Rejected (5xx SMTP response)
Messages rejected with the following errors are blocked by the system and moved to the quarantine. If the message is not spam, you can release it from the quarantine and have it trained. You can always add the sender to the allow list and thus disable all checks. This way you can ensure that messages from this sender will be accepted by the filter in the future.
500 - A syntax error was encountered and the command could not be recognized
501 - A syntax error was encountered in the command parameters or arguments
502 - The supplied command is not implemented
503 - The server has encountered a bad sequence of commands
510 - The message could not be delivered, check the recipient address
512 - The recipient domain cannot be found
515 - destination mailbox address is invalid
521 - The recipient domain does not accept mail
523 - Server limit exceeded. The message was too large
541 - No response from host
542 - Bad connection
550 - The requested command failed because the user's mailbox was unavailable or the recipient server rejected the message due to high probability of spam
551 - The intended recipient mailbox was not available on the recipient server
552 - The message was not sent because the recipient mailbox does not have adequate storage space
554 - The transaction failed. No other information given.
- Suggested filename is longer than most filesystems support
In this error message, the message contains an attachment whose file name is more than 255 characters. To prevent the error from occurring again, we ask you to choose a file name that contains less than 255 characters. Most operating systems cannot handle more than 255 characters in the file name, which is why the limit has been set accordingly.
- Lines in message were longer than user maximum
This error message means that a line within the message is longer than the set maximum. According to RFC 5322 (SMTP 5321), a line must not be longer than 998 characters. Normally, the limitation of a line is done automatically by the e-mail clients (such as Thunderbird or Outlook) to avoid later delivery problems. This problem must be resolved by the sender. Alternatively, you can also deactivate the check.
- Message had more parts than the user maximum (Too many MIME parts)
This error message refers to the number of MIME parts within a message. A limit of 100 parts is set by default. This can be exceeded and triggered by a large number of attachments or other MIME parts.
- Sending server used an invalid greeting
If you receive this message, the sender has used an invalid HELO/EHLO. This may be due to the fact that an IP address is used for the HELO or because the HELO contains an invalid character, e. g. an underscore (_). RFC means that an FDQN (Full Qualified Domain Name) MUST be used.
- SPF failure
This error message means that the SPF (Sender Policy Framework) specifications have been violated. If it is a legitimate message, this could be related to the forwarding function. Please note that releasing and training large amounts of failed SPF messages can result in the sending hostname being excluded from further SPF checks.
- Sending server is missing DNS records
The sending server is missing MX records or A records for delivery. Please note that DNS changes only take effect after the initial TTL has expired.
- Destination address does not exist
The connection is rejected by the destination server with a 5xx error (permanent). To ensure that the message is accepted, the problem must be investigated and resolved on the target server. The reason for the problem should be listed in the log files of the target server.
- Recipient address rejected by destination
The recipient callout is rejected by the target server with a 5xx error (permanent). To ensure that the message is accepted, the problem must be investigated and resolved on the destination server. The reason for the problem should be listed in the log files of the destination server. For more information, see our FAQ article "What is a Recipient Callout?".
- Date header far in the past or future
You receive this classification if a date within the header of a message is more than the default 7 days in the future or in the past. When the message is released, it is only forwarded to the recipient. This problem must be investigated and solved by the sender.
- Bad header count (Message incorrectly formed)
Messages containing duplicate header information such as "Subject" or "To" will be rejected until the underlying bug in the sender's software has been fixed. E-mails should never have duplicate header information!
- Subject contains invalid characters
Messages rejected with the error message "550 Subject contains invalid characters" use characters in the subject that are not allowed according to RFC. In order to include non-ASCII characters in a subject line, the subject line must be correctly encoded, e. g. with UTF-8. By default, every common email client handles this automatically, so the error is probably due to a user-defined script that created the invalid subject. In this case, the header shows the classification "badly formed subject line" under "Evidence".
- Tokens / Global Tokens
Tokens means statistical content controls based on the data collected from all clusters and customers worldwide. Releasing the message from quarantine corrects the classification in our system.
- Heuristics.LinkChecks
In cases where your message was rejected with Heuristics.LinkChecks.ProbableMalware and Heuristics.LinkChecks.ProbablePhish in the rejection message, it means that you were (recently) listed by Google as a host for malicious files.
- Header is too long
Since this is a common indicator for non-legitimate messages, e-mails with excessively high header values are rejected.
- Restricted characters in address
If a message with the error message "550 restricted charactes in adress" is rejected, the recipient's address contains a character that is not accepted by our system (e. g."&"). In the domain settings, you can specify which characters are allowed for your domain.
- Relay not permitted
If a message is rejected with the error message "550 Relay not permittet!", then the delivery of the e-mail was attempted via port 25 for a domain that is not added to our system. To solve the problem, please create the domain in the incoming filter.
If you receive an error message when using the outgoing filter, please make sure that you transfer your messages to our system via port 587.
- Message submission is for authorised users only
This means that you are trying to start the delivery of your outgoing message via our filter on port 465/587 (standard). Please make sure that you are using valid user credentials for outgoing filter authentication.
If you receive the error message when you try to send mail inbound, your mail server is configured incorrectly (probably a misconfigured version of Lotus Domino).
- Legitimate bounces are never sent to more than one recipient
In case your message has been rejected with "Legitimate bounces arenever sent to more than one recipient" in the rejection message, it means that the mail server was trying to deliver an email to multiple recipients with an empty "MAIL FROM:<>" (return-path). The SMTP RFC5.3.2.1 indicates that null sender emails (bounces) can never be sent to multiple recipients.
- We do not accept message/partial messages here
Before everyone had a permanent internet connection, sending large e-mails was time-consuming and often failed. For this reason, older email clients split up larger messages for delivery into several parts. This old function is no longer used today. It carries a high risk, as it makes the detection of viruses almost impossible (viruses are also broken down into several parts like the e-mail and are only reassembled by the recipient's client). Please make sure that this setting is not used in your mail client.
Messages rejected without being quarantined
Some messages are rejected immediately without being quarantined. This happens at SMTP level and the rejection is permanent. For example, this happens to incoming messages in the following scenarios:
- No valid recipient or an invalid domain is specified in the message.
- It does not use TLS during transmission, although this is enforced by the incoming domain.
- RFC specifications are not followed when sending and publishing records (invalid HELO).
- The bounce message was not signed (if BATV is enforced).
- The incoming message contains malware or viruses.
- Characters are restricted in the local part of the address.
- The incoming message is not compliant with DMARC of the domain (DMARC record of the sender specifies "REJECT").
- The IP address of the sending mail server has been blacklisted by the superadmin.
- The IP address of the sending mail server has been entered in an internal blacklist and the "pre_data_dnsbl" function is active (not displayed in the spam panel). Please contact our support if necessary.
- The address in "Mail From:" (envelope sender) is entered on a blacklist.
- The maximum number of local parts has been reached (not displayed in the Spampanel). Please contact our support if necessary.
- An invalid HELO/EHLO occurs during the handshake between the mail servers.
- The maximum number of bounces was exceeded within one hour.
- The SPF record of the sending domain indicates that it never sends emails (spf1 -all).
- The message header contains illegal BOM.
- The bounce message was sent to multiple recipients.
- The message was sent to too many failed recipients.
- The message is oversized.
- The message contains too many unrecognized commands.
Outgoing messages are rejected in this way in the following scenarios
- The messages do not contain authentication.
- There are too many failed authentication attempts (brute force protection).
- No TLS is used when establishing the connection (if this is enforced by the outgoing domain).
- The IP address of the sender has been blocked.
- The sender address in "Mail From:" has been blocked (envelope sender).
- If an invalid sender is used when sending.
- If the recipient could not be verified (the check was performed only for bounce messages).
- If the rate limit was reached (if the behavior is set to abort if too many messages are sent per connection).
- The bounce message was sent to more than one recipient.
- The message header contains illegal BOM.
- The outgoing message contains malware / viruses.
- The local part of the address contains restricted characters.
- The message is oversized.
- The message contains too many unrecognized commands.