Office 365 sender verify failed 550 5.7.363

WorkinOnIt

Well-Known Member
Aug 3, 2016
194
27
28
UK
cPanel Access Level
Root Administrator
Hi

A customer recently emailed me and they received a bounce back. They are using Office 365. This was the error received;

A security check at mydomain.com failed due to misconfigured settings at senderdomain.com

(Misconfigured PTR record)

Code:
More Info for Email Admins
Status code: 550 5.7.363

It appears that the recipient's email server at mydomain.com performed a reverse DNS (rDNS) lookup security check to verify that the IP address the message is coming from is associated with the sending domain, and the lookup failed. It appears that the pointer (PTR) record for senderdomain.com isn't set up correctly.

Set up or fix your domain's PTR record - If you're the admin for senderdomain.com, work with your DNS hosting provider (your domain registrar, Web hosting provider, or ISP) to correctly set up a PTR record for your domain. If you're using Office 365 to manage your DNS records note that PTR record creation and management isn't supported in Office 365, so you'll have to change your DNS management to a DNS host outside Office 365. Refer to this article for more information and instructions: Change how DNS records are managed with Office 365.

Unfortunately, Office 365 Support can't help you fix these kinds of externally reported errors because Office 365 doesn't support PTR record management.

Original Message Details
Created Date:
9/28/2017 2:59:46 AM
Sender Address:
someone @ senderdomain.com

Recipient Address:
me @ mydomain.com

Subject: somesubject

Error Details
Reported error:

550 5.7.363 Remote server returned sender verification failed -> 550 Verification failed for <[email protected]>;No Such User Here;Sender verify failed

DSN generated by:

H4FwQcds356215.ausprd0434.prod.outlook.com

Remote server:

my.server.hostname
In my Exim file log I have this;


Code:
2017-09-28 15:53:52 H=mail-sy3aus8xxxxxx.outbound.protection.outlook.com (AUxyz22-SY3-obe.outbound.protection.outlook.com) [104.47.1234.1234]:54720 sender verify fail for <[email protected]>: No Such User Here
2017-09-28 15:53:52 H=mail-sy3aus8xxxxxx.outbound.protection.outlook.com (AUxyz22-SY3-obe.outbound.protection.outlook.com) [104.47.1234.1234]:54720 X=TLSv1.2:ECDHE-RSA-AES256-SHA1234:256 CV=no F=<[email protected]> rejected RCPT <[email protected]>: Sender verify failed
2017-09-28 15:53:52 H=mail-sy3aus8xxxxxx.outbound.protection.outlook.com (AUxyz22-SY3-obe.outbound.protection.outlook.com) [104.47.1234.1234]:54720 Warning: "Detected session with all messages failed"
2017-09-28 15:53:52 H=mail-sy3aus8xxxxxx.outbound.protection.outlook.com (AUxyz22-SY3-obe.outbound.protection.outlook.com) [104.47.1234.1234]:54720 Warning: "Increment slow_fail_block Ratelimit - mail-sy3aus8xxxxxx.outbound.protection.outlook.com (AUxyz22-SY3-obe.outbound.protection.outlook.com) [104.47.1234.1234]:54720 because of all messages failed"
2017-09-28 15:53:52 SSL_write: (from mail-sy3aus8xxxxxx.outbound.protection.outlook.com (AUxyz22-SY3-obe.outbound.protection.outlook.com) [104.47.1234.1234]:54720) syscall: Connection reset by peer
2017-09-28 15:53:52 SMTP connection from mail-sy3aus8xxxxxx.outbound.protection.outlook.com (AUxyz22-SY3-obe.outbound.protection.outlook.com) [104.47.1234.1234]:54720 closed by QUIT

I have forwarded the above detail to their email sysadmin to see if they can get the PTR corrected.

Meanwhile, how can I whitelist any email sent from @senderdomain.com in WHM ? I'd like to know this for future reference too.

I see there is a option in Exim > Basic Editor > Only-verify-recipient

But what hostname should I add? Please give me an example!

Thanks
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello,

You'd need to add the sending server's IP address to the "Trusted SMTP IP addresses" option under the "Access Lists" tab in "WHM >> Exim Configuration Manager >> Basic Editor". You can find a list of Office 365 IP ranges at:

Office 365 URLs and IP address ranges

Thank you.
 

WorkinOnIt

Well-Known Member
Aug 3, 2016
194
27
28
UK
cPanel Access Level
Root Administrator
Thanks @cPanelMichael

Is there not a way to simply "ban" an entire domain easily on the server via the domain name?

A domain (for example; buy-now-great . top) that sends a lot of spam can easily change their IP address, however, banning anything with that domain might be more effective?