in
Questions and answers to issues related to Microsoft: Windows, Applications, Development, Hardware, Server, Internet Protocols, Database, Exchange . » OS » Server » Exchange » Problem: 554 Transaction Failed Spam Message not queued

554 Transaction Failed Spam Message not queued

About a couple weeks ago we were forced to change our IP address by our ISP.  I changed it, the MX record, double checked the FQDN and changed all information in the router (sonicwall).  Now we get this message from a few different domains

Non delivery report: 5.2.1 (Mailbox exists but is disabled)
Reason: Mailbox exists but is disabled
The mailbox exists but is not accepting messages.
This may be a permanent error if the mailbox will never be re-enabled or a transient error if the mailbox is only temporarily disabled.

DATA
354 Start mail input, end with "."
554 Transaction Failed Spam Message not queued.

I've run DNS reports on DNSstuff and I've passed just about everything (with a few minor warnings) and I'm not on any blacklists.  I've contacted a couple of the companies, and only had one that put us on the white list.  I  can't help but think theres a major technical detail I'm missing and that's why they're blocking us.  All help given will be greatly appreciated.
Movie Stars

Solution: 554 Transaction Failed Spam Message not queued

Some of the messages that we received with this NDR said brightmail was blocking us.
"
Mail from this IP address is not allowed. Your computer has been identified as a compromised machine which needs to be cleaned in order to send email to Bellsouth. Please run an updated anti-virus/anti-spyware program on your machine immediately. If you believe this message is in error, please contact BrightMail at zbl-fp@review.symantec.com"

I actually contacted the review.symantec.com and they looked over the IP and said that the old IP was blocked but our new IP isn't. They also said our old IP was flagged as sending out SPAM messages, the same thing it says above.  Most importantly they said that they would take me off the block and monitor the IPs to ensure we won't get blocked again.

Within all this time I never once received an actual "SPAM" message that we've supposedly sent. Not a single admin out of all the ones I contacted could give me an example of the "SPAM" we were sending out. Brightmail however did confirm that we were blocked at one point.

So far since I've switched the IP address from the original comcast address to one of the others that they gave me I haven't had any problems.  It's been about a week today. I know it's a hassle but I would try using a different IP, if you don't have one demand another one from Comcast.  As time goes on I feel it was less likely that we were actually sending out actual spam.  

One thing I did do that may have helped is I set my Mail Filter (xwall) to discard SPAM e-mails instead of sending NDRs.  I think this did help because we were sending thousands of NDRs a day, and with the recent NDR attacks we may have been added as SPAM if users were flagging us as SPAM.

Part of me also thinks that Comcast is doing something wrong, but I wouldn't know what to tell them if you called.  I do know that they never really know the answer to half of the questions you ask and what they'll probably end up doing is just telling you 1) the problem is not on their end, or 2) they will give you a new IP address.

Let me know if you try any of this and it works.