Exceptions_SPF {
    if (
    anyOf (
    isCase (mailFromDomain, "cannontravel.co.uk"),
    isCase (mailFromDomain, "domain2.tld")
    )
    ) {
    set (smtpAction, "accept");
    set (smtpExplanation, "Accepted due to requested SPF exception");
    }
    }

    method Check_DomainKeys_and_DKIM {
    call (checkDomainKeys);
    call (checkDKIM);
    }

    method WA_Routing_basic {
    set (sslEnabled, "no");
    set (authUser, "xxxx@xxx.xxx");
    set (authPasswd, "xxxxx");
    set (plainConnAuthTypes, "login cram-md5 ");
    set (secureConnAuthTypes, "login cram-md5 ");
    set (localInterface, "0.0.0.0");
    set (smtpConnectTimeout, "300");
    set (allowStartTLS, "yes");
    set (allowedSSLVersions, "ssl2 ssl3 tls1 tls11 tls12 ");
    }

    method EHLO {
    set (ehloHost, "thebassoms.co.uk");
    }

    method WA_Routing_basic_delivery_domain_0 {
    if (
    anyOf (
    isCase (currentRcptDomain, "computacenter.com")
    )
    ) {
    set (remoteSmtpIp, "dnr");
    set (remoteSmtpPort, "25");
    set (sslEnabled, "no");
    }
    }

    method WA_Routing_basic_delivery_domain_1 {
    if (
    anyOf (
    isCase (currentRcptDomain, "mimecast.com")
    )
    ) {
    set (remoteSmtpIp, "dnr");
    set (remoteSmtpPort, "25");
    set (sslEnabled, "no");
    }
    }



    Any ideas, slowly going nuts!

    Thanks
    Last edited by indreias; February 7th, 2019, 07:23 AM.

    #2
    Hello,

    For some reasons it seems that you have enabled delivery with authentication.

    Please double-check you have the following setup - delivery through MX but without authentication

    This could be done by login in WebAdmin > Security & Filtering > Acceptance & Routing > Routing basic settings> Outgoing delivery >
    • Tick on Deliver using DNS MX entry
    • Disable Enable authentication
    Note: We'll open a bug report as the authentication details should be "available" to complete only when delivering through a smart host.

    HTH,
    Ioan

    Comment

    Working...
    X

    This is the legacy Axigen forum, which is no longer active.

    To create new topics & posts, please visit the new Axigen community.

    Axigen Community