Emails being blocked as spam

I need a solution

Good afternoon,

I have a client who’s emails started getting blocked on March 1st to a specific email. I have tried emailing, but it bounces back with this responce:

I’m sorry to have to inform you that your message could not be delivered to one or more recipients. It’s attached below.

For further assistance, please send mail to <postmaster>.

If you do so, please include this problem report. You can delete your own text from the attached returned message.

<>: 554 5.1.2 Recipient address rejected: User unknown

I have tried emailing with not responce or a notification of it being delivered. I have called the support 1-800 number and was directed to the sites I have already been to.  If there any way to get a domain or ip address removed from the blacklist that actually works?

Any help would be appriciated.

Thank you,




email block

I need a solution

My client cannot send email to message lab addresses. We do not send bulk mail and are not listed on any blacklist including Symantec.

Returned emails have a header like this:

Subject: Mail delivery failed : returning message to sender

This message was created automatically by the SMTP relay on


A message that you sent could not be delivered to all of its recipients.

The following address(es) failed:

    SMTP error from remote mail server after RCPT>:

    host []:

    421 Service Temporarily Unavailable: retry timeout exceeded

—— This is a copy of the message, including all the headers. ——

Return-path: <>

Received: from [] (port=40176

                by with esmtp (Exim 4.82_1-5b7a7c0-XX)

                (envelope-from <>)

                id 1gUZwM-00008V-2X

                for <message lab client>; Wed, 05 Dec 2018 11:22:22 -0500

Received: from dmc-Mail2010.dmcdomain.local ([fe80::9c64:df94:9c18:229c]) by  dmc-Mail2010.dmcdomain.local ([fe80::9c64:df94:9c18:229c%10]) with mapi id  14.03.0415.000; Wed, 5 Dec 2018 11:22:22 -0500

X-CTCH-RefID: str=0001.0A020205.5C07FB3E.00DD,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0

From: Abigail Araujo <>

To: <message lab client>

Subject: Test

Thread-Topic: Test

Thread-Index: AdSMtqTriyykCgvwQCKUl+Jmuj+kSQ==

Date: Wed, 5 Dec 2018 16:22:21 +0000

Message-ID: <3C7074C5333CC54287CD83E334D3105709CD65C7@dmc-Mail2010.dmcdomain.local>

Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach: yes


x-originating-ip: []

Content-Type: multipart/related;



MIME-Version: 1.0


Content-Type: multipart/alternative;



Content-Type: text/plain; charset=”us-ascii”

Content-Transfer-Encoding: quoted-printable

Our email filter shows a smtp spool like this:

2018-12-09 15:01:18 []:25 Connection timed out
2018-12-09 15:03:25 []:25 Connection timed out
2018-12-09 15:05:33 []:25 Connection timed out
2018-12-09 15:07:40 []:25 Connection timed out
2018-12-09 15:09:47 []:25 Connection timed out
2018-12-09 15:09:47 SMTP error from remote mail server after RCPT TO:<>: host []: 421 Service Temporarily Unavailable
2018-12-09 15:09:47 R=dnslookup T=remote_smtp defer (-44): SMTP error from remote mail server after RCPT TO:<>: host []: 421 Service Temporarily Unavailable

This is my 2nd post and I have emailed the investigation email address twice. So far I have no replies



7020967: Preventing backscatter (mailer-daemon and postmaster spam)

Backscatter, is a term commonly associated with spam coming through the filters disguised as mailer-daemon@<domain>.com or postmaster@<domain>.com The emails usually appear to be undeliverable email from a mail relay.


We need to set up GWAVA to block the postmaster and mailer-daemon addresses.

In your GWAVA Management Console – browse to your “Source address filter (from:)” option

Add both “postmaster@*” and “mailer-daemon@*” to the list (seen below.) You can choose to block and quarantine, or just block the unwanted postmaster and mailer-daemon emails.

After you have added the source address blocks, we want to set up some exceptions so that valid undeliverable messages still get delivered. If we don’t have those exceptions, all mailer-daemon and postmaster e-mail addresses would be blocked. An IP address exception in GWAVA will allow the messages generated by your GWIA to be delivered.

To make an IP address exception go to the exception folder and select “Message header.” Add both the public and private IP address of your Groupwise Internet Agent (GWIA) to your message header exceptions (e.g. — private and — public).

Make sure you check only the source addresses “mailer-daemon@*” and “postmaster@*” checkboxes (seen below) for the private and public IP addresses.

By following these steps you will prevent the backscatter email from being delivered to your inbox.


7020932: Getting Flooded by Mailer-Daemon and Postmaster addressed email (BACKSCATTER)

This document (7020932) is provided subject to the disclaimer at the end of this document.


GWAVA 4, 5, & 6


Email system is flooded with Mailer-Daemon and Postmaster email


These emails are most likely caused by “Backscatter”. This is a common term used to describe undeliverable messages generated by an SMTP server. It is important to understand that these emails are not typically spam. Rather they are legitimately created email messages generated by a compliant SMTP server. The most likely cause is a spammer originated the message, sent it to an open relay or SMTP appliance of some sort, and faked the reply address using a dictionary attack or some other means. When the SMTP relay/appliance attempted deliver to the correct address and was rejected, the only address it could go on to send an undeliverable message to was the reply address. Meaning that the mailer-daemon message created by the SMTP server is sent to you, an unsuspecting email address, rather than the real originator.

For more information about backscatter and ways to avoid it, try the following link or search “backscatter” on your internet search engine.

Additional Information

This article was originally published in the GWAVA knowledgebase as article ID 228


This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.


How the Postmaster@domain address works

I’m very new to Exchange (in fact, an apprentice and studying it at the moment) and am wondering how the address works. An example:

A smarthost configured with one mailbox,, with an * alias so, my understanding, all mail sent to * is SMTP forwarded onto the address.

But what happens now? Does Exchange have a master mailbox Postmaster, that receives all this mail and just dishes it out to the correct mailbox? Or is what I just wrote a pile of garbage!

So I’m a little confused. On the Smart Host – there is SMTP forwarding to forward all SMTP to IP Address x.x.x.x which is active for a mailbox on the smarthost called with an alias of * How is this working exactly?