Support

Guides, Articles and Frequently Asked Questions






  Index | General

What does the classification of my message mean?


In the EuropeanMXs Control Panel we use different classifications todescribe why a message was rejected or temporarily rejected.

 

Temporarily Rejected (4xx SMTP response)

  • Temporarily rejected

Temporarily rejected messages are stored on the sending mail server. In this case, legitimate mail servers always attempt to resend a message automatically. Depending on the reason for the temporary refusal, the message may be accepted at a later delivery attempt. To disable all checks and ensure that the message is accepted, you can add the sender to a whitelist.

  • Greylisted

The greylisting procedure is only applied to new IP addresses that are not (well) known to our global system. We do not use "classic" greylisting, so there is no delay in your legitimate traffic.  You can read more in our FAQ article "What does "Greylisting" mean and how does EuropeanMX handle it?" experienced.

  • You have been denied authentication

This error means that you have used incorrect authentication details for your outgoing messages too often in a short period of time. Please use the correct authentication data, wait a few moments and try again. This function protects your SMTP credentials from brute force attacks.

  • Unable to verify destination address

This error means that the target server is not reachable or temporarily rejects e-mail traffic. Please check the destination route to ensure that delivery to the correct destination server is attempted. The logs on the target server should show why they are unsuccessful.

  • Unable to verify sender address

The system could not verify the sender using a sender callout. You must check the sending mail server to find out why these callouts are not being performed. If the "Sender Verification" option is used in the outgoing user settings, each sender address must be verified in this way.

  • Internal error

An internal error has occurred that should be corrected automatically. If not, please contact our support.

  • Per-minute connection limit exceeded

The sender has exceeded the number of connections per minute limit.

  • Too Many Connections

Too many connections were built up by the sending mail server.

  • Too Many Concurrent SMTP Connections

To protect the systems against attacks, there is a fixed limit of 10 simultaneous SMTP connections per IP. Please make sure that the sending mail server only opens a maximum of 10 simultaneous connections in order not to exceed this limit.

  • Too many messages. Please wait for a while and try again.

This error message means that the outgoing user has exceeded the maximum number of messages defined for this user. The EuropeanMX Admin Panel allows you to increase or decrease this limit. You can also deactivate the restriction completely.

  • Mail for this domain cannot be accepted right now; please retry(Unable to handle in active connection.)

A message can be sent to multiple recipients within a single SMTP connection. A distinction between the different recipients is not allowed under the SMTP protocol. The message may only be accepted or rejected. If the recipients use different filter settings, we cannot accept or reject the message because the classification may vary depending on the recipient. In this case, we send a temporary rejection of the message to the sending mail server, so that it can try to deliver again for the recipient and each message can be classified separately.

Most mail servers try to resend immediately, so there is no delay in delivery. As long as all recipients use the same filter settings, the message is accepted/rejected immediately without using this procedure. If there is a delay, the sender can configure his server to either immediately try again or open a separate connection for each recipient.

 

Rejected (5xx SMTP response)

  • Rejected

Messages that have been rejected are blocked by the system and quarantined. If it is not spam, you can release the message from quarantine and train it. You have the possibility to add the sender to the whitelist at any time and thereby deactivate all checks. This allows you to ensure that messages from this sender will be accepted by the filter in the future.

  • Lines in message were longer than user maximum

This error message means that a line within the message is longer than the set maximum. According to RFC 5322 (SMTP 5321), a line must not be longer than 998 characters. Normally, the limitation of a line is done automatically by the e-mail clients (such as Thunderbird or Outlook) to avoid later delivery problems. This problem must be resolved by the sender. Alternatively, you can also deactivate the check.

  • Message had more parts than the user maximum (Too many MIME parts)

This error message refers to the number of MIME parts within a message. A limit of 100 parts is set by default. This can be exceeded and triggered by a large number of attachments or other MIME parts.

  • Sending server used an invalid greeting

If you receive this message, the sender has used an invalid HELO/EHLO. This may be due to the fact that an IP address is used for the HELO or because the HELO contains an invalid character, e. g. an underscore (_). RFC means that an FDQN (Full Qualified Domain Name) MUST be used.

  • Considered spam

Our systems have classified the message as SPAM and placed it in quarantine. Releasing the message from quarantine corrects the error in automatic classification.

  • SPF failure

This error message means that the SPF (Sender Policy Framework) specifications have been violated. If it is a legitimate message, this could be related to the forwarding function. Please note that releasing and training large amounts of failed SPF messages can result in the sending hostname being excluded from further SPF checks.

  • Pyzor

Pyzor is a filter that classifies the content of a message based on collected/reported data from our database. As soon as you release a message from quarantine, the classification in our system is corrected.

  • Sending server is missing DNS records

The sending server is missing MX records or A records for delivery. Please note that DNS changes only take effect after the initial TTL has expired.

  • Destination address does not exist

The connection is rejected by the destination server with a 5xx error (permanent). To ensure that the message is accepted, the problem must be investigated and resolved on the target server. The reason for the problem should be listed in the log files of the target server.

  • Recipient address rejected by destination

The recipient callout is rejected by the target server with a 5xx error (permanent). To ensure that the message is accepted, the problem must be investigated and resolved on the destination server. The reason for the problem should be listed in the log files of the destination server. For more information, see our FAQ article "What is a Recipient Callout?".

  • Phishing attempt detected

Our systems have detected a phishing attempt. As soon as you release the message from quarantine, the classification will be corrected in our system.

  • Date header far in the past or future.

You receive this classification if a date within the header of a message is more than the default 7 days in the future or in the past. When the message is released, it is only forwarded to the recipient. This problem must be investigated and solved by the sender.

  • Bad header count (Message incorrectly formed)

Messages containing duplicate header information such as "Subject" or "To" will be rejected until the underlying bug in the sender's software has been fixed. E-mails should never have duplicate header information!

  • Blacklisted sending server

The IP of the sending mail server was found on a blacklist.

  • Sending server listed on multiple DNSBL

The sending mail server was found on several blacklists. Releasing the message corrects the classification in our system.

  • Sending server attempted too many invalid addresses

The sending mail server has tried to send messages to too many invalid recipient addresses within a certain period of time. Please try again later.

  • Blacklisted sender

The sender was added to the custom sender blacklist.

  • URLBL

A URL within the message was found on several blacklists. Releasing the message corrects the classification in our system. The error message contains further information about the responsible list in which the URL is listed.

  • UCEPP

A token (e. g. URL, IP, phone number or other specific details) has been detected in the message that was found in past spam messages. Releasing the message corrects the classification in our system.

  • External Pattern Match

The layout and format of the message corresponds to the pattern of known spam messages. By releasing the message you can correct the classification in our system. The error message contains further information about the blacklist responsible for the entry.

  • User-specified blackhole address

A custom /dev/null address. This e-mail will not be delivered.

  • Combined Score

The "combined" result gives a weighted classification score of the different classifiers. Depending on the quarantine threshold, the message is either rejected as spam or accepted as a legitimate message. To be less restrictive to messages from a sender with incorrect HELO/PTR/IP configuration, a threshold of 0.91 can be used.  

The lower the quarantine threshold, the more messages are detected as spam and stored in quarantine. The sender receives an error message with the note "High probability of spam". Please ensure that legitimate messages are released from quarantine!

  • CRM114

CRM114 is a statistical content check. If a message is blocked by our system because of this classifier, it means that there has been a close match within the message with already known spam messages. Releasing the message corrects the classification in our system.

  • Subject contains invalid characters.

Messages rejected with the error message "550 Subject contains invalid characters" use characters in the subject that are not allowed according to RFC. In order to include non-ASCII characters in a subject line, the subject line must be correctly encoded, e. g. with UTF-8. By default, every common email client handles this automatically, so the error is probably due to a user-defined script that created the invalid subject. In this case, the header shows the classification "badly formed subject line" under "Evidence".

  • Tokens

Tokens means statistical content controls based on the data collected from all clusters and customers worldwide. Releasing the message from quarantine corrects the classification in our system.

  • Sanesecurity

We use certain Sanesecurity datasets to improve the verification of messages. You can decrypt the signature in the error message by clicking on the link http://sane.mxuptime.com/

  • Safebrowsing

If the message was rejected with the error message "Safebrowsing", it means that Google has listed you as a malicious file spreader.

  • Header is too long

Since this is a common indicator for non-legitimate messages, e-mails with excessively high header values are rejected.

  • Restricted characters in address

If a message with the error message "550 restricted charactes in adress" is rejected, the recipient's address contains a character that is not accepted by our system (e. g."&"). In the domain settings, you can specify which characters are allowed for your domain.

  • Relay not permitted

If a message is rejected with the error message "550 Relay not permittet!", then the delivery of the e-mail was attempted via port 25 for a domain that is not added to our system. To solve the problem, please create the domain in the incoming filter.

If you receive an error message when using the outgoing filter, please make sure that you transfer your messages to our system via port 587.

  • Message submission is for authorised users only!

This means that you are trying to start the delivery of your outgoing message via our filter on port 465/587 (standard). Please make sure that you are using valid user credentials for outgoing filter authentication.

If you receive the error message when you try to send mail inbound, your mail server is configured incorrectly (probably a misconfigured version of Lotus Domino).

  • Legitimate bounces are never sent to more than one recipient.

In case your message has been rejected with "Legitimate bounces arenever sent to more than one recipient" in the rejection message, it means that the mail server was trying to deliver an email to multiple recipients with an empty "MAIL FROM:<>" (return-path). The SMTP RFC5.3.2.1 indicates that null sender emails (bounces) can never be sent to multiple recipients.

  • Destination address is not configured.

This error message means that you are using the "Local recipients" setting for the domain and the recipient address is not included in the list.

  • The content of this message looked like spam.

This error message indicates that the content of the message is similar to previously reported spam messages and has therefore been blocked. If the message is legitimate, you can release it from quarantine and correct the classification in our system. It also updates the statistical filter to prevent similar messages from being blocked in the future.

  • Unrouteable address

This error occurs if there is a permanent network error when sending the message to the destination server. This problem is not related to the EuropeanMX filter, but is an indication of a network problem. The DNS servers of the domain may be unavailable or defective. Alternatively, the host name or IP may no longer exist or be unavailable due to a permanent problem. You can check the problem for errors in the DNS via the website http://dnscheck.sidn.nl/. Please contact your network administrator if necessary.

  • We do not accept mail from this address

This error message occurs if the sender has been manually added to the "blacklist sender" for the receiving domain.

  • We do not accept message/partial messages here

Before everyone had a permanent internet connection, sending large e-mails was time-consuming and often failed. For this reason, older email clients split up larger messages for delivery into several parts. This old function is no longer used today. It carries a high risk, as it makes the detection of viruses almost impossible (viruses are also broken down into several parts like the e-mail and are only reassembled by the recipient's client). Please make sure that this setting is not used in your mail client.

  • DMARC - REJECT

This error occurs when the sender's domain uses a strict DMARC policy. If the sender's DMARC record is set to REJECT and the messages originate from IP addresses that are not in the sender's SPF, they are rejected and not quarantined.

  • DMARC - Quarantine

This error occurs when the sender's domain is using a strict DMARC policy. If the sender's DMARC record is set to "QUARANTINE" and the messages originate from IP addresses that are not in the sender's SPF or that have a DKIM error, these messages are quarantined. This cannot be bypassed with the whitelist.

 

Accepted (2xx SMTP response)

  • Accepted

Messages classified with "Accepted" are not necessarily delivered. It only indicates that the message has been accepted by the filter. If the immediate delivery fails, the filter will try again at a later time. If the message is rejected by the target server, the sender receives a corresponding error message.

  • Message looked like non-spam

This message was accepted on the basis of our content check for delivery on your mail server. If you report the message as spam, the classification in our system will be corrected.

  • Accepted, DNSWL

The sending server is listed on several DNS whitelists. This means that no spam has been seen from this server lately. If you report the message as spam, the classification in our system will be corrected.

  • Accepted, whitelist

The sender address has been added to the custom whitelist sender. There is no filtering for this address. If you want to reactivate filtering, remove the address from the whitelist.


Was this article helpful?




This site makes use of cookies to enhance browsing experience and provide additional functionality. By continuing to browse this website you are agreeing to our use of cookies. OK