Jump to content


Photo

550 5.7.350 550 5.7.350 Remote server returned message detected as spam


  • Please log in to reply
7 replies to this topic

#1 Paccagnella Massimo

Paccagnella Massimo
  • Members
  • 4 posts

Posted 10 October 2019 - 05:11 PM

Hello,

our Office 365 tenant domain has been blocked by Barracuda Email Security Service: I noticed this happened since several users got an NDR from different recipient domains protected by Barracuda.

The message they get it's always the same:

550 5.7.350 Remote server returned message detected as spam -> 550 permanent failure for one or more recipients

The only way we have to sort it out is to contact the recipient's email admin and ask them to add our domain name to their list of allowed senders.

But this is happening with a Barracuda cloud solution and from different recipient domains so I assume it's somethig that only Barracuda engineers can fix globally.

 

I've already tried http://www.barracudacentral.org/rbl/removal-request but my mailboxes are hosted on Office365, and Microsoft doesn't provide the IP address of the EOP server who has contacted Barracuda: I've tried also to check my domain reputation at http://www.barracudacentral.org/lookups/lookup-reputationand but it still says that it's not a poor domain.

I'm not a Barracuda customer: who should I contact to be unblocked?

Any help would be greatly appreciated

 

MP


Edited by Paccagnella Massimo, 10 October 2019 - 05:41 PM.


#2 Michelle Exner

Michelle Exner

    BSF / BESS Moderator

  • Moderators
  • 384 posts

Posted 11 October 2019 - 09:30 AM

Each customer who uses the Barracuda Cloud filtering service can and does set up their own filtering rules.

The Global filtering rules that Barracuda manages are the same in our cloud service as it is on our hardware devices.

I would recommend that you contact the recipients who are blocking your mail and ask them to call into Barracuda support and see why or for what reason your mail is being blocked and they can then report back to you.

Often mail passing through our filtering service is blocked because of a rule or policy being added by the Barracuda Customer

Also if your mail is being blocked by a lot of Barracuda customers and this is some kind of automated email then your mail may not be compliant with the current SMTP standards for email.

Sincerely,


Michelle Exner
Product Lead Support Engineer
Barracuda Email Security
(408) 342-5300


#3 Paccagnella Massimo

Paccagnella Massimo
  • Members
  • 4 posts

Posted 12 October 2019 - 07:46 AM

Thank you Michelle,

I did some additional test by setting up a pilot on Barracuda Email Security Service: here I added one custom domain and test some message sent by Office 365.

Again, all messages have been blocked and looking at the message header, I always find the following:

 

1 X-BESS-REASON score 2 X-BESS-REASON-EXTRA 8.002 44 X-BESS-ID 1570876543-893362-3586-67552-1 45 X-BESS-VER 2019.1_20191011.2018 46 X-BESS-Apparent-Source-IP 40.107.2.54 47 X-BESS-Spam-Status SCORE=8.00 using account:ESS97681 scores of QUARANTINE_LEVEL=0.0 KILL_LEVEL=5.0 tests=BSF_SC0_TG035, MIME_HTML_MOSTLY, HTML_MESSAGE, BSF_SC0_TG035c 49 X-BESS-Spam-Report Code version 3.2, rules version 3.2.2.219348 [from cloudscan17- 159.us-east-2b.ess.aws.cudaops.com] Rule breakdown below pts rule name description ---- ---------------------- -------------------------------- 6.00 BSF_SC0_TG035 META: Custom Rule TG035 0.00 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME 0.00 HTML_MESSAGE BODY: HTML included in message 2.00 BSF_SC0_TG035c META: Custom Rule TG035c 50 X-BESS-Spam-Score 8.00 51 X-BESS-BRTS-Status 1 --_000_AM0PR06MB4419D2D903C27B4F226CA7189F960AM0PR06MB4419eurp_

 

Looks like Barracuda Cloud service is blocking my Offcie 365 tenant domain because it assigns an high cloudscan scoring: and this is the same happenning for all customer domain protected by Barracuda Cloud .

 

Now, my sender domain (Office 365 hosted) has a good SPF record but doesn't have any DKIM or DMARC records.

 

How can I push "someone" "somewhere" to ask for the real reason they are blocking me?

 

Thx, in advance again.

 

MP



#4 Paccagnella Massimo

Paccagnella Massimo
  • Members
  • 4 posts

Posted 12 October 2019 - 08:26 AM

Wow! I've just found your post dated May '17 where you mentioned about the same rule that is now blocking my sender domain and where you wrote about a too restrictive rule that was blocking legitimate mail.

 

6.00 BSF_SC0_TG035          META: Custom Rule TG035 
2.00 BSF_SC0_TG035c         META: Custom Rule TG035c

 

https://community.ba...a-custom-rules/

 

Following the extract of a blocked message source where it's very clear that the applied ruled is the same:

 

X-BESS-Spam-Report: Code version 3.2, rules version 3.2.2.219348 [from cloudscan16-
    201.us-east-2b.ess.aws.cudaops.com]
    Rule breakdown below
     pts rule name              description
    ---- ---------------------- --------------------------------
    6.00 BSF_SC0_TG035          META: Custom Rule TG035
    0.00 MIME_HTML_MOSTLY       BODY: Multipart message mostly text/html MIME
    0.00 HTML_MESSAGE           BODY: HTML included in message
    2.00 BSF_SC0_TG035c         META: Custom Rule TG035c
X-BESS-Spam-Score: 8.00

 

Thx for tell me how to unblok it definitely.

 

M



#5 Michelle Exner

Michelle Exner

    BSF / BESS Moderator

  • Moderators
  • 384 posts

Posted 14 October 2019 - 12:45 PM

Paccagnella,

All I can do is answer questions based on the information provided.

You provided a basic questions about mail blocked as spam

If you are not a Barracuda Customer then I have no way of determining why your mail is being blocked based on your original question.

Your last comment indicates that your mail is hitting some of our custom rules.

We updated the rules that were causing false positives so this should no longer be an issue.

Looking at the message you referenced above and it appears to have hidden embedded html code in it that is running an active script.

That is going to result in your mail getting a high score.

I don't know if this is intentional or of your mail client has a virus that is adding this attachment but at this time it is hitting our filters.

I have forwarded this on to engineering to determine if this is dangerous and if we can bypass this filter when this kind of mail comes in.





 


Michelle Exner
Product Lead Support Engineer
Barracuda Email Security
(408) 342-5300


#6 Michelle Exner

Michelle Exner

    BSF / BESS Moderator

  • Moderators
  • 384 posts

Posted 14 October 2019 - 03:51 PM

Paccagnella,

According to our engineering team the mail you gave as an example has embedded HTML code and style sheets that do not match the content of the email and is being used to obfuscate the content of the mail and hide a potential attack.

They feel that either this is being done deliberately or is being done by a virus infected mail server or client.

They recommend that you review your outgoing mail and make sure that what you are sending is legitimate mail and not being changed by some other entity.

Sincerely,

 

 


Michelle Exner
Product Lead Support Engineer
Barracuda Email Security
(408) 342-5300


#7 Paccagnella Massimo

Paccagnella Massimo
  • Members
  • 4 posts

Posted 14 October 2019 - 05:09 PM

Dear Michelle,

thx for your reply.

I think the problem is the disclaimer we automaticaly append through an Office 365 rule, when the message is sent to 'Outside the organization':

 

<br><p style="text-align: justify;"><span style="font-family: trebuchet ms,geneva; font-size: x-small;"><style>This message and any attachment contains confidential information and is intended only for the addressee, access to this email by anyone else is unauthorized. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Company.</span></p>

 

I've just tried to remove the discalimer and send the same message out and it's been correctly delivered.

 

Can you ask your engineer team why it's considered dangerous?

 

Can you create an exception or should i add all domain recipients protected by Barracuda to my Office 365 disclaimer rule exception? (it happens only with them).

 

Thx, MP



#8 Michelle Exner

Michelle Exner

    BSF / BESS Moderator

  • Moderators
  • 384 posts

Posted 15 October 2019 - 10:24 AM

Paccagnella,

All I can tell you is that your email is written in a manner that spammers use to hide dangerous content.

This is going to get your mail a high score.

You need to change your mail (as your testing shows works) so that you are not running into this rule.

Perhaps just changing how you add the disclaimer

This rule blocks a massive amount of spam every day. There is no possible way that we are going to change it.

Sincerely,
 


Michelle Exner
Product Lead Support Engineer
Barracuda Email Security
(408) 342-5300