Category Archives: Knowledgebase

Disable Outlook Filtering

Many administrators don’t realize that Outlook by default has its own filtering in place. This filtering is very basic and it doesn’t usually cause any issues with your existing mail server security or 3rd party filtering. If you have exhausted your efforts in troubleshooting missing mail or false positives you may disable this filtering to see if that helps. To disable Outlook Filtering, follow these steps:

  1. Open Outlook
  2. Click Actions > Junk E-mail >Junk E-mail Options
  3. Select No automatic filtering;
  4. Press OK.

Search Gmail logs in the administrator control panel

This is very exciting news!

What happened to an inbound or outbound message? Was a message sent to my domain and marked as spam? Which users sent or received a specific message? Starting today, domain admins can get answers to these and other such questions using Gmail log search. This feature is now available in the administrator control panel.

See Finding messages with email log search for steps on using the email log tool located within the Reports tab. See Viewing message details for a description of the output. Finally, see Interpreting message details for recommendations on using log search results to investigate delivery issues.

Guidelines

When using email log search, keep in mind these limitations and conditions:

  • Only super administrators have access to email log search.
  • Resellers do not have access to the email log search feature for a resold domain when accessing its control panel via the reseller console.
  • Messages may take up to an hour after being sent or received to appear in the email log search database.
  • Only messages from the past 30 days can be retrieved via search.
  • The maximum date range for queries is a seven-day period.
  • Log times are shown in the administrator’s own time zone.
  • Mail sent to a Google Group or other mailing list doesn’t appear unless a Google Apps user is a member of that group and a recipient of the message.
  • Focused queries are faster and recommended. For instance, a specific message ID query may take a few seconds to return results while more generic queries without a message ID may take dozens of seconds to complete.
  • Search values must be complete. No partial matches or wild cards are supported.
  • Although the subject is shown in search results, messages cannot be queried by subject.
  • Only one sender or recipient can be entered in a query. Multiple entries are not supported.

For more information:
http://support.google.com/a/bin/answer.py?hl=en&answer=2604578

New Ping and Traceroute Tools available at MxToolbox.com

Today we’re happy to announce that we have added ICMP Ping and Traceroute to our Free Tools at mxtoolbox.com. Typically you would use a Windows Command Processor or Terminal shell to utilize Ping and Traceroute to help troubleshoot issues however it is often very useful to run these tools from a location other than where you are currently sitting, so we’ve added it to the arsenal of commands available on our site.

Ping (http://en.wikipedia.org/wiki/Ping)

Ping is a commonly used tool to test the reachability of a host (IP) and also measures the round trip time on the response.

NOTE: Don’t confuse the new ICMP ping tool with our ping@mxtoolbox.com email trace tool. Ping@mxtoolbox.com was created in the spirit of ICMP ping as a quick tool to test Inbound and Outbound mail flow on a server. For more details on ping@mxtoolbox.com, go here.


Traceroute (http://en.wikipedia.org/wiki/Traceroute)

Traceroute tracks the path that a packet takes from the source to a destination address.  A traceroute also shows how many times your packets are being rebroadcast by other servers until it gets to the final destination.

Along with our Free DNS Tools, we also offer Free Server Monitoring. Our MxWatch Monitoring will allow you to setup Monitors for Blacklists, SMTP and more. You will then be alerted via email or SMS text if there is an issue with a Monitor, which can help you address problems before they escalate. The Free version of our MxWatch includes two Monitors, which can be used to check the Blacklist every seven days or any other additional alerts of your choice; SMTP, TCP, HTTP, etc. We also offer Paid Services for those individuals that want to monitor more than two sites or servers.  Why choose the paid services? The MxWatch Basic package provides up to 10 Monitors as well as access to the Tier II expertise of our rock-star Support Team!

Here is the full list of available commands for our Free DNS Tools:

Command Explanation
blacklist: Check IP or host for reputation
smtp: Test mail server SMTP (port 25)
mx: DNS MX records for domain
a: DNS A record IP address for host name
spf: Check SPF records on a domain
txt: Check TXT records on a domain
ptr: DNS PTR record for host name
cname: DNS canonical host name to IP address
scan: Perform a port scan on the host
whois: Get domain registration information
arin: Get IP address block information
soa: Get Start of Authority record for a domain
tcp: Verify an IP Address allows tcp connections (tcp:ip:port)    New!
http: Verify an IP Address allows http connections (http:”url”:”regex”)    New!
https: Verify an IP Address allows secure connections (https:”url”:”regex”)    New!
ping: Perform a standard ICMP ping  New!
trace: Perform a standard ICMP trace route  New!


As always we thank everyone for their feedback on our tools, to reach out to us please email us at feedback@mxtoolbox.com.

NOMOREFUNN Realtime Blacklist Website Having Issues

A few weeks ago we started receiving notices that the NOMOREFUNN Realtime Black List (RBL) website was down.  We’ve been monitoring their site for a few weeks and their website remains down however the RBL database itself is up and taking queries. Unfortunately we don’t have any details as to why/when the site went down.

Although the website remains down, the RBL list is answering and is being maintained. Due to the RBL List still answering and showing in an active state, we will not be removing this list from our tool at this time.

MxToolBox is not affiliated with any Blacklists nor does inclusion on our tool advocate the use of any specific lists.  We simply provide a public tool that can be utilized to see if you are on a Blacklist.   If you are on a Blacklist, or more importantly, if you are having problems with your email delivery and you’re not getting the help you expect from the blacklists themselves or the recipients to which you cannot send; MxToolBox has a Solution!  MxToolBox offers Blacklist Protection!  For more information please feel free to visit our website or email info@mxtoolbox.com.  You can always call 866-MxToolBox (698-6652) and ask to speak to any of our blacklist specialists for assistance or to learn more about our solutions.

We’re always looking for new Blacklists to add to our tools.  If you have one you would like to suggest, please send an email to support@mxtoolbox.com.

For information about other Blacklists that have shut down or Blacklists that are having problems, view this forum post.

Tax Time – Here comes the Spam!

It’s that time of year again; tax time.  Here you are preparing your tax return and you’re already getting emails about the submission before you’ve finished?   BEWARE of spammers trying to take advantage of you during this time. We have already seen several different versions of emails that spammers have sent.

The goal of these campaigns is to have you click on their spam campaign. The links in the email will direct you to a fraudulent web site. Keep in mind that these are designed to look very official and are actually composed nicely with correct grammar (most of the time) and appear to be very professional. Clicking on these emails can lead to your computer becoming infected with a virus, trojan or malware. What’s worse, these campaigns are using phishing which is designed to gather your personal information including your social security number, login information or even your credit card data.

How do you avoid these spam campaigns?
Spammers unfortunately often have the upper hand because they create the spam campaign and then Email Providers like MxToolBox have to quickly adjust their filters. While the filters are being automatically adjusted to combat these types of spam attacks you may still encounter messages like this. In addition to being aware of these potentially dangerous spam tactics we would also recommend having the correct protection! Most of us have a good Anti-virus program but that is like locking the front door but leaving a window open. If you click on an email that has a fraudulent link, you have opened the your personal window to a web-based attack. Unfortunately most networks don’t have Internet Browser Web Security so you could be very vulnerable to this type of email to web-based attack.

MxToolbox has partnered with Webroot to offer Web Security to protect your network from attacks through the web browser. Our Total Security Solution includes Business Email Perimeter Security in combination with Web Security to provide additional layers of protection to combat Email and Internet threats. Webroot eliminates spyware and viruses with best-of-breed scanning engines and offers a 100% guarantee.  In addition to protecting against malware you have the ability to enforce web access policies and generate detailed reports on your users’ browsing history.

Below are a few samples of the most recent spam campaigns we have noticed. You may notice that the third one below is not necessarily tax related, but is an inquiry from the Better Business Burea. This is not a real request and is spam. Be wary!

If you’ve ever had problems with Spam like this in your network, or worse yet, if you’ve experienced the pains and toils of the virus/malware infections that results; rest easy – there is a solution. Even if you have Anti-Virus software installed, it’s not enough; you can still be susceptible to these problems.

Please visit our Website to learn more about our Web Security Solution and call (866)-MXTOOLBOX / (866)-698-6652 to speak to one of our specialists about how you can put this problem to rest forever!

Postini – 4000 Character Approved/Blocked Sender Limit

List length limit (4000) exceeded.

If you have received this error when trying to add to your approved/blocked sender list, it can be very frustrating!

Postini has limited the number of characters (not entries) and the maximum number of characters allowed for each approved/blocked list in the Administration Console to 4000.  If each entry is 30 to 40 characters, each sender list can include approximately 100 to 130 addresses and domains.

To free up more space, we recommend deleting addresses that are no longer used. Keep in mind that if you are managing your Approved/Blocked Sender List in your Postini Message Center, you are only adjusting your personal preferences. Your administrator may consider adding an address  to the global organization-level list to improve filtering for all users. If that is done, this would mean that you could remove that particular address from your list and free up a bit of space.

Keep in mind that the approved/blocked lists are meant to allow addresses that have had issues getting through the filters; we do not recommend proactively adding email addresses to the approved sender list. Adjusting your approved/blocked senders list can allow spam through unknowingly. We also highly recommend never adding your own domain or any specific email address on your domain as that can cause spoofing and then you have opened the door to spam!

Google Apps Email Security (Postini Standalone Filtering)

In addition to your Google Apps Premier account you can enable Postini Standalone Filtering for greater spam fighting control. From the Google Apps control panel, you can configure Email settings for each organization in your domain. For example, you can set up multiple Content compliance and Objectionable content settings, and tailor these settings for a specific organization or sub-organization.

To add an email setting for an organization:

  1. Sign in to the Google Apps control panel at https://www.google.com/a/cpanel/domain.com
  2. Then enter your username and password to open the control panel.
  3. From the menu at the top of the page, select the Settings tab.
  4. From the left-navigation menu, click Email.
  5. From the Email settings page, click Filters.
  6. In the Organizations section near the top of the page, highlight the organization for which you want to add settings.
  7. To create a new setting, click the Add Setting button near the right edge of the window (the Add setting dialog box opens).
  8. Click the type of setting in the left navigation menu of the dialog box — for example, Objectionable content or Content compliance.
  9. For detailed instructions on adding specific types of settings, see the following:

    Content compliance
    Objectionable content
    Append footers
    Approved sender lists
    Blocked sender lists
    Attachment compliance
    Restrict email delivery

  10.  When you are finished making changes, click Add Setting.Note: Any settings you add or edit will be highlighted in yellow-orange on the Email settings page.
  11. Click Save changes at the bottom of the Email settings page.

Additional Resources
What’s the difference between Postini integrated and standalone?
Postini Transition to Google Apps Email Security: Administration Guide

American Airlines and UPS Spam Breaching Postini Filters – Automatic Updates to Filters Expected

If you have received either the UPS Confirmation email or the American Airlines Order ID messages, you are not alone. Currently spam filters across the world are frantically adjusting their heuristics to combat these spam messages. While the filters are being automatically updated, we would recommend enabling a attachment filter to block these messages

NOTE: If this filter is applied, it will block any legitimate message with a .zip attachment. See below for the steps to enable the recommended filter and the recommended settings:

Attachment Manager Filter Steps

  1. Access the customer’s Postini User Org (not MAIL or Email Config level) and enable the Inbound Attachment Manager.
  2. We highly recommend enabling ‘Scan inside compressed file types’ and ‘Enable binary scanning’ as this may also help with any future evolutions.
  3. To build a custom filter for blocking .zip attachments, select Filter and follow the image below:

  4. Be sure to add ‘zip’ under 2. Custom Filter Types to either User Quarantine (in case of false positives) or under Quarantine Redirect.
  5. Click Save and the filter is applied.

MxToolbox has partnered with WebRoot to offer Web Filtering to protect your network from attacks through the web browser. For more details on the protection that this program can offer, go here.

MxToolBox Email Header Analyzer Makes Email Headers Readable

Our Email Header Analyzer has been around for a few years but we have recently polished it to include a few more cool features. Email Headers can be a real challenge to decipher which is why we developed this tool in the first place. In simple terms, it makes email headers as readable as the newspaper.  Email headers are present on every email you receive via the Internet and can provide valuable diagnostic information like mail server delays, anti-spam results and more.

So lets try out the tool and some of its new features. Simply grab some email headers (not sure how to get email headers?) and paste them into our tool here. To view the example below in a live format on our site, go here.

  1. Sharing - We have added sharing tools at the top of the page. Share with your IT Administrator, Support Department or Vendor to help with the troubleshooting process.
  1. Time Stamps - Visual graph that quickly shows the amount of time the message took at each server/hop. This view can help you see if if/where there was a delay at any of the servers.
  2. Server Hops - A more detailed look at the servers that touched the message, also includes delays in this format if applicable.
  3. Parsed Headers - Email Headers can be very confusing to read, so this part of the tool parses out the valuable information like Sender, Recipient, Date, Time, Subject of the message etc.
  4. Original Headers - Sometimes you need to refer back to the raw email header so we have put that information at the bottom.

Our website and its tools are constantly evolving and we would love to hear your feedback! Please let us know if you think something can be improved etc. Hit us back at feedback@mxtoolbox.com.

If you are concerned about mail delays or other performance issues with your server we would highly recommend trying our Premium MailFlow Monitoring. This service sends a message through your server and back to our datacenter. This unique method allows us to provide complete mail flow visibility on your server. This can help uncover issues that might be creating delays as well as detecting both inbound or outbound mailflow failures.  In addition to alerts for failure, you can login to see daily, weekly and/or monthly historical statistics. This method allows you to get a true picture of the performance of your mail server.

Additional Resources
How to Get Email Headers
MailFlow Monitoring

Other Email Bounce Backs and Their Meanings

Bounce backs and error codes for email can be very mysterious and misleading. To help better understand them,we have started a new series on the blog dedicated to demystifying these occurrences. To read all of the blogs in this series please follow this link.

We’ve already covered a few of the different types of bounce backs but we haven’t really even scratched the surface! Email error messages can be broken down into three groups: User Error Messages, Domain Error Messages and Anti-Spam Error Messages.

User Error Messages
These are typically local issues with the user’s email account or email client. They include mailbox is full, message exceeds size limit (attachment size), and user unknown, mailbox unavailable or invalid recipients.

User Unknown
Probably the most common bounce back we see is the user unknown, mailbox unavailable and invalid recipients. Simply put the email address you are attempting to email, doesn’t exist. Typically these are due to misspellings of the user name or domain.

<user@domain.com>: host domain.com said:
550 5.1.1 <user@domain.com> is not a valid mailbox<user@domain.com>: Sorry, no mailbox here by that name. (#5.1.1)<user@domain.com>: host domain.com said:
550 Invalid recipient

If you receive a similar bounce back, confirm the spelling of the entire email address and resend if necessary. If you have confirmed the spelling then you can try and contact the user via an alternate method. Sometimes users don’t know they are having an issue!

Mailbox is full
Most mail systems have a limit on how much email is allowed to remain on the server for each individual user. If that limit is reached the server will not allow them to accept any new mail.

<user@domain.com>: User is over the quota. You can try again later.

<user@domain.com>: host domain.com said:
552 <user@domain.com>… Mailbox is full

Since this is a local issue with the user’s mailbox, their system administrator will need to either make room for new mail or increase their storage allocation. Typically you can resend your message a bit later as this type of problem is easily resolved. Keep in mind, that if you continue to receive the error that may mean that the account is no longer being monitored.

Message Exceeds Size Limit
This error indicates that the size of the message including email headers, message content and attachments exceed the domain per message size limit. Typically most mail servers only allow 5-10mb per message as a default. Email was never meant to be a way to send large attachments, it is instead recommended to use a 3rd party sending service, FTP server or another alternate method.

<user@domain.com>: host domain.com said:
552 message size exceeds maximum message size<user@domain.com>: host domain.com said:
552 Message size exceeds fixed maximum message size

Domain Error Messages
These type of errors usually have to do with a domains registrar expiration or DNS issues. If these issues occur you may receive a bounce back indicating a Connection Timed Out or Domain Not Found.

Connection Timed Out
A “connection refused,” or “connection timed out” error usually indicates a message sending issue. This could be due to a high volume of messages, an external spam attack on the server or an internal setup problem. Typically these are resolved rather quickly by the server automatically so you can resend your message a bit later.

<user@domain.com>: connect to 1.2.3.4: Connection Timed Out

Domain Not Found
If you receive an error indicating that domain could not be found or no DNS record exist, this means that the domain doesn’t exist. This may be a temporary issue where the domain has expired or it could mean there is an MX Record issue with their DNS.

<user@domain.com>: Name service error for domain domain.com:
Host not found, try again

Anti-Spam Error Messages
Everyone hates to get spam and there are hundreds of ways to try and stop it. One way that administrators use is to issue bounce backs if they believe a message is spam.  Often times, these are custom created bounce-backs so the error codes can vary, but the message is all the same. Stop sending spam!

NOTE: We do not advise using bounce backs to combat spam. This form of anti-spam may actually allow your users to get MORE spam. Instead we would highly recommend that anyone running a Business Email Server invest in an advanced heuristic spam, virus and phishing protection service, with controls featured in modern anti-spam and anti-virus products and services such as our own Spam and Virus Business Email Protection. We also include these services in our Email Hosting services.

<user@domain.com>: connect to domain.com: 550 Connection refused – we hate spammers!

<user@domain.com>:host domain.com said: 554 Denied

<user@domain.com>:host domain.com said: 552 spam source blocked

If you are receiving these types of bounce backs, we would highly recommend checking if your mail-serer IP Address is on a Blacklist. While your mail may be legitimate to you, others may not see it that way. If your company gets Blacklisted, it could cause major trouble for your business and slow down communication with your current customers or prospects and in general, the outside world.

There are many reasons an IP Address may end up on a Blacklist.  More often that not it’s because the administrators controlling it have not taken appropriate steps to secure their email infrastructure or the network has workstations that have been compromised by spammers, hackers, or virus propagators.

Bounce messages are all very different and may contain different languages but diagnosing the error code can help you understand it.  A good rule of thumb is to ensure that your messages are clean, simple and desirable.  This will go a long way to making sure your message reaches the recipient.

Taking the time to ensure that your messages get delivered is incredibly important.  Take the extra step and get advanced, real-time monitoring of your server against blacklists, as well as availability and performance. Please visit our website to learn more – MxWatch Monitoring – Email | Website | Network.

Additional Resources
400/500 Email Bounce Back Errors Explained
How to Read Email Bounce Backs and Errors
What Blackslists Are & How MxToolBox Helps