1 Reply Latest reply on Oct 20, 2014 10:48 PM by kwidhalm

    mxlogicmx.net connection denied

    amullins

      Recently we have been having an issue with sending mail to anyone that uses mxlogicmx.net  This has been ongoing now for about a month.

       

      The returned bounce message indicates:

       

      #< #4.0.0 X-Spam-&-Virus-Firewall; connect to (domain removed for security purposes).inbound10.mxlogicmx.net[ip address removed for security]: Connection refused> #SMTP#


      #< #4.0.0 X-Spam-&-Virus-Firewall; connect to (domain removed for security purposes).inbound15.mxlogicmx.net[ip address removed for security]: Connection refused> #SMTP#

       

      I have included two listed servers providing the errors above out of all of the Delivery Failed messages.  For the purposes of security, I have removed the domain names, and ip addresses.  But I do have that information on each failure notice.

       

      Our domain that we are sending mail from is commaction.org

       

      When i do a telnet test to the domains, i receive connection failed. Regardless of whether I use the FQDN with the inbound##.mxlogicmx.net or the ip address, connection refused message is returned.

       

      I do a search on the threat-intelligence search on commaction.org all the information does not show anything, what is there is currently out of date. Also on http://www.commaction.org there is no listing for anything.

       

      Doing a search on our ip address shows email high risk, 96.11.53.3, also I see 101 and 125 on that list as well.  Evidently the former owners of the ip address have used this for spamming or other purposes.  We just recently moved to the 96.11.53.0/27 block by our ISP.

       

      Help would be appreciated, as I have contacted the individuals at the affected domains and they seem to have no IT staff that knows anything about the email filter system.

       

      Best

      Avery

        • 1. Re: mxlogicmx.net connection denied
          kwidhalm

          Good evening Avery,

           

          The error "connection refused" indicates that the sending IP address is on our perimeter block.  To determine why the IP is being blocked, and request removal of the block, please submit an IP research request to SaaS_falsepositives@mcafeesubmissions.com

           

          Please be sure to include the affected IP address (or range) in your email.

           

          I hope this helps!

           

          Best regards,

           

          Karen Widhalm

          System Support Specialist

          SaaS Email and Web Security

          McAfee. Part of Intel Security.