Commander
Commander
929 views

IP Reputation Temp Fail Re-Try times

SMG on SLES version 126

I see entries like this in my smtp service logs:

 

[139659558479616] 2020-09-24 09:12:02 (IPRP)<164684> IP address 137.82.178.131 delayed by IP reputation test with score of 500 (min 500)
[139659558479616] 2020-09-24 09:12:02 (IPRP)<164684> IP reputation located entry for address: 137.82.178.131

So that mail server IP is getting a tempfail delay request. I've tried to look for what delay times SMG would like i.e. an hour, 30 minutes, a day? But I don't see anything so does anyone know what they are?

 

thanks,

Andrew

 

 

0 Likes
11 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner


@AndrewFerris wrote:

I've tried to look for what delay times SMG would like

Not sure what you mean by this.  For that to show up in the logs, you must have IP reputation checking enabled.  The reputation for that address must be in the grey area so rather than dropping it, it is delaying it.  What is the issue?

--
Ken
Knowledge Partner

Create and vote for enhancements in the Idea Exchange forums!
Don't forget to Like helpful posts and mark Solutions!
0 Likes
Commander
Commander

By way of more explanation, I can see the tempfailed legit servers try again 10 minutes and 20 minutes after only to continue to be tempfailed. I have two cases of 100% legit servers getting tempfailed and then never getting out of that state in SMG. These are essential mail hosts so I exempt them.  

Yes I have IP Rep enabled as it drops bad servers early. The slider metaphor is ... not my favourite.

 

Andrew

 

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Thanks...understand now.  I'm not sure of the details of that.  Maybe @suziew can jump in with an explanation?

--
Ken
Knowledge Partner

Create and vote for enhancements in the Idea Exchange forums!
Don't forget to Like helpful posts and mark Solutions!
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner


@AndrewFerris wrote:

I've tried to look for what delay times SMG would like i.e. an hour, 30 minutes, a day? But I don't see anything so does anyone know what they are?


@suziew 

I'm looking at this same issue from the other side.

This is what happens when I reply to an email about an SR I have open:
Transfer delayed.PNG

The email originates from my own GroupWise server. My IP address is not blacklisted but I don't send a lot of email so I sometimes encounter a temp fail situation. Eventually, it does go through.

In addition to Andrew's question, I would like to know:

  • Once the transfer has completed, will SMG remember the IP address or whitelist it? It appears it doesn't.
  • How many emails must be delayed before they go through without being delayed?
  • Why would my email to one recipient be accepted yet delayed for the other?
_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
Knowledge Partner Knowledge Partner
Knowledge Partner


@KBOYLE wrote:
This is what happens when I reply to an email about an SR I have open:

My GroupWise server will retry to send an email after a delay of 3, 10, 20, 20, 20, 60 minutes.

It appears that the one email that was transferred was an anomaly. It still hasn't been transferred to the second recipient nor has a second email I sent two minutes later been transferred to either recipient.

Message Status - Transfer Delayed email

The message that you sent has been delayed.

The reason given for the delay:
421 IP address <Removed> temporary rejection [IP reputation tempfail]

Information about your message:
Subject: Re: SR# <Removed>
GroupWise Message Id: 5F7221CB.22C:27:1696
Message log tag: 4716444
Number of send attempts: 6
Time of initial send attempt: 09-28-20 11:47:56
Time of last send attempt: 09-28-20 13:01:53

 While I can't do much about the email I send to Micro Focus, I would like to have better control over incoming email without having to whitelist each IP address.

_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

My previous posts were to try to understand better how tempfail works but this has turned into a separate issue altogether.


The message that you sent has been delayed.

The reason given for the delay:
421 IP address <Removed> temporary rejection [IP reputation tempfail]

Information about your message:
Subject: Re: SR# <Removed>
GroupWise Message Id: 5F7224C8.75A:27:1696
Message log tag: 4716447
Number of send attempts: 15
Time of initial send attempt: 09-28-20 12:00:42
Time of last send attempt: 09-28-20 22:16:13

It's been ten hours and fifteen separate attempts and my email still hasn't gone through. This has gone well beyond being just an academic exercise. I understand how tempfail is supposed to work but this issue no longer can be considered a temporary rejection!

@suziew  Do you want me to open a new SR for this one?

_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Micro Focus Expert
Micro Focus Expert

@KBOYLE  That would be helpful if you could open a SR on this and ask that it be assigned to me. Thanks!

Suzie

Micro Focus Expert
Micro Focus Expert

I'm waiting to hear back for more information on how this should work. I'll reply as soon as I hear something.

Micro Focus Expert
Micro Focus Expert

@AndrewFerris @ketter @KBOYLE 

Here's a TID that better explains how IP reputation works now. It doesn't work as a grey listing, like it used to for the delayed messages. Each IP has a reputation score and then based on that score SMG will either Allow, Delay, or Reject it. https://support.microfocus.com/kb/doc.php?id=7024849

Micro Focus recently switched to SMG on SLES, and is using this newer system. We are in the works or adjusting it to prevent false positives. If you have an IP that keeps getting delayed or rejected let support know, by opening a ticket. They can then add that IP to the whitelist, as well as contact the IP reputation service to get the score adjusted.

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner


@suziew wrote:

Here's a TID that better explains how IP reputation works now.


This is a workaround that will enable blocked email through to Micro Focus but it is not a solution your customers can embrace.
 
The issue is not that an IP address has a bad reputation; the issue is that an IP address does not yet have a good reputation! So, how does an IP address get a good reputation and how long does it take?
 
How many thousands of email to Micro Focus have already been delayed indefinitely due to this issue? Is it reasonable for large companies to block all this email from their customers? Certainly I can't expect Micro Focus to submit thousands of IP addresses to BitDefender just to allow email through. Moreover many of those IP addresses may already have a bad reputation.
 
This situation calls into question the usefulness of the IP Reputation filter if it is not self tuning. The sliders are not an acceptable workaround either. While they can be used to select a range of acceptable reputations, there will always be exceptions. I can't imagine any SMG customers agreeing to manually provide BitDefender an IP address just to allow an email to get through or even create an IP address exception on their own SMG server for every IP address that is blocked.. Given the choices, I suspect many customers will discontinue using the IP Reputation filter even if it means losing a capability they now enjoy.
 
The larger issue is how the migration to BitDefender will happen:
  • If customers apply updates to their SMG automatically, they will be immediately impacted by this issue once their SMG is using BitDefender and likely be unaware that email is being blocked or why.
  • If customers apply updates to their SMG manually and the documentation prominently displays the necessary caveat, at least they will have an opportunity to decide how to best deal with the situation.
  • If SMG cloud is upgraded to use BitDefender, many (if not most) customers will be immediately impacted and may not even be aware that some of their is now being blocked.
This is not a good situation. I can't wait to see how Micro Focus intends to deal with it.
_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Micro Focus Expert
Micro Focus Expert

@KBOYLE  Hi Keven,

I've responded to your email as well, but will respond here also to help others.

This work around is only for sending to Micro Focus for now, not for how a manager should handle their own SMG. The best thing to do is to adjust the slider bar to reduce how strict it is. We are still in the works with finding a good adjustment for Micro Focus' system. Sending all of these to their whitelist won't be a permanent solution of course.

 
I will see what I can find out if there's a way for IP's to get a 'good' reputation with Bitdefender.
 
We do have an enhancement request created to have SMG have a way of allowing delayed messages in, after a certain amount of retries.
The cloud team is aware and will be able to quickly make the necessary changes to adjust the IP reputation settings, as needed.
 
Thanks,
Suzie
 
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.