Menu
Reply
  • 9
  • 0
  • 1
chrisbint
Tuning in
862 Views
Message 1 of 47
Flag for a moderator

Emails are being blocked with MXIN611 From header check failed

Hi,

We have a platform that is used by UK educational facilities to send emails to parents/carers of pupils and until recently this appears to have been working with no issues (for a number of years). For the last few days we have been having emails rejected with the following;

2019-09-16 22:19:46 (out 198)>>> 421-4.2.0 MXIN611
2019-09-16 22:19:46 (out 198)>>> 421-4.2.0 From header check failed
421 4.2.0 ;id=9yPSiBCcqxPj99yPSiNHli;sid=9yPSiBCcqxPj9;mta=mx2.tb;d=20190916;t=231946[CET];ipsrc=[redacted];

The headers that we use have not changed and we have SPF, DKIM, DMARC, rDNS all configured correctly and verified and the host/IPs in question are dedicated to this platform, all emails are opt-in.

Can anyone offer any indication as to what the problem could be and how to resolve?

Thanks in advance

0 Kudos
Reply
  • 5.88K
  • 70
  • 459
Buffer6
Community elder
819 Views
Message 2 of 47
Flag for a moderator

Re: Emails are being blocked with MXIN611 From header check failed

Looks like they are being rejected as spam, by your firewall, IPS or recipient, lots of possible fixes on web search.

https://uk.search.yahoo.com/search?fr=jnazafzv&type=E110GB0G10&p=421-4.2.0%20MXIN611

  • 9
  • 0
  • 1
chrisbint
Tuning in
804 Views
Message 3 of 47
Flag for a moderator

Re: Emails are being blocked with MXIN611 From header check failed

HI,

Thanks for the response.

Lots of results for 421 errors, which is a generic response, but none for "header checks failed" or "MXIN611".

Not a comment directly aimed at you, but it would be great to get a non-ambiguous response back if an email is being rejected. We have been sending the same type of content from the same IP addresses to the same recipients for over 5 years with no major issues. If reputation is the problem, I cannot see it anywhere else, we are not blocked on any blacklist that I can find and the IP reputation reported by companies such as SenderScore and Cisco are showing 'good' reputation for all.

I am hoping that someone from Virgin can use the IDs given to look up an exact reason.

Cheers

 

 

0 Kudos
Reply
  • 5.88K
  • 70
  • 459
Buffer6
Community elder
793 Views
Message 4 of 47
Flag for a moderator

Re: Emails are being blocked with MXIN611 From header check failed

0 Kudos
Reply
  • 5.88K
  • 70
  • 459
Buffer6
Community elder
777 Views
Message 5 of 47
Flag for a moderator

Re: Emails are being blocked with MXIN611 From header check failed

Download and run Belarc Advisor to ensure you have all the latest updates https://www.belarc.com/products_belarc_advisor

0 Kudos
Reply
  • 17.76K
  • 972
  • 7.39K
Very Insightful Person
Very Insightful Person
755 Views
Message 6 of 47
Flag for a moderator

Re: Emails are being blocked with MXIN611 From header check failed

I'd be interested to see an example From: header, because reading around it looks as if Virgin Media have opted to do some anti spam filtering based on the content of the From: header.  Here's what makes me think this.

https://www.sweetnam.eu/index.php/Postfix_Header_Checks

I'm not a VM employee though so you'd probably best wait for one of them to respond.

@ModTeam - I think this will need escalating ASAP - if this is happening when the mail is being sent to Virgin Media controlled domains then Liberty Global need to look at what's happening here.

Tim

As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

Use Kudos to say thanks

Mark as Helpful Answer if I've helped

  • 9
  • 0
  • 1
chrisbint
Tuning in
692 Views
Message 7 of 47
Flag for a moderator

Re: Emails are being blocked with MXIN611 From header check failed

Hi,

The email headers are fine, I personally validated them both using external tools and by adding debugging onto the mailserver itself during transmission.

The domains in questions also have dmarc reporting and we have 99.96% full compliance (both DKIM and SPF pass) so I have no reason to think there is anything wrong with them from what other ISPs are telling me.

Thanks

0 Kudos
Reply
  • 9
  • 0
  • 1
chrisbint
Tuning in
689 Views
Message 8 of 47
Flag for a moderator

Re: Emails are being blocked with MXIN611 From header check failed

Redacted (domain and IP) headers as below BCC'd to my microsoft account. There might be a slight difference in the headers when not BCCing, but the error remains regardless.

Authentication-Results: spf=pass (sender IP is 1.2.3.4)
smtp.mailfrom=redacted.domain; also.redacted.domain; dkim=pass (signature was
verified) header.d=redacted.domain;also.redacted.domain; dmarc=pass
action=none header.from=redacted.domain;compauth=pass reason=100
Received-SPF: Pass (protection.outlook.com: domain of redacted.domain
designates 1.2.3.4 as permitted sender)
receiver=protection.outlook.com; client-ip=1.2.3.4;
helo=smtp2.redacted.domain;
Received: from smtp2.redacted.domain (1.2.3.4) by
VE1EUR01FT014.mail.protection.outlook.com (10.152.2.219) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
15.20.2263.14 via Frontend Transport; Mon, 16 Sep 2019 20:24:17 +0000
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=all; d=redacted.domain;
h=Reply-To:From:To:Message-ID:Date:Subject:MIME-Version:Content-Type; i=auto.3630.GroupEmail.4348823.1@redacted.domain;
bh=hxrSEudRt+p3djZTq2UnwcpHUKg=;
b=xsVAHnJU4j5vNqLfu1meT/kYBDr46sy+eaEz079SL/MccS4QbmW5g7QDqyimhM+edEnS/r9dSzHd
K420FSUZVBq20ki8EQd2sO3mDfJfbnEKAw15m6GBgj/QDaTvcInRUerPsD+4+G+UaDWp9MByIYIZ
ersdNf/UB0ltKp40jac=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=all; d=redacted.domain;
b=bVzCJXfPZ8PlTm+PnFwiq1uW+1EIuxZ8SndPNb/+ZcYr6QuP2v4me9ccCt/lDvL2SofNATe1Ec9+
NICqDc7PEkxXx6nTPQVoFofGD9DLIYd/HuouaaS0JwHeFfaswjnPTdkpsPoMXIuuycBcvpscdMQk
wi5KgM1a1RTwBjbVj0Y=;
Received: by smtp2.redacted.domain id hfvnn21dco8j for <redacted.email>; Mon, 16 Sep 2019 21:24:17 +0100 (envelope-from <bounce-0-339684883@redacted.domain>)
virtual-MTA: redacted.domain
BPS1: bounce-0-339684883@redacted.domain
Reply-To: auto.3630.GroupEmail.4348823.1@redacted.domain
From: "Display name" <auto.3630.GroupEmail.4348823.1@redacted.domain>

If there are issues, I can't see them nor can the majority of other ISPs that send DMARC reports to us.

Thanks

 

0 Kudos
Reply
Highlighted
  • 17.76K
  • 972
  • 7.39K
Very Insightful Person
Very Insightful Person
682 Views
Message 9 of 47
Flag for a moderator

Re: Emails are being blocked with MXIN611 From header check failed

I'm going to hazard a guess that Virgin Media have put checks in to block spammy looking email addresses.

Looking at the From: email address - auto.3630.GroupEmail.4348823.1@redacted.domain

The appearance is reminiscent of the way spammers use a random local part to get round spam filters.  I think they'll need to have another look.

Tim

 

As a Very Insightful Person, I'm here to share my knowledge. I don't work for Virgin Media.

Click to learn more about VIP

Use Kudos to say thanks

Mark as Helpful Answer if I've helped

0 Kudos
Reply
  • 9
  • 0
  • 1
chrisbint
Tuning in
668 Views
Message 10 of 47
Flag for a moderator

Re: Emails are being blocked with MXIN611 From header check failed

It would be good to get an official (or semi) answer to this as it appears to be a recent change with no apparent change in behavior from us. 

I would add that we are delaying these emails and retrying due to the 421 response and if this is a permanent error perhaps the message should be a 5xx response. 

Thanks

0 Kudos
Reply