Intermittent or Complete outbound email delivery failure.
You may have received a notification from Symantec Email Security cloud support that the SMTP server has been compromised and is relaying spam.
553-you are trying to use me [server-X.tower-XXX.messagelabs
553-.com] as a relay, but I have not been configured to let
553-you [IP, server.address] do this. Please
553-visit www.symanteccloud.com/troubleshooting for more
553-details about this error message and instructions to
553 resolve this issue
A server registered on Services>Outbound Routes on Email Security cloud platform is being used to relay spam through the Symantec.cloud infrastructure. This can cause Symantec. cloud infrastructure to be blacklisted by various lists and potentially cause delivery problems for all Symantec.cloud clients.
Due to aforementioned reasons, spammers are able to compromise a user account on your mail server utilizing SMTP Authentication to relay spam messages.
To avoid Symantec Infrastructure from getting blacklisted, compromised mail server IP may be removed from the Client Net Outbound Routes section. If the server IP is successfully removed, you may experience outbound email delivery failure.
Your mail server(s) and/or firewall should ONLY allow TCP port 25 connections (SMTP) from Symantec. cloud IP range and SMTP AUTH should not be advertised on transactions with external IPs.
Run a detailed virus scan on machines to determine if there are any infected machines found, ensure that the user credentials identified on your mail server/network are not weak.
Ensure that your mail server and webmail software are patched with the latest updates to prevent vulnerabilities from being exploited.
Enforce an effective password policy and force regular password changes.
Contact Technical Support after successfully securing the mail server and it will be added back to Outbound routes.
Subscribing will provide email updates when this Article is updated. Login is required.