“501 Connection rejected by policy”

I need a solution


We are a company offering various hosting services.

Recently, one customer have complained over Mail delivery failed: returning message to sender

Server ip (deszr.com)

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
SMTP error from remote mail server after initial connection:
501 Connection rejected by policy [7.7] 5608, please visit www.messagelabs.com/support< http://www.messagelabs.com/ support>

I would appreciate if anyone could help to this matter.

Thank you very much and good day.



501 Connection rejected by policy Issue

I need a solution


We are currently having an issue with 2 new VPS. All our clients who are sending to emails to some of their recipients are receiving the following message:

SMTP error from remote mail server after initial connection: 501 Connection rejected by policy [7.7] 3911, please visit www.messagelabs.com/support for more details about this error message.

The IPs are: and

We have just ordered these servers and started using these IPs. It looks like these IPs have been blacklisted previously by the old owner. We have checked with http://ipremoval.sms.symantec.com/lookup/ and the tools says: “does not have a negative reputation and therefore cannot be submitted for investigation. ” but our clients keep receiving the 501 error.

Can someone please investigate to whitelist these two IPs.





7020967: Preventing backscatter (mailer-daemon and postmaster spam)

Backscatter, is a term commonly associated with spam coming through the filters disguised as mailer-daemon@<domain>.com or postmaster@<domain>.com The emails usually appear to be undeliverable email from a mail relay.


We need to set up GWAVA to block the postmaster and mailer-daemon addresses.

In your GWAVA Management Console – browse to your “Source address filter (from:)” option

Add both “postmaster@*” and “mailer-daemon@*” to the list (seen below.) You can choose to block and quarantine, or just block the unwanted postmaster and mailer-daemon emails.

After you have added the source address blocks, we want to set up some exceptions so that valid undeliverable messages still get delivered. If we don’t have those exceptions, all mailer-daemon and postmaster e-mail addresses would be blocked. An IP address exception in GWAVA will allow the messages generated by your GWIA to be delivered.

To make an IP address exception go to the exception folder and select “Message header.” Add both the public and private IP address of your Groupwise Internet Agent (GWIA) to your message header exceptions (e.g. — private and — public).

Make sure you check only the source addresses “mailer-daemon@*” and “postmaster@*” checkboxes (seen below) for the private and public IP addresses.

By following these steps you will prevent the backscatter email from being delivered to your inbox.


7020932: Getting Flooded by Mailer-Daemon and Postmaster addressed email (BACKSCATTER)

This document (7020932) is provided subject to the disclaimer at the end of this document.


GWAVA 4, 5, & 6


Email system is flooded with Mailer-Daemon and Postmaster email


These emails are most likely caused by “Backscatter”. This is a common term used to describe undeliverable messages generated by an SMTP server. It is important to understand that these emails are not typically spam. Rather they are legitimately created email messages generated by a compliant SMTP server. The most likely cause is a spammer originated the message, sent it to an open relay or SMTP appliance of some sort, and faked the reply address using a dictionary attack or some other means. When the SMTP relay/appliance attempted deliver to the correct address and was rejected, the only address it could go on to send an undeliverable message to was the reply address. Meaning that the mailer-daemon message created by the SMTP server is sent to you, an unsuspecting email address, rather than the real originator.

For more information about backscatter and ways to avoid it, try the following link or search “backscatter” on your internet search engine.


Additional Information

This article was originally published in the GWAVA knowledgebase as article ID 228


This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.


Email Security.cloud how to get last 30 days emails hits to our message labs

I need a solution

We want to get the list of all sender email adress those are email rejected by Antispam with Security Scan

Anti-Spam Service


Reason:Sorry, your email address  has been blacklisted.
Is it possible to get all sender lists with above details. last 30 days report


7020739: SPF Connection Drop Setup

Sender Policy Framework (SPF) allows GWAVA to identify messages that are or are not authorized to use the domain name in the SMTP HELO and MAIL FROM commands, based on information published in a sender policy of the domain owner.

For more information on SPF, see RFC 4408 or http://www.openspf.org/.

It is effective for filtering out spam that is spoofing the sender’s address and preventing some backscatter attacks. It is important to note that for SPF to work correctly, the sending domain must have an updated SPF record set up in DNS. If the sending domain does not have a SPF record set in their DNS, then their mail will not be blocked. Setting up a correct SPF record will block messages from spammers who are pretending to be you, to your system.

The SPF connection drop feature causes connections to be dropped if they do not pass the SPF check.


To enable it go to Scanner / Policy Management – [Policy name] – Scanning configuration – Antispam -SPF.

Make sure that Enable SPF test and Enable Connection drop are checked and save the changes if necessary.

GWAVA 4 / 5:

To enable it, go to Server/Scanner Management | [your server] | Manage scanners | [your SMTP scanner] | Configure SMTP settings | Mail interface settings. On the SMTP interface page, you can enable the Perform SPF connection drop feature.


Symantec Mail Security detected an error in a message you sent from your address

I need a solution

Symantec Mail Security is sending the following notification message to an internal sender:

Subject Symantec Mail Security detected an error in a message you sent from your address

Subject of the message: <Subject of the message sent from the sender>

Recipient of the message: <Recipient address>

Server Name: <Server Name>

The message was delivered succesfully to the recipient. Nothing about this message is found in the event log. I didn’t find any reference online about this error. When the user send the same message again, the same notification message is sent.



A virus infected message was deleted. Internet Message ID .

Product: Exchange
Event ID: 347
Source: MSExchangeActiveSyncNotify
Version: 6.5.6940.0
Component: Microsoft Mobile Sync Server
Message: A virus infected message was deleted. Internet Message ID <id>.

The store driver has reported that third-party antivirus software deleted a message prior to delivery. This is usually because the message was infected and could not be cleaned. You can change the setting to allow the mail to be sent to the bad mail directory instead.

User Action

No user action is required.