2010 Automatic Reply seen as spam?

[irbk]

For some reason, some of the time when an automatic reply is sent to the internet (mostly to military domains, it doesn't happen to say yahoo or gmail) I get something similar to the following in the administrative mailbox

Delivery has failed to these recipients or groups:

external.user@us.af.mil
A problem occurred during the delivery of this message to this e-mail address. Try sending this message again. If the problem continues, please contact your helpdesk.

The following organization rejected your message: mail3.us.af.mil.

Diagnostic information for administrators:

Generating server: guardian

external.user@us.af.mil
mail3.us.af.mil #<mail3.us.af.mil #5.0.0 SMTP; 554 Transaction Failed Unsigned DSN for [spoofed?] message not originating here.> #SMTP#

Original message headers:

Return-Path: <>
Received: from webmail.mydomain.com (mailserver.mydomain.com [172.16.1.9])	by
 guardian (8.14.3/8.14.3) with ESMTP id o2QJdFhR027491	for
 <external.user@us.af.mil>; Fri, 26 Mar 2010 14:39:15 -0500
Received: from MAILSERVER.mydomain.com ([::1]) by MailServer.mydomain.com
 ([::1]) with mapi; Fri, 26 Mar 2010 14:39:15 -0500
From: Internal User <internal.user@mydomain.com>
To: "External User YA-02 USAF DoD AFCEE/ACX" <external.user@us.af.mil>
Subject: Automatic reply: RFP FA8903-10-D-8598-0002
Thread-Topic: RFP FA8903-10-D-8598-0002
Thread-Index: AcrNG7p75HFNDIsgRy6DWP04+8tyBwAAEo4z
Date: Fri, 26 Mar 2010 19:39:15 +0000
Message-ID: <cff802f51798468491f6652641066319@MAILSERVER.mydomain.com>
References: <22D23E59F68D66498A755E3B084BFF413179415EF9@52VEJX-MV08-01.area52.afnoapps.usaf.mil>
In-Reply-To: <22D23E59F68D66498A755E3B084BFF413179415EF9@52VEJX-MV08-01.area52.afnoapps.usaf.mil>
X-MS-Has-Attach:
X-Loop: Internal.User@mydomain.com
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=1.12.8161:2.4.5,1.2.40,4.0.166
 definitions=2010-03-26_14:2010-02-06,2010-03-26,2010-03-26 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ndrscore=0 ipscore=0
 adjustscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam
 adjust=0 reason=mlx engine=5.0.0-0908210000 definitions=main-1003260148

When we get these messages, they are nearly always "Automatic Replies". If I were to send a message directly to (as in the above example) external.user@us.af.mil, the user would get the message with no issues. I just can't figure out why "automatic reply" is seen as spam but a direct message isn't.
Any help would be much appreciated.
Thanks in advance.

 

[irbk]

I think I may have solved my own issue again. Though it requires testing to find out. See, we recently changed domain names. The new server wasn't around when the domain name changed, so it only had the new info set up on it. Long story short, I think it's our reverse DNS record is wonky and resolves to our old domain name. So I've put in a request to our ISP to update the reverse DNS record to point to our new domain name. Once that takes effect (24 to 48 hours) I hope the situation will be resolved. I'll let ya'll know.

 

[irbk]

Well, it wasn't the reverse DNS lookup. Took like 3 weeks of bugging my ISP to get the stupid reverse DNS injected, but now it's there and were still getting these replies. Any ideas?

 

[58sniper]

Not positive, but I see at least two references to IPV6. If you're not really using it, disable it on the server via registry and reboot the box.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[irbk]

Looked into disabling IP6 and got quite the bit of conflicting advice. Disable if your not using it, never disable it you'll have issues. Disable it by setting DisabledComponents to FF, Disable it by setting DisabledComponents to FFFFFFFF.

Needless to say, I'm not sure (nor do I think anyone is sure) of how to do it or if it should be done. What would the worst case scenario be? Mail stops flowing, I go back to the DisabledComponents and change it back?

Thanks again.

 

[58sniper]

Disable it using FFFFFFFF and reboot.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[irbk]

Done and still getting "Rejected by bounce verification" and the like.

Other ideas? I'm at a total loss.

 

[58sniper]

Do an ipconfig and verify there aren't any IPV6 settings. Look at the headers of a new bounced message and make sure it's not referring to the IPV6 address.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.

http://www.ucblogs.net/blogs/exchange/

 

[irbk]

Definitely no IPV6 in the ipconfig...
Here is a new bounce, I don't see anything with IP6.

Delivery has failed to these recipients or groups:

External.User@dot.wi.gov
The e-mail address you entered couldn't be found. Check the address and try resending the message. If the problem continues, please contact your helpdesk.


The following organization rejected your message: smtp.state.wi.us.


Diagnostic information for administrators:

Generating server: guardian

External.User@dot.wi.gov
smtp.state.wi.us #<smtp.state.wi.us #5.1.1 SMTP; 550 #5.1.0 Rejected by bounce verification.> #SMTP#

Original message headers:

Return-Path: <>
Received: from webmail.mydomain.com(mailserver.internal_domain.com [172.16.1.9])	by
 guardian (8.14.3/8.14.3) with ESMTP id o45EFRFZ019059	for
 <External.User@dot.wi.gov>; Wed, 5 May 2010 09:15:27 -0500
Received: from Mailserver.internal_domain.com ([172.16.1.9]) by MailServer.internal_domain.com 
 ([172.16.1.9]) with mapi; Wed, 5 May 2010 09:15:27 -0500
From: Lisa Smith <MyUser@mydomain.com>
To: "Smith, Graham - DOT" <External.User@dot.wi.gov>
Subject: Automatic reply: ITS TOIP Items in Let Project & Procurement Costs;
 Let Proj 1066-00-75, WISC-2010(510); & Procur Proj 1066-00-83,
 WISC-2010(5XX); IH 94, CTH N Interchage, Dane Co
Thread-Topic: ITS TOIP Items in Let Project & Procurement Costs; Let Proj
 1066-00-75, WISC-2010(510); & Procur Proj 1066-00-83, WISC-2010(5XX); IH 94,
 CTH N Interchage, Dane Co
Thread-Index: Acq0qR3nC0mg/vPsSGO1pVpkX60S4wAAfxLwACubyGABkqY38AEuXViwALQjayACFaVbsAO3k82QBH3gW3AAALdxPA==
Date: Wed, 5 May 2010 14:15:27 +0000
Message-ID: <e514d6795c8d41bf99f0a778baab2762@MailServer.internal_domain.com >
References: <1E8A5499B56DDE49B64992BBBC8B6DCB05122E46@exchange.internal_domain.com>
 <D1BE0FAB7CFCEB429781E01C428925A0C30638@OSTMAIL04VS6.ad.dot.gov>
 <818CCA28F0DE8C419D6649EA5FCC9EAE5D5388873D@MEWMAD0PC02G06.accounts.wistate.us>
 <D1BE0FAB7CFCEB429781E01C428925A0CAC3C9@OSTMAIL04VS6.ad.dot.gov>
 <818CCA28F0DE8C419D6649EA5FCC9EAE5D567D77C5@MEWMAD0PC02G06.accounts.wistate.us>
 <D1BE0FAB7CFCEB429781E01C428925A0DB3925@OSTMAIL04VS6.ad.dot.gov>,<818CCA28F0DE8C419D6649EA5FCC9EAE5D590D9CBE@MEWMAD0PC02G06.accounts.wistate.us>
In-Reply-To: <818CCA28F0DE8C419D6649EA5FCC9EAE5D590D9CBE@MEWMAD0PC02G06.accounts.wistate.us>
X-MS-Has-Attach:
X-Loop: MyUser@mydomain.com
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=1.12.8161:2.4.5,1.2.40,4.0.166
 definitions=2010-05-05_02:2010-02-06,2010-05-05,2010-05-04 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ndrscore=0 ipscore=0
 adjustscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam
 adjust=0 reason=mlx engine=5.0.0-1004140000 definitions=main-1005050088

 

[irbk]

Anything? I'm at a total loss. It's almost like "Automatic Reply" are coming from a different interface then regular e-mail. I've got no idea why else I'd be able to send an e-mail to John.Doe@anywhere.com but then when John.Doe sends me an e-mail, my automatic reply is kicked back by bounce verification.

 

[irbk]

I wonder, could it be

Return-Path: <>

that's causing the problem? There isn't a proper return path so it figures it's spam? How would that Return-Path be configured?

 

[irbk]

I just ran a test.
1. I sent myself an e-mail from my corporate account to my yahoo account.
2. In my yahoo account, I look at the message, view the full headers, and see that

Return-Path: <me@MyDomain.com>

3. I turn on my "Out of Office" on my corporate account
4. Send a message from my yahoo account to my corporate account.
5. Look at the "out of office" automatic reply in my yahoo account and see that

Return-Path: <>

I'd bet this is it. The fact that the automatic reply doesn't have a valid return-path must be enough to kick off spam filters. So now, the question is, how do I set that Return-Path to be coming from some where so that we don't get these bounce backs?

 

[irbk]

I now believe the blank return path is exactly what my issue is.....

http://social.technet.microsoft.com...e/thread/15dc7582-6eb6-48c5-aa34-ebff631bba4b

Looks like one guy worked around it by creating a customized transport agent. I'm all for just having OOO to the internet turned off to begin with, but I was over ruled by the powers that be. So, I guess I'll investigate trying to create a customized transport agent as well.