We have a service provider that was recently contracted by our Marketing Department to send newsletters to recipients internal to our organization. Their IP address has shown up on our Connection Control Deny List with a type of "LDAP" and their emails are being rejected. The sender receives the following undeliverable:
SMTP service denied: "550 Mailbox unavailable or access denied Listed in connection control deny list" received from [MyIronMail] (nnn.nnn.nnn.nnn) while connected from [TheirMailServer] (nnn.nnn.nnn.nnn) to [MyIronMail] (nnn.nnn.nnn.nnn)
I have since deleted their IP address from my Connection Control Deny List and added it to the Exclude List but my question is: Was their IP address added to my deny list because: (1) They are sending to invalid internal recipients, (2) because they forged our domain as the sender and the sender is not a valid user, or (3) because they are failing Sender ID lookup? (Because #3 is really DNS and not LDAP, I'm guessing it is not #3.) After reading the section on Connection Control in the manual, I wasn't clear on this point. Any information would be greatly appreciated. Too much water has gone under the bridge since the IP was added to the deny list and now the only thing I see in the IM logs for this sending mail server is "Listed in connection control deny list .. Disconnecting". Thanks!
To answer my own question, it was #1. The vendor was provided a list with numerous bad recipients. As soon as they hit our anomaly threshold for LDAP, they were placed on the CC Deny List. GIGO.