Emails being returned because of councils' email policies

[MyfanwyNixon]

eg see message ID ec6561019b5f4b79cbd3

SMTP error from remote mail server after RCPT TO:memberservices@rhondda-cynon-taff.gov.uk: host eu-smtp-inbound-1.mimecast.com [195.130.217.211]: 550 Administrative prohibition - envelope blocked - https://community.mimecast.com/docs/DOC-1369#550

So, if I've understood correctly, they have blocked emails from the WTT domain? I've tried tweeting them (as my emails also bounced back). They were looking into it at the end of Nov but no news after that: https://twitter.com/mysociety/status/803651262566764544

[MyfanwyNixon]

Changing this ticket to be more widely about councils who automatically return our messages.

Message id fcb8b913a1326374267b:

Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.

Diagnostic information for administrators:

Generating server: HighlandCouncil.gov.uk

xxxxxx@highland.gov.uk

550 5.7.1 RESOLVER.RST.NotAuthorized; not authorized ##rfc822;xxxx@highland.gov.uk

Original message headers:

Received: from EUR01-VE1-obe.outbound.protection.outlook.com (10.40.30.241)= by ntexchhub1.HighlandCouncil.gov.uk (10.40.14.18) with Microsoft SMTP Server (TLS) id 8.3.485.1; Sun, 15 Jan 2017 11:48:02 +0000 Received: from DB3FFO11FD031.protection.gbl (10.47.216.33) by DB3FFO11HUB020.protection.gbl (10.47.216.206) with Microsoft SMTP Server (version=3DTLS1_2, cipher=3DTLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.803.8; Sun, 15 Jan 2017 11:48:00 +0000 Authentication-Results: spf=3Dpass (sender IP is 46.43.39.102) smtp.mailfrom=3Dwritetothem.com; highland.gov.uk; dkim=3Dpass (signature w= as verified) header.d=3Dwritetothem.com;highland.gov.uk; dmarc=3Dpass action= =3Dnone header.from=3Dwritetothem.com;highland.gov.uk; dkim=3Dpass (signature was verified) header.d=3Dwritetothem.com; Received-SPF: Pass (protection.outlook.com: domain of writetothem.com designates 46.43.39.102 as permitted sender) receiver=3Dprotection.outlook= .com; client-ip=3D46.43.39.102; helo=3Dmailer102.ukcod.org.uk; Received: from mailer102.ukcod.org.uk (46.43.39.102) by DB3FFO11FD031.mail.protection.outlook.com (10.47.217.62) with Microsoft SM= TP Server (version=3DTLS1_2, cipher=3DTLS_RSA_WITH_AES_256_CBC_SHA256) id 15.= 1.803.8 via Frontend Transport; Sun, 15 Jan 2017 11:48:00 +0000 DKIM-Signature: v=3D1; a=3Drsa-sha256; q=3Ddns/txt; c=3Drelaxed/relaxed; d= =3Dwritetothem.com; s=3D2014a.mysociety; h=3DContent-Transfer-Encoding:Content-Type:MIME-Version:From:Date:T= o:Message-ID:Reply-To:Subject; bh=3DTcTUButtOs5ZlF+ZC91cFDaiuaWy6Kg0+EoMc0X= Zn7o=3D; b=3Dlvz8o83IOGDAfURIzYZ0e+46F7S1PlWG8vM9F4fI72je+OcsnMC644hUiXHOEHR= S3b0FnIdsnY2vT5VMnPuL9pimFStHD/mrnuGzQELqcV9n36XwOHc3gn9DknI31WNmbuIzvvV3aG= uT+g9oKDf2VtNEFQCNe1Vv+iUlvWRm9gfRpiu8Xk4svRZv4yeQvEDeew+d5fav2kJf1yeErMMcg= Me3Z9akWYzl8uL1GP+7CHn5B3d4ZtpzTRBwt545QRbk/paHOytU4JqpwZe8Orm2wzcLsoGwYo1Y= n/U34AIYhxs+pr5dO4COSDCg2n9Kr5FnOLKB99A5JYGUepyJDGoWBA=3D=3D; Received: from pluto.ukcod.org.uk ([46.43.39.71]:37859) by leopard.ukcod.org.uk with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Ex= im 4.80) (envelope-from fyr-3zm2iz2yc7_jblzmyrkemlb2u5qeyo@writetothem.com= ) id 1cSjHz-0002vF-La for xxxxxxx@highland.gov.uk; Sun, 15 Jan 201= 7 11:48:00 +0000 Received: from localhost ([127.0.0.1]:35080 helo=3Dlocalhost.localdomain) b= y pluto.ukcod.org.uk with esmtp (Exim 4.80) (envelope-from fyr-3zm2iz2yc7_jblzmyrkemlb2u5qeyo@writetothem.com) id 1cSjHz-0005eD-8X= for xxxxxxx@highland.gov.uk; Sun, 15 Jan 2017 11:47:59 +0000

[MyfanwyNixon]

ID 64c5d0984c774ce31ab7 SMTP error from remote mail server after end of data:

host chpseg01n.somerset.gov.uk [194.74.187.85]: 550 Header value not allowed

Are these (including the above) issues that @sagepe would be able to/should look at?

[sagepe]

#550 5.7.1 RESOLVER.RST.NotAuthorized; not authorized

This is the remote server rejecting the message. This could actually be for all sorts of reasons. In this case, I wonder if it might be because Gail Ross has resgined as a councillor so her mailbox might be embargoed or removed. (I only discovered this when searching for her email address to check it was correct!)

[MyfanwyNixon]

Ah thanks @sagepe - that could just have been me not being diligent enough on that one: normally I will click through to check that the councillor is still active. I'd certainly expect their mailboxes to be removed on resignation.

[sagepe]

I've just had a look at the logs for transactions involving chpseg01n.somerset.gov.uk. That host has accepted some mail from us today, so it's not a global issue, for example messages for other users were accepted.

Without a bit more information it's going to be difficult to see exactly why the message was rejected. The error is fairly generic. Was there any more info in the bounce?

[MyfanwyNixon]

It's at ID 64c5d0984c774ce31ab7 if you have access to the WTT queue.

Oddly enough, if it's relevant, the message was from a @somerset.gov.uk email address.

Return-path: <> Envelope-to: fyr@pluto.ukcod.org.uk Delivery-date: Thu, 23 Feb 2017 12:02:36 +0000 Received: from ocelot.ukcod.org.uk ([46.43.39.78]:42747) by pluto.ukcod.org.uk with esmtp (Exim 4.80) id 1cgs6W-0001m0-LM for fyr@pluto.ukcod.org.uk; Thu, 23 Feb 2017 12:02:36 +0000 Received: from Debian-exim by ocelot.ukcod.org.uk with local (Exim 4.80) id 1cgs6W-0007Vt-Dp for fyr-udc2ooxlri_5uxttho4dvkeizyywfo@writetothem.com; Thu, 23 Feb 2017 12:02:36 +0000 X-Failed-Recipients: xxxxxxxx@somerset.gov.uk Auto-Submitted: auto-replied From: Mail Delivery System Mailer-Daemon@ocelot.ukcod.org.uk To: fyr-udc2ooxlri_5uxttho4dvkeizyywfo@writetothem.com Subject: Mail delivery failed: returning message to sender Message-Id: E1cgs6W-0007Vt-Dp@ocelot.ukcod.org.uk Date: Thu, 23 Feb 2017 12:02:36 +0000 X-Delivered-Suffix: -udc2ooxlri_5uxttho4dvkeizyywfo

[sagepe]

My suspicion is that you've hit the nail on the head - they are rejecting external mail that has a From: header containing a somerset.gov.uk address to prevent spoofing. There's nothing else there that looks like a problem. Really we'd probably have to contact them and check to see whether this was the case to be certain.

[abibroom]

This repository is public, so please remove people's email addresses from the comments...

As further support for this diagnosis, a recent bounce from Thurrock to a FixMyStreet report made by someone using a Thurrock email address gave the error "550 Rejected by header based Anti-Spoofing policy" and refers you to https://community.mimecast.com/docs/DOC-1369#550

[MyfanwyNixon]

Done, thanks Abi

[jacksonj04]

Relevant: #193 (which, along with referenced tickets, explores DMARC and address spoofing with no discernable outcome other than "we'll keep an eye on it").