A wise man once blogged about an issue with routing outbound SMTP to godaddy hosted domains (messages that route via smtp.secureserver.net).

5 years later the problem persists.

Even though the IP being used for outbound SMTP is not, nor has ever been, "blocked" by anyone, you will still see the following after the initial SMTP handshake (turn up outbound SMTP debugging, if necessary):

SMTPClient: ReceiveResponse: 554 Your access to this mail system has been rejected due to spam or virus content. If you believe that this failure is in error, please submit an unblock request at  http://unblock.secureserver.net

Going to the URL yields an ever-so-helpful, "Thank You.  [ip address that was entered] is not blocked at this time. It may have been unblocked due to an earlier request.

If you have additional questions please call 480-624-2500."

Well, your SMTP server says it's still blocked, so what gives?

So, I called the number, and talked to "Mark." It took a while for what I was calling about to click with Mark, but, eventually he insisted that because I couldn't send him an example of a bounced message with a message header that that the problem had to be on my side.  I tried to explain that there wouldn't be a header for a message that was not actually routed to their systems (and if it were routed to their systems we wouldn't be having this call in the first place).  Sending the chunk from the log showing that it was their side that was preventing the delivery didn't help convince him.

Anyway, nothing was solved during the call.

Here's the solution:

Even if your outbound SMTP server is not intended to accept inbound SMTP from outside your internal network, you have to open port 25 for the server's public IP.  If you choose to do this ( in my situation, I had to since godaddy doesn't appear to be changing their non-standard approach any time soon), and you don't want to truly expose your server to public SMTP traffic, be sure the server's configuration doc is in order.

For example, Router/SMTP > Restrictions and Controls > SMTP Inbound Controls > Inbound Connection Controls (section) > Allow connections only from the following SMTP internet hostnames/IP addresses (field)

In an environment where this list can be large, I like to use a group for this value and then make modifications to the group, as necessary.

In this case, I knew that only 2 IP addresses would ever need to route inbound SMTP to this server (the two servers that are specifically set up to do this in the DMZ), so I entered the two IP addresses [in brackets] and restarted the router/smtp and... voilà.

Now godaddy gets a response to their helo (even though the response is basically "you will NEVER send SMTP back through me"), and the oubound mail is accepted by smtp.secureserver.net for delivery.

Recent Blog Posts

264

Registering new users with PIRC enabled by default Wed, Feb 15th 2012 9:12a David Brown In the process of enabling PIRC (http://www-01.ibm.com/support/docview.wss?ca=kb&rs=899&uid=swg21501675), it occurs to me that there doesn't seem to be a direct way of PIRC-enabling the new file upon mail database creation. Sure it is easy enough to set the advanced property for all databases in a directory, etc, but that is only as good as the moment you do that. The mailfile for the next user to be registered (and their clustered mail database(s) also created during registration) [read] Keywords: ibm database

263

Tip on using BES Transporter Mon, Feb 6th 2012 1:09p David Brown BES Transporter is a powerful tool included in the BlackBerry Enterprise Server Resource Kit. I recently used BES Transporter to move active users from a 4.1.6 customer-managed BES to a 5.0.3 BES hosted at a GBS datacenter. The beauty is that the users were unaware that the move even happened. They did not have to wipe or reactivate their devices as part of the process. However, in the pilot phase, I did encounter one glitch that even stumped RIM support. Suffice to say, you can create r [read] Keywords: bes blackberry database enterprise rim server

135

Sending SMTP to secureserver.net from dedicated Domino outbound SMTP servers Wed, Nov 2nd 2011 4:13p David Brown A wise man once blogged about an issue with routing outbound SMTP to godaddy hosted domains (messages that route via smtp.secureserver.net). 5 years later the problem persists. Even though the IP being used for outbound SMTP is not, nor has ever been, "blocked" by anyone, you will still see the following after the initial SMTP handshake (turn up outbound SMTP debugging, if necessary): SMTPClient: ReceiveResponse: 554 Your access to this mail system has been rejected due to spam or virus [read] Keywords: connections domino ibm apple network server smtp virus

103

Bug in Barracuda 250 response after hostname/domain change Mon, Oct 31st 2011 11:11a David Brown I encountered the following bug today in a Barracuda SMTP 250 response after the default host name and domain is changed (Basic > IP Configuration > Domain Configuration)... Updates to this field are properly reflected in the initial 220 handshake, but the 250 response continues to refer to the previously configured host name and domain. Barracuda is logging it as a code bug and will hopefully be resolving it in a future firmware release, but the good news is that the workaround is sim [read] Keywords: bug smtp

118

A treasure trove of ID Vault knowledge Thu, Oct 6th 2011 1:11p David Brown You read the Admin help, you attended the Lotusphere sessions; now take your knowledge of ID Vault to the next level. Check out... Wiki article contributions by Nancy E Kho For instance, lets say you just noticed a plethora of replication conflicts in your ID Vault. After the initial panic subsides, what do you do? Delete the rep conflicts? Nope! The next time the user modifies her ID file and resynchronizes with the ID vault, the vault will automatically merge the multiple entries, end [read] Keywords: admin administration id vault ldd lotus lotusphere profile wiki

83

When failover fails Fri, Sep 30th 2011 8:08a David Brown Um, Houston... [read] Keywords: bleedyellow bleedyellow.com

232

Password prompt bug in Traveler for Android Fri, May 27th 2011 9:08a David Brown Seeing an intermittent Traveler prompt on your Android device, "Your Lotus Notes ID password is required to sign or encrypt the email"? There's a fix for that. You can either wait for the next official release or open a PMR and ask for the latest "interim fix" build of Traveler for Android. (One that includes the fix for LO61077 - DELETE SIGNED MAIL ON ANDROID CAUSES PROMPT.) In many cases, the prompt is seen after an extended lull in the normal sync schedule (i.e. during the first [read] Keywords: id vault lotus notes traveler bug email password

187

Re: Traveler for Android Activation Problem Tue, Apr 5th 2011 11:11a David Brown In response to: Traveler for Android Activation ProblemHi Mat, Harald, and Craig. First of all, thanks for taking the time to help. Here's my progress (or lack thereof), so far... Lotus Traveler Device Settings The default Lotus Traveler Device Settings doc for the server has all five of the Sync Options ticked. However, you are good to guess that there is also a Domino Policy (potentially) at play here, because there is a dynamic policy for all Traveler users that als [read] Keywords: domino ibm lotus policies traveler bleedyellow bleedyellow.com email security server

80

Traveler for Android Activation Problem Fri, Apr 1st 2011 3:09p David Brown Ever seen/heard of the installation and configuration working all the way up to this screen, but not allowing the user to enable the sync options? Note that they can select between Removable/Internal without a problem. Device is a Droid X (Verizon). Server is 8.5.2.2. No SSL, device security exempt. We've been successful enabling other Android devices (including 4 other Droid X's). [read] Keywords: traveler bleedyellow bleedyellow.com security server

125

Nothing from nothing is nothing Fri, Mar 11th 2011 11:15a David Brown I have an idle Traveler server (it was set up for a pending roll-out a while ago and it has been completely unused, so far). tell traveler status The Lotus Notes Traveler task has been running since Sun Feb 20 23:36:05 EST 2011. There have been no successful device syncs since Lotus Notes Traveler was started. Yellow Status Messages The response times for opening databases on mail server are above the acceptable threshold. The overall status of Lotus Notes Traveler is Yellow. Hmmm, a [read] Keywords: lotus notes traveler server