I’ve been fighting an odd issue and finally found a resolution with the assistance of TrendMicro’s support.
A few users (six out of 22k) reported that they weren’t getting email from anyone outside of the network. A few test messages from my web mail accounts (Gmail, Hotmail, and my own domain) revealed an interesting issue.
These few accounts were getting this error:
Hotmail
Reporting-MTA: dns;blu0-omc1-s38.blu0.hotmail.com
Received-From-MTA: dns;BLU119-W30
Arrival-Date: Thu, 3 Jul 2008 06:02:56 -0700Final-Recipient: rfc822;[deleted@for.security]
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp;554 5.7.1: Recipient address rejected: Access denied
GMail
This is an automatically generated Delivery Status Notification
Delivery to the following recipient failed permanently:
[deleted@for.security]
Technical details of permanent failure:
PERM_FAILURE: Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 554 554 5.7.1 < [deleted@for.security]>: Recipient address rejected: Access denied (state 14).
I tested SMTP connectivity to the Exchange server by telnetting to the device from outside and inside the network to attempt to narrow down the block. Our Exchange server is protected by TrendMicro ScanMail, and we utilize a TrendMicro Interscan Messaging Security Appliance on our DMZ to provide more spam and virus protection.
I narrowed it down to the IMSA appliance but couldn’t locate the problem in the logs. The MTA logs simply stated Access Denied… not very helpful. So after a short wait on hold, TrendMicro support asked me to deactivate the Network Reputation Services, a learning adaptive IP filtering system that blocks spam senders before they finish connecting.
I later found that the NRS is configured on the appliance AND on TrendMicro’s Email Reputation Service website. lets you create an account using your IMSA’s activation code. Then you can log in and configure the “aggressiveness” of the NRS filters.
If you’ve already laid out the cash for the IMSA, get your email servers registered on this site to make sure they don’t get blocked or at least you’ll have a higher rating with other Trend users on the internet.
It was a frustrating problem that I hope nobody else has, but if they do I hope you find this helpful. If this doesn’t fix it, give Trend a call. Enterprise wait time was less than a minute and had me up and running in less than 10 minutes.
Tags: things I learned
It’s been a while since I’ve updated this blog, the real life has been keeping me busy but I try to get to the forums every day or two.
My new career has kept me hopping. The college is busy and turn over has lead to an open position that I’m going to try to fill. Unfortunately it was the position that performed similar duties, so the team’s current work load has increased.
I have a few large projects under my wing. I’m working hard to meet our budget restraints but keep service levels high.
We’re looking at new UPS installations in two campus buildings, one a small 6-10KVA and the other is for our core server room weighing in at 60-80KVA. We lack a generator and no budget to buy one so we’ll need to run on battery long enough to shutdown gracefully in the even of a power outage.
Ramp up our ESX cluster and virtualize as much as possible. Many of our HP servers are out of warranty and still run critical apps. I’ll be starting with some of the easier redundant servers and working toward more critical servers as we balance the load and ensure our core switch fabric can handle the increased iSCSI load the ESX and SAN environments will be placing on them.
In my spare time, I’m troubleshooting our TrendMicro AV solution along with Exchange email issues that creep up. Personally, I think Trend is bucket of chum with a pretty bow on it - but now isn’t the time to forklift in a new solution, it’s time to wring as much support out of them as our contact gives us… so far I’m less that impressed at their customer service. It’s frustrating when you want to give your clients the best service possible, but a vendor prevents you from meeting those goals.
On the home front, life has been equally busy. Sam crawled for the first time. He’s getting more mobile every day. Anna scored three ribbons in her last swim competition… I could see her smile from a block away when she brought them home.
Nap time is over for Sam… time to save and log off. Peace!
Are you ready to make history? Are you ready to set a World Record? Today is Download Day. To become part of the official Guinness World Record you must download Firefox 3 by 17:00 UTC on June 18, 2008, or roughly 24 hours from now.
Seriously… why are you still here reading this? Go Download Firefox now!
Tags: firefox, open source
A few hardcore geeks have solved the latest problem holding back their community - how to beat some of these insane Guitar Hero songs on expert or Dragon Force’s Through the Fire and Flames on any difficulty.
Well a few ideas are looking promising.
Kevin Herron developed Tom Hannu, a Guitar Hero bot and a YouTube user he uses to post videos of the bot slaying songs on expert with 100% accuracy. The songs are preprogrammed into three applications which then spews out the strums and notes out to a breadboard wired into a dissected Guitar Hero controller. Very cool and very accurate.
Demo Video:
Second bot:
Jeremy Blum, went with more of a hardware attack on this problem.
This slick bot that actually watches the live video using optical sensors to pickup incoming notes and then relaying the strums and notes to a dissected Guitar Hero controller. It’s not infallible, but pretty darn good for not knowing what the next note is going to be until it shows up on screen. Some of the effects in the game mess with the optical sensors - but a few tweaks and I think this will be almost perfect.
Here’s a sample:
Tags: guitar hero