Ironport Driver

admin

-->

Ironport Directory Harvest Attack

Problems sending and receiving email messages can be frustrating. If you get a non-delivery report (NDR), also called a bounce message, for error code 550 5.1.10, this article can help you fix the problem and get your message sent.

IronPort is also touting the technology's extensible architecture, which it says will support integration with other network reporting tools such as Hewlett-Packard's OpenView platform, easing the installation of IronPort's Web and e-mail security appliances into enterprise data centers. Hi, Thanks for posting here. If you want allow users to install only devices that are on an 'approved' list. If a device is not on the list, then the user cannot install it. Chances are it's a problem with the driver or the hardware itself. It can be temporarily fixed by taking the interface up/down. Basically the output queue is full and unless you are handling some major network traffic or have a ton of hosts on the network you shouldn't see that error, and if you were, you could probably tweak some kernel values. Buy Directly from Cisco Configure, price, and order Cisco products, software, and services. Available to partners and to customers with a direct purchasing agreement.

Why did I get this bounce message?

You received this NDR with error code 5.1.10 for one of the following reasons:

  • The recipient's email address doesn't exist or couldn't be found. Go to the I got this bounce message. How do I fix it? section in this topic.

Typically, if a message can't be delivered, the recipient's email system will use the sender's email address in the From field to notify the sender in an NDR like this one. But what if the message was sent by a spammer who falsified the From address so it appears the message came from your email address? The resulting NDR that you'll receive is useless because it creates the false impression that you did something wrong. This type of useless NDR is called backscatter. It's annoying, but if this NDR is backscatter, your account hasn't been compromised.

  • A spammer sent a message to a non-existent recipient, and they falsified the From address so it appears the message was sent by your email address. The resulting bounce message that you get is called backscatter, and you can safely ignore or delete the bounce message.

    Backscatter itself is harmless, but if you're getting a lot of it, it's possible that your computer or device is infected with spam-sending malware. Consider running an anti-malware scan. Additionally, to help prevent spammers from impersonating you or others in your organization, ask your email admin to read this topic: Set up SPF to help prevent spoofing.

I got this bounce message. How do I fix it?

Here are some steps that you can try to fix the problem yourself.

If the steps in this section don't fix the problem for you, contact your email admin and refer them to the information in this topic so they can try to resolve the issue for you.

Verify recipient's email address and resend your message

Verify recipient's email address and resend your message in Outlook

  1. Open the bounce message. In the Report tab, choose Send Again.

    If your original message had an attachment larger than 10 MB, the Send Again option might not be available or might not work. Instead, resend the message from your Sent Items folder. For more information, see Resend an email message.

  2. In the new copy of your message, select the recipient's email address in the To box and then press the Delete key.

  3. Remove the recipient's email address from the Auto-Complete list (a bad or outdated entry could be causing the problem):

    1. In the To box, start typing the recipient's email address until it appears in the Auto-Complete drop-down list as shown below.

    2. Use the Down Arrow key to select the recipient from the Auto-Complete drop-down list and then press the Delete key or choose the Delete icon to the right of the email address.

  4. In the To box, continue typing the entire recipient email address. Be sure to spell the address correctly.

  5. Click Send.

Verify recipient's email address and resend your message in Outlook on the web (formerly known as Outlook Web App)

  1. Open the bounce message. In the reading pane, just below the message header information, choose To send this message again, click here.

    If your original message had an attachment larger than 10 MB, the Send Again option might not be available or might not work. Instead, resend the message from your Sent Items folder.

  2. On the To line of the new copy of your message, choose the Delete icon delete the recipient's email address.

  3. Remove the recipient's email address from the Auto-Complete list (a bad or outdated entry could be causing the problem):

    1. On the empty To line, start typing the recipient's name or email address until it appears in the Auto-Complete drop-down list.

    2. Use the Down Arrow key to select the recipient from the Auto-Complete list, and then press the Delete key. Or, hover over the recipient's name and click the Delete icon .

  4. On the To line, continue typing the recipient's entire email address. Be sure to spell the address correctly.

  5. Click Send.

Ask the recipient to check for broken forwarding rules or settings

Does the recipient's email address in your original message exactly match the recipient's email address in the NDR? Compare the recipient's email address in the NDR with the recipient's email address in the message in your Sent Items folder.

If the addresses don't match, contact the recipient (by phone, in person, etc.) and ask them if they've configured an email rule that forwards incoming email messages from you to another destination. Their rule could have tried to send a copy of your message to a bad email address. If the recipient has such a rule, they'll need to correct the destination email address or remove the rule in order to prevent 5.1.x message delivery errors.

Microsoft 365 and Office 365 support multiple ways to forward messages automatically. If the intended recipient of your message is using Microsoft 365 or Office 365, ask them to review the Update, disable, or remove Inbox Rules forwarding and Disable account forwarding sections below.

If the problem persists after performing these steps, ask the recipient to refer their email admin to the I'm an email admin. How can I fix this? section below.

Update, disable, or remove Inbox Rules forwarding

  1. In Microsoft 365 or Office 365, sign in to your user account.

  2. Click the gear icon in the top right corner to show the Settings pane.

  3. Select Your app settings > Mail.

  4. From the Options navigation pane on the left, select Mail > Automatic processing > Inbox and sweep rules.

  5. Update, turn off, or delete any rules that might be forwarding the sender's message to a non-existent or broken email address.

Disable account forwarding

Ironport

  1. Sign in to your Microsoft 365 or Office 365 account, and from the same Options navigation as shown above, select Mail > Accounts > Forwarding.

  2. Select Stop forwarding and click Save to disable account forwarding.

I'm an email admin. How can I fix this?

If the sender can't fix the issue themselves, the problem might be that an email system on the receiving side isn't configured correctly. If you're the email admin for the recipient, try one or more of the following fixes and then ask the sender to resend the message.

Verify that the recipient exists and has an active license assigned

To verify that the recipient exists and has an active license assigned:

  1. In the Microsoft 365 admin center, choose Users to go to the Active users page.

  2. In the Active users > Filters search field, type part of the recipient's name, and then press Enter to locate the recipient. If the recipient doesn't exist, then you must create a new mailbox or contact for this user. (For more information, see Add users individually or in bulk.) If the recipient does exist, make sure the recipient's username matches the email address the sender used.

  3. If the user's mailbox is hosted in Exchange Online, click the user's record to review their details and verify that they've been assigned a valid license for email (for example, an Office 365 Enterprise E5 license).

  4. If the user's mailbox is hosted in Exchange Online, but no license has been assigned, choose Edit and assign the user a license.

Fix or remove broken forwarding rules or settings

Microsoft 365 or Office 365 provides the following features for users and email admins to forward messages to another email address:

  • Forwarding using Inbox rules (user)

  • Account forwarding (user and email admin)

  • Forwarding using mail flow rules (email admin)

Follow the steps below to fix the recipient's broken mail forwarding rule or settings.

Forwarding using Inbox rules (user)

The recipient might have an Inbox rule that is forwarding messages to a problematic email address. Inbox rules are available only to the user (or someone with delegated access to their account). See Update, disable, or remove Inbox Rules forwarding for how the user, or their delegate, can change or remove a broken forwarding Inbox rule.

Account forwarding (user and email admin)

  1. In the Microsoft 365 admin center, choose Users.

  2. In the Active users > Filters search field, type part of the recipient's name and then press Enter to locate the recipient. Click the user's record to view its details.

  3. From the user's profile page, select Mail Settings > Email forwarding > Edit.

  4. Turn off Email forwarding and select Save.

Forwarding using mail flow rules (email admin)

Unlike Inbox rules which are associated with a user's mailbox, mail flow rules (also known as transport rules) are organization-wide settings and can only be created and edited by email admins.

  1. In the Microsoft 365 Admin center, select Admin centers > Exchange.

  2. In the Exchange admin center (EAC), go to Mail flow > Rules.

  3. Look for any redirect rules that might be forwarding the sender's message to another address. An example is shown below.

  4. Update, turn off, or delete any suspect forwarding rules.

Update accepted domain settings

Notes:

  • Message routing (especially in hybrid configurations) can be complex. Even if changing the accepted domain setting fixes the bounce message problem, it might not be right solution for you. In some cases, changing the accepted domain type might cause other unanticipated problems. Review Manage accepted domains in Exchange Online and then proceed with caution.

    • If the accepted domain in Exchange Online is Authoritative: The service looks for the recipient in the Exchange Online organization, and if the recipient isn't found, message delivery stops and the sender will receive this bounce message. On-premises users must be represented in the Exchange Online organization by mail contacts or mail users (created manually or by directory synchronization).

    • If the accepted domain in Exchange Online is Internal Relay: The service looks for the recipient in the Exchange Online organization, and if the recipient isn't found, the service relays the message to your on-premises Exchange Organization (assuming you've correctly set up the required connector to do so).

  • When setting an accepted domain to Internal Relay, you must set up a corresponding Microsoft 365 or Office 365 connector to your on-premises environment. Failing to do so will break mail flow to your on-premises recipients. For more information about connectors, see Configure mail flow using connectors.

To change the Accepted Domain from Authoritative to Internal Relay

If you have a hybrid configuration with an Microsoft 365 or Office 365 connector configured to route messages to your on-premises environment, and you believe that Internal Relay is the correct setting for your domain, change the Accepted Domain from Authoritative to Internal Relay.

  1. Open the Exchange admin center (EAC). For more information, see Exchange admin center in Exchange Online.

  2. From the EAC, choose Mail flow > Accepted domains and select the recipient's domain.

  3. Double-click the domain name.

  4. In the Accepted Domain dialog box, set the domain to Internal Relay, and then select Save.

Manually synchronize on-premises and Microsoft 365 or Office 365 directories

If you have a hybrid configuration and the recipient is located in the on-premises Exchange organization, it's possible that the recipient's email address isn't properly synchronized with Microsoft 365 or Office 365. Follow these steps to synchronize directories manually:

  1. Log into the on-premises server that's running Azure AD Connect sync.

  2. Open Windows PowerShell on the server and run the following commands:

When synchronization completes, repeat the steps in the Verify that the recipient exists and has an active license assigned section to verify that the recipient address exists in Exchange Online.

Verify the custom domain's mail exchanger (MX) record

If you have a custom domain (for example, contoso.com instead of contoso.onmicrosoft.com), it's possible that your domain's MX record isn't configured correctly.

  1. In the Microsoft 365 Admin center, go to Settings > Domains, and then select the recipient's domain.

  2. In the pop-out Required DNS settings pane, select Check DNS.

  3. Verify that there's only one MX record configured for the recipient's domain. Microsoft doesn't support using more than one MX record for a domain that's enrolled in Exchange Online.

  4. If Microsoft 365 or Office 365 detects any issues with your Exchange Online DNS record settings, follow the recommended steps to fix them. You might be prompted to make the changes directly within the Microsoft 365 admin center. Otherwise, you must update the MX record from your DNS host provider's portal. For more information, see Create DNS records at any DNS hosting provider.

    Note

    Typically, your domain's MX record should point to the Microsoft 365 or Office 365 fully qualified domain name: <your domain>.mail.protection.outlook.com. DNS record updates usually propagate across the Internet in a few hours, but they can take up to 72 hours.

Ironport Versions

Still need help with a 5.1.10 bounce message?

See also

Email Security with Cisco IronPort thoroughly illuminates the security and performance challenges associated with today’s messaging environments and shows you how to systematically anticipate and respond to them using Cisco’s IronPort Email Security Appliance (ESA). Going far beyond any IronPort user guide, leading Cisco expert Chris Porter shows you how to use IronPort to construct a robust, secure, high-performance email architecture that can resist future attacks.

Email Security with Cisco IronPortpresents specific, proven architecture recommendations for deploying IronPort ESAs in diverse environments to optimize reliability and automatically handle failure. The author offers specific recipes for solving a wide range of messaging security problems, and he demonstrates how to use both basic and advanced features-–including several hidden and undocumented commands.

The author addresses issues ranging from directory integration to performance monitoring and optimization, and he offers powerful insights into often-ignored email security issues, such as preventing “bounce blowback.” Throughout, he illustrates his solutions with detailed examples demonstrating how to control ESA configuration through each available interface.

Chris Porter,Technical Solutions Architect at Cisco, focuses on the technical aspects of Cisco IronPort customer engagements. He has more than 12 years of experience in applications, computing, and security in finance, government, Fortune® 1000, entertainment, and higher education markets.

·Understand how the Cisco IronPort ESA addresses the key challenges of email security

·Select the best network deployment model for your environment, and walk through successful installation and configuration

·Configure and optimize Cisco IronPort ESA’s powerful security, message, and content filtering

·Understand the email pipeline so you can take full advantage of it–and troubleshoot problems if they occur

·Efficiently control Cisco IronPort ESA through its Web User Interface (WUI) and command-line interface (CLI)

·Implement reporting, monitoring, logging, and file management

·Integrate Cisco IronPort ESA and your mail policies with LDAP directories such as Microsoft Active Directory

·Automate and simplify email security administration

·Deploy multiple Cisco IronPort ESAs and advanced network configurations

·Prepare for emerging shifts in enterprise email usage and new security challenges

This security book is part of the Cisco Press® Networking Technology Series. Security titles from Cisco Press help networking professionals secure critical data and resources, prevent and mitigate network attacks, and build end-to-end self-defending networks.