One of the EA’s reported that an email was not going through to the CEO from a vendor/partner and the NDR was:
Generating server: myemailserver.tld
CEO@mycompany.tld
#< #5.1.0 smtp;554 5.1.0 Sender denied> #SMTP#
Original message headers:
Received: from spam.myemailserver.tld (8.8.33.145) by mail.myemailserver.tld
(192.168.100.3) with Microsoft SMTP Server id 14.3.361.1; Mon, 18 Sep 2017
22:25:26 -0500
X-Note: Xit Build: 3/21/2017 2:04:32 PM UTC (2.6.15.0) XIT_SCAN_PASSED
Received: from [10.60.1.167] (HELO inbound.spamprovider.com) by
spam.myemailserver.tld (CommuniGate Pro SMTP 6.1.7) with ESMTP id 51998793;
Mon, 18 Sep 2017 23:25:26 -0400
X-Note: This Email was scanned by SomeProduct SPAMThing
X-Note-AR-ScanTimeLocal: 09/18/2017 11:25:26 PM
X-Note: SomeProduct Build: 8/31/2017 11:17:18 AM UTC (2.6.21.34)
X-Note: Filtered by 10.60.1.167
X-Policy: mycompany.tld
X-Primary: OtherUser@Mycompany.tld
X-Virus-Scan: V-
X-Note: SPF: IP: 167.31.17.139 DOM: VENDOREMAIL.TLD ADDR: partner@VENDOREMAIL.TLD
X-Note: SPF: Pass
So we notice that it went through from an SPF range – and I cut out the back and forth accepting of the message that normally comes with the NDR/DR – and left the “554 5.1.0 Sender Denied” portion (bolded above).
Since we run Exchange I could check using powershell for exchange. Go figure.
Trusted Senders List
$TSD = (Get-MailboxJunkEmailConfiguration -Identity MYCEO_User).TrustedSendersAndDomains
$TSD > c:\temp\Trusted_Senders.txt
Blocked Senders List
$TSD = (Get-MailboxJunkEmailConfiguration -Identity alan.handley).TrustedSendersAndDomains
$TSD > c:\temp\Blocked_senders.txt
I should note that I first tried:
Get-MailboxJunkEmailConfiguration -ResultSize unlimited MYCEO_User > c:\temp\results.txt
But with that it was still truncating the results. Meh.
Remove an Entry
Set-MailboxJunkEmailConfiguration -Identity MYUSER -BlockedSendersAndDomains @{Remove="vendor@partner.tld"}
Add an Entry
Set-MailboxJunkEmailConfiguration -Identity ANOTHERUSER -TrustedSendersAndDomains @{Add="Vendor@partner.tld"}