File Coverage

lib/Sisimai/Rhost/ExchangeOnline.pm
Criterion Covered Total %
statement 32 32 100.0
branch 17 20 85.0
condition 2 2 100.0
subroutine 4 4 100.0
pod 0 1 0.0
total 55 59 93.2


line stmt bran cond sub pod time code
1             package Sisimai::Rhost::ExchangeOnline;
2 7     7   1780 use feature ':5.10';
  7         14  
  7         632  
3 7     7   40 use strict;
  7         10  
  7         137  
4 7     7   30 use warnings;
  7         13  
  7         6653  
5              
6             # https://technet.microsoft.com/en-us/library/bb232118
7             # https://learn.microsoft.com/en-us/Exchange/mail-flow-best-practices/non-delivery-reports-in-exchange-online/non-delivery-reports-in-exchange-online
8             # https://learn.microsoft.com/en-us/Exchange/mail-flow/non-delivery-reports-and-bounce-messages/non-delivery-reports-and-bounce-messages
9             sub get {
10             # Detect bounce reason from Exchange 2019 or older and Exchange Online
11             # @param [Sisimai::Data] argvs Parsed email object
12             # @return [String] The bounce reason for Exchange Online
13             # @see https://technet.microsoft.com/en-us/library/bb232118
14 30     30 0 1421 my $class = shift;
15 30   100     121 my $argvs = shift // return undef;
16              
17 29 100       108 return $argvs->reason if $argvs->reason;
18 24 50       181 return '' unless $argvs->diagnosticcode;
19 24 50       170 return '' unless $argvs->deliverystatus;
20 24 50       150 return '' unless $argvs->deliverystatus =~ /\A[245][.]\d[.]\d+\z/;
21              
22 24         650 state $messagesof = {
23             'blocked' => [
24             # Exchange Server 2019 ----------------------------------------------------------------
25             # - Transient network issues or server problems that might eventually correct them-
26             # selves. The sending server will retry delivery of the message, and will generate
27             # further status reports. The message size limit for the connection has been reached,
28             # or the message submission rate for the source IP address has exceeded the configur-
29             # ed limit. For more information, see Message rate limits and throttling. Antispam,
30             # SMTP proxy, or firewall configuration issues are blocking email from the Exchange
31             # server.
32             ['4.4.2', 0, 0, 'connection dropped'],
33              
34             # Exchange Online ---------------------------------------------------------------------
35             # - Suspicious activity has been detected on the IP in question, and it has been tempo-
36             # rarily restricted while it's being further evaluated.
37             # - If this activity is valid, this restriction will be lifted shortly.
38             ['4.7.', 850, 899, 'access denied, please try again later'],
39              
40             # - Access denied, the sending IPv6 address [2a01:111:f200:2004::240] must have a re-
41             # verse DNS record
42             # - The sending IPv6 address must have a reverse DNS record in order to send email over
43             # IPv6.
44             ['5.7.25', 0, 0, 'must have a reverse dns record'],
45              
46             # - Your server is attempting to introduce itself (HELO according to RFC 821) as the
47             # server it's trying to connect to, rather than its own fully qualified domain name.
48             # - This isn't allowed, and it's characteristic of typical spambot behavior.
49             ['5.7.506', 0, 0, 'access denied, bad helo'],
50              
51             # - The IP that you're attempting to send from has been blocked by the recipient's or-
52             # ganization.
53             # - Contact the recipient in order to resolve this issue.
54             ['5.7.507', 0, 0, 'access denied, rejected by recipient'],
55              
56             # - Access denied, [contoso.com] does not accept email over IPv6
57             # - The sender is attempting to transmit a message to the recipient over IPv6, but the
58             # recipient doesn't accept email messages over IPv6.
59             ['5.7.510', 0, 0, 'does not accept email over ipv6'],
60              
61             # - The IP that you're attempting to send from has been banned.
62             # - To delist the address, email delist@messaging.microsoft.com and provide the full
63             # NDR code and IP address to delist. For more information, see Use the delist portal
64             # to remove yourself from the blocked senders list.
65             ['5.7.511', 0, 0, 'access denied, banned sender'],
66              
67             # - Service unavailable, Client host [$ConnectingIP] blocked by $recipientDomain using
68             # Customer Block list (AS16012607)
69             # - The recipient domain has added your sending IP address to its custom blocklist.
70             # - The domain that received the email has blocked your sender's IP address. If you
71             # think your IP address has been added to the recipient domain's custom blocklist in
72             # error, you need to contact them directly and ask them to remove it from the block-
73             # list.
74             ['5.7.513', 0, 0, 'using customer block list'],
75              
76             # - 5.7.606-649 Access denied, banned sending IP [IP1.IP2.IP3.IP4]
77             # - The IP that you're attempting to send from has been banned.
78             # - Verify that you're following the best practices for email deliverability, and en-
79             # sure your IPs' reputations haven't been degraded as a result of compromise or mali-
80             # cious traffic. If you believe you're receiving this message in error, you can use
81             # the self-service portal to request to be removed from this list.
82             # - For more information, see Use the delist portal to remove yourself from the blocked
83             # senders list.
84             ['5.7.', 606, 649, 'access denied, banned sending ip '],
85              
86             # Previous versions of Exchange Server ------------------------------------------------
87             # - Suspicious activity has been detected and sending has been temporarily restricted
88             # for further evaluation.
89             # - If this activity is valid, this restriction will be lifted shortly.
90             ['4.7.', 500, 699, 'access denied, please try again later'],
91              
92             # Previous versions of Exchange Server ------------------------------------------------
93             ['5.5.4', 0, 0, 'invalid domain name'],
94             ['5.7.51', 0, 0, 'restrictdomainstoipaddresses or restrictdomainstocertificate'],
95              
96             # Undocumented error messages ---------------------------------------------------------
97             # - 550 5.7.1 Unfortunately, messages from [10.0.2.5] weren't sent. Please contact your
98             # Internet service provider since part of their network is on our block list (S3150).
99             ['5.7.1', 0, 0, 'part of their network is on our block list (s3150)'],
100              
101             # - Access denied, a message sent over IPv6 [2a01:111:f200:2004::240] must pass either
102             # SPF or DKIM validation, this message is not signed
103             # - The sending message sent over IPv6 must pass either SPF or DKIM.
104             ['4.7.26', 0, 0, 'must pass either spf or dkim validation, this message is not signed'],
105              
106             # - Records are DNSSEC authentic, but one or multiple of these scenarios occurred:
107             # - The destination mail server's certificate doesn't match with what is expected per
108             # the authentic TLSA record.
109             # - Authentic TLSA record is misconfigured.
110             # - Destination domain is being attacked.
111             # - Any other DANE failure.
112             # - This message usually indicates an issue on the destination email server. Check the
113             # validity of recipient address and determine if the destination server is configured
114             # correctly to receive messages.
115             # - For more information about DANE, see: https://datatracker.ietf.org/doc/html/rfc7671
116             ['4.7.323', 0, 0, 'tlsa-invalid: The domain failed dane validation'],
117             ['5.7.323', 0, 0, 'tlsa-invalid: The domain failed dane validation'],
118              
119             # - The destination domain indicated it was DNSSEC-authentic, but Exchange Online was
120             # not able to verify it as DNSSEC-authentic.
121             ['4.7.324', 0, 0, 'dnssec-invalid: destination domain returned invalid dnssec records'],
122             ['5.7.324', 0, 0, 'dnssec-invalid: destination domain returned invalid dnssec records'],
123              
124             # - This happens when the presented certificate identities (CN and SAN) of a destina-
125             # tion SMTP target host don't match any of the domains or MX host.
126             # - This message usually indicates an issue on the destination email server. Check the
127             # validity of recipient address and determine if the destination server is configured
128             # correctly to receive messages. For more information, see How SMTP DNS-based Authen-
129             # tication of Named Entities (DANE) works to secure email communications.
130             ['4.7.325', 0, 0, 'certificate-host-mismatch: remote certificate must have a common name or subject alternative name matching the hostname (dane)'],
131             ['5.7.325', 0, 0, 'certificate-host-mismatch: remote certificate must have a common name or subject alternative name matching the hostname (dane)'],
132              
133             # - The destination email system uses SPF to validate inbound mail, and there's a prob-
134             # lem with your SPF configuration.
135             ['5.7.23', 0, 0, 'the message was rejected because of sender policy framework violation'],
136              
137             # - DNSSEC checks have passed, yet upon establishing the connection the destination
138             # mail server provides a certificate that is expired.
139             # - A valid X.509 certificate that isn't expired must be presented. X.509 certificates
140             # must be renewed after their expiration, commonly annually.
141             ['5.7.322', 0, 0, "certificate-expired: destination mail server's certificate is expired"],
142              
143             # - Access denied, sending domain [$SenderDomain] does not pass DMARC verification
144             # - The sender's domain in the 5322.From address doesn't pass DMARC.
145             ['5.7.509', 0, 0, 'does not pass dmarc verification'],
146             # Undocumented error messages ---------------------------------------------------------
147             # - status=deferred (host outlook-com.olc.protection.outlook.com[192.0.2.255] said:
148             # 451 4.7.650 The mail server [192.0.2.5] has been temporarily rate limited due to IP
149             # reputation. For e-mail delivery information, see https://postmaster.live.com (S775)
150             # [***.prod.protection.outlook.com] (in reply to MAIL FROM command))
151             ['4.7.650', 0, 0, 'has been temporarily rate limited due to ip reputation'],
152             ],
153             'contenterror' => [
154             # Exchange Server 2019 ----------------------------------------------------------------
155             # - The message was determined to be malformed, and was moved to the poison message
156             # queue. For more information, see Types of queues.
157             ['5.3.0', 0, 0, 'too many related errors'],
158              
159             # Exchange Online ---------------------------------------------------------------------
160             # - Your email program added invalid characters (bare line feed characters) into a mes-
161             # sage you sent.
162             ['5.6.11', 0, 0, 'invalid characters'],
163              
164             # Previous versions of Exchange Server ------------------------------------------------
165             ['5.4.11', 0, 0, 'agent generated message depth exceeded'],
166             ['5.5.6', 0, 0, 'invalid message content'],
167             ],
168             'exceedlimit' => [
169             # Exchange Server 2019 ----------------------------------------------------------------
170             # - The message is too large. Send the message again without any attachments, or confi-
171             # gure a larger message size limit for the recipient. For more information, see Re-
172             # cipient limits.
173             ['5.2.3', 0, 0, 'resolver.rst.recipsizelimit; message too large for this recipient'],
174             ],
175             'expired' => [
176             # Exchange Server 2019 ----------------------------------------------------------------
177             # - Transient network issues that might eventually correct themselves. The Exchange
178             # server periodically tries to connect to the destination server to deliver the mes-
179             # sage. After multiple failures, the message is returned to the sender in an NDR with
180             # a permanent failure code.
181             # For more information about configuring the queue retry and failure intervals, see
182             # Configure message retry, resubmit, and expiration intervals. To manually retry a
183             # queue, see Retry queues. Firewall or Internet service provider (ISP) restrictions
184             # on TCP port 25.
185             ['4.4.1', 0, 0, 'connection timed out'],
186              
187             # - Send connector configuration issues. For example:
188             # - The Send connector is configured to use DNS routing when it should be using smart
189             # host routing, or vice-versa. Use nslookup to verify that the destination domain
190             # is reachable from the Exchange server.
191             # - The FQDN that the Send connector provides to HELO or EHLO requests doesn't match
192             # the host name in your MX record (for example, mail.contoso.com). Some messaging
193             # systems are configured to compare these values in an effort to reduce spam. The
194             # default value on a Send connector is blank, which means the FQDN of the Exchange
195             # server is used (for example, exchange01.contoso.com).
196             # - The Mailbox Transport Delivery service isn't started on the destination server
197             # (which prevents the delivery of the message to the mailbox).
198             # - The destination messaging system has issues with Transport Neutral Encryption For-
199             # mat (TNEF) messages (also known as rich text format or RTF in Outlook). For exam-
200             # ple, meeting requests or messages with images embedded in the message body.
201             # - If the destination domain uses the Sender Policy Framework (SPF) to check message
202             # sources, there may be SPF issues with your domain (for example, your SPF record
203             # doesn't include all email sources for your domain).
204             ['4.4.7', 0, 0, 'message delayed'],
205             ['4.4.7', 0, 0, 'queue expired; message expired'],
206              
207             # Exchange Online ---------------------------------------------------------------------
208             # - The message in the queue has expired. The sending server tried to relay or deliver
209             # the message, but the action wasn't completed before the message expiration time oc-
210             # curred. This message can also indicate that a message header limit has been reached
211             # on a remote server, or some other protocol time-out occurred while communicating
212             # with the remote server.
213             # - This message usually indicates an issue on the receiving server. Check the validity
214             # of the recipient address, and determine if the receiving server is configured cor-
215             # rectly to receive messages. You might have to reduce the number of recipients in
216             # the message header for the host about which you're receiving this error. If you
217             # send the message again, it's placed in the queue again. If the receiving server is
218             # available, the message is delivered.
219             ['4.4.7', 0, 0, 'message expired'],
220              
221             # - The email took too long to be successfully delivered, either because the destina-
222             # tion server never responded or the sent message generated an NDR error and that NDR
223             # couldn't be delivered to the original sender.
224             ['5.4.300', 0, 0, 'message expired'],
225             ],
226             'mailboxfull' => [
227             # Exchange Server 2019 ----------------------------------------------------------------
228             # - The recipient's mailbox has exceeded its storage quota and is no longer able to ac-
229             # cept new messages. For more information about configuring mailbox quotas, see Con-
230             # figure storage quotas for a mailbox.
231             ['5.2.2', 0, 0, 'mailbox full'],
232             ],
233             'mesgtoobig' => [
234             # Exchange Server 2019 ----------------------------------------------------------------
235             # - The message is too large. This error can be generated by the source or destination
236             # messaging system. Send the message again without any attachments, or configure a
237             # larger message size limit. For more information, see Message size and recipient
238             # limits in Exchange Server.
239             ['5.3.4', 0, 0, 'message size exceeds fixed maximum message size'],
240              
241             # Previous versions of Exchange Server ------------------------------------------------
242             ['5.3.4', 0, 0, 'message too big for system'],
243             ],
244             'networkerror' => [
245             # Exchange Server 2019 ----------------------------------------------------------------
246             # - There's a DNS or network adapter configuration issue on the Exchange server. Verify
247             # the internal and external DNS lookup settings for the Exchange by running this com-
248             # mand in the Exchange Management Shell:
249             # - Get-TransportService | Format-List Name,ExternalDNS*,InternalDNS*;
250             # - Get-FrontEndTransportService | Format-List Name,ExternalDNS*,InternalDNS*`
251             # You can configure these settings by using the InternalDNS* and ExternalDNS* parame-
252             # ters on the Set-TransportService and Set-FrontEndTransportService cmdlets.
253             # By default, these settings are used by Send connectors (the default value of the
254             # UseExternalDNSServersEnabled parameter value is $false). Check the priority (order)
255             # of the network adapters in the operating system of the Exchange server.
256             ['5.4.4', 0, 0, 'smtpsend.dns.nonexistentdomain; nonexistent domain'],
257              
258             # - A configuration error has caused an email loop. By default, after 20 iterations of
259             # an email loop, Exchange interrupts the loop and generates an NDR. Verify that Inbox
260             # rules for the recipient and sender, or forwarding rules on the recipient's mailbox
261             # aren't causing this (the message generates a message, which generates another mes-
262             # sage, and the process continues indefinitely).
263             # Verify the mailbox doesn't have a targetAddress property value in Active Directory
264             # (this property corresponds to the ExternalEmailAddress parameter for mail users in
265             # Exchange). If you remove Exchange servers, or modify settings related to mail rout-
266             # ing an mail flow, be sure to restart the Microsoft Exchange Transport and Exchange
267             # Frontend Transport services.
268             ['5.4.6', 0, 0, 'hop count exceeded - possible mail loop'],
269              
270             # Exchange Online ---------------------------------------------------------------------
271             # - Microsoft 365 or Office 365 is trying to send a message to an email server outside
272             # of Microsoft 365 or Office 365, but attempts to connect to it are failing due to a
273             # network connection issue at the external server's location.
274             # - This error almost always indicates an issue with the receiving server or network
275             # outside of Microsoft 365 or Office 365. The error should also include the IP ad-
276             # dress of the server or service that's generating the error, which you can use to
277             # identify the party responsible for fixing this.
278             ['4.4.316', 0, 0, 'connection refused'], # [Message=Socket error code 10061]
279              
280             # - A configuration error has caused an email loop. 5.4.6 is generated by on-premises
281             # Exchange server (you'll see this code in hybrid environments). 5.4.14 is generated
282             # by Exchange Online. By default, after 20 iterations of an email loop, Exchange in-
283             # terrupts the loop and generates an NDR to the sender of the message.
284             # - This error occurs when the delivery of a message generates another message in re-
285             # sponse. That message then generates a third message, and the process is repeated,
286             # creating a loop. To help protect against exhausting system resources, Exchange in-
287             # terrupts the mail loop after 20 iterations. Mail loops are typically created be-
288             # cause of a configuration error on the sending mail server, the receiving mail serv-
289             # er, or both. Check the sender's and the recipient's mailbox rules configuration to
290             # determine whether automatic message forwarding is enabled.
291             ['5.4.4', 0, 0, 'invalid arguments'],
292             ['5.4.6', 0, 0, 'routing loop detected'],
293             ['5.4.14', 0, 0, 'routing loop detected'],
294             ],
295             'norelaying' => [
296             # Exchange Server 2019 ----------------------------------------------------------------
297             # - You have an application server or device that's trying to relay messages through
298             # Exchange. For more information, see Allow anonymous relay on Exchange servers. The
299             # recipient is configured to only accept messages from authenticated (typically, in-
300             # ternal) senders. For more information, see Configure message delivery restrictions
301             # for a mailbox.
302             ['5.7.1', 0, 0, 'unable to relay'],
303             ['5.7.1', 0, 0, 'client was not authenticated'],
304              
305             # Exchange Online ---------------------------------------------------------------------
306             # - The mail server that's generating the error doesn't accept mail for the recipient's
307             # domain. This error is caused by mail server or DNS misconfiguration.
308             ['5.4.1', 0, 0, 'relay access denied'],
309              
310             # - The sending email system isn't allowed to send a message to an email system where
311             # that email system isn't the final destination of the message.
312             # - This error occurs when the sending email system tries to send an anonymous message
313             # to a receiving email system, and the receiving email system doesn't accept messages
314             # for the domain or domains specified in one or more of the recipients. The following
315             # are the most common reasons for this error:
316             # - A third party tries to use a receiving email system to send spam, and the receiv-
317             # ing email system rejects the attempt. By the nature of spam, the sender's email
318             # address might have been forged, and the resulting NDR could have been sent to the
319             # unsuspecting sender's email address. It's difficult to avoid this situation.
320             # - An MX record for a domain points to a receiving email system where that domain is
321             # not accepted. The administrator responsible for the specific domain name must
322             # correct the MX record or configure the receiving email system to accept messages
323             # sent to that domain, or both.
324             # - A sending email system or client that should use the receiving email system to
325             # relay messages doesn't have the correct permissions to do this.
326             ['5.7.1', 0, 0, 'unable to relay'],
327              
328             # - You use an inbound connector to receive messages from your on-premises email envi-
329             # ronment, and something has changed in your on-premises environment that makes the
330             # inbound connector's configuration incorrect.
331             ['5.7.64', 0, 0, 'tenantattribution; relay access denied'],
332              
333             # Previous versions of Exchange Server ------------------------------------------------
334             ['5.4.310', 0, 0, 'does not exist'], # DNS domain * does not exist
335             ],
336             'notaccept' => [
337             ['4.3.2', 0, 0, 'system not accepting network messages'],
338              
339             # Exchange Server 2019 ----------------------------------------------------------------
340             # - You're using the ABP Routing agent, and the recipient isn't a member of the global
341             # address list that's specified in their address book policy (ABP). For more infor-
342             # mation, see Use the Exchange Management Shell to install and configure the Address
343             # Book Policy Routing Agent and Address book policies in Exchange Server.
344             ['5.3.2', 0, 0, 'storedrv.deliver: missing or bad storedriver mdb properties'],
345             ],
346             'policyviolation' => [
347             # - 5.0.350 is a generic catch-all error code for a wide variety of non-specific errors
348             # lfrom the recipient's email organization. The specific x-dg-ref header is too long
349             # message is related to Rich Text formatted messages. The specific Requested action
350             # not taken: policy violation detected (AS345) message is related to nested attach-
351             # ments.
352             ['5.0.350', 0, 0, 'x-dg-ref header is too long'],
353             ['5.0.350', 0, 0, 'requested action not taken: policy violation detected (as345)'],
354              
355             # - The message was rejected by a mail flow rule (also known as a transport rule). This
356             # enhanced status code range is available when the rule is configured to reject mes-
357             # sages (otherwise, the default code that's used is 5.7.1). For more information, see
358             # Mail flow rule actions in Exchange Server.
359             ['5.7.', 900, 999, 'delivery not authorized, message refused'],
360             ],
361             'rejected' => [
362             # Exchange Server 2019 ----------------------------------------------------------------
363             # - There's a problem with the sender's email address. Verify the sender's email ad-
364             # dress.
365             ['5.1.7', 0, 0, 'invalid address'],
366             ['5.1.7', 0, 0, 'unknown sender address'],
367              
368             # - A common cause of this NDR is when you use Microsoft Outlook to save an email mes-
369             # sage as a file, and then someone opened the message offline and replied to it. The
370             # message property only preserves the legacyExchangeDN attribute when Outlook deliv-
371             # ers the message, and therefore the lookup could fail.
372             # - Either the recipient address is incorrectly formatted, or the recipient couldn't be
373             # correctly resolved. The first step in resolving this error is to check the recipi-
374             # ent address, and send the message again.
375             ['5.1.0', 0, 0, 'sender denied'],
376              
377             # - The account has been blocked for sending too much spam. Typically, this problem oc-
378             # curs because the account has been compromised (hacked) by phishing or malware.
379             ['5.1.8', 0, 0, 'access denied, bad outbound sender'],
380              
381             # Exchange Online ---------------------------------------------------------------------
382             # - The sender of the message isn't allowed to send messages to the recipient.
383             # - This error occurs when the sender tries to send a message to a recipient but the
384             # sender isn't authorized to do this. This frequently occurs when a sender tries to
385             # send messages to a distribution group that has been configured to accept messages
386             # only from members of that distribution group or other authorized senders. The send-
387             # er must request permission to send messages to the recipient. This error can also
388             # occur if an Exchange transport rule rejects a message because the message matched
389             # conditions that are configured on the transport rule.
390             ['5.7.1', 0, 0, 'delivery not authorized'],
391              
392             # - The sender's message is rejected because the recipient address is set up to reject
393             # messages sent from outside of its organization. Only an email admin for the recipi-
394             # ent's organization can change this.
395             ['5.7.12', 0, 0, 'sender was not authenticated by organization'],
396              
397             # - The sender doesn't have permission to send to the distribution group because the
398             # sender isn't in the group's allowed-senders list. Depending how the group is set
399             # up, even the group's owner might need to be added to the allowed sender list in or-
400             # der to send messages to the group.
401             ['5.7.124', 0, 0, 'sender not in allowed-senders list'],
402              
403             # - The recipient address is a group distribution list that is set up to reject mes-
404             # sages sent from outside of its organization. Only an email admin for the recipi-
405             # ent's organization or the group owner can change this.
406             ['5.7.133', 0, 0, 'sender not authenticated for group'],
407              
408             # - The recipient address is a mailbox that is set up to reject messages sent from out-
409             # side of its organization. Only an email admin for the recipient's organization can
410             # change this.
411             ['5.7.134', 0, 0, 'sender was not authenticated for mailbox'],
412              
413             # - The recipient address is a public folder that is set up to reject messages sent
414             # from outside of its organization. Only an email admin for the recipient's organiza-
415             # tion can change this.
416             ['5.7.13', 0, 0, 'sender was not authenticated for public folder'],
417             ['5.7.135', 0, 0, 'sender was not authenticated for public folder'],
418              
419             # - The recipient address is a mail user that is set up to reject messages sent from
420             # outside of its organization. Only an email admin for the recipient's organization
421             # can change this.
422             ['5.7.136', 0, 0, 'sender was not authenticated'],
423              
424             # - The sending account has been banned due to detected spam activity.
425             # - For details, see Fix email delivery issues for error code 451 5.7.500-699 (ASxxx)
426             # in Exchange Online.
427             # - Verify that any account issues have been resolved, and reset its credentials. To
428             # restore this account's ability to send mail, contact support through your regular
429             # channel.
430             ['5.7.', 501, 503, 'access denied, spam abuse detected'],
431              
432             # - Message was sent without a valid "From" email address.
433             # - Office 365 only. Each message must contain a valid email address in the "From"
434             # header field. Proper formatting of this address includes angle brackets around the
435             # email address, for example, . Without this address Microsoft
436             # 365 or Office 365 will reject the message.
437             ['5.7.512', 0, 0, 'access denied, message must be rfc 5322 section 3.6.2 compliant'],
438              
439             # - A suspicious number of messages from unprovisioned domains is coming from this ten-
440             # ant.
441             # - Add and validate any and all domains that you use to send email from Microsoft 365
442             # or Office 365. For more information, see Fix email delivery issues for error codes
443             # 5.7.700 through 5.7.750 in Exchange Online.
444             ['5.7.750', 0, 0, 'service unavailable. client blocked from sending from unregistered domains'],
445              
446             # Previous versions of Exchange Server ------------------------------------------------
447             ['5.7.', 501, 503, 'access denied, banned sender'],
448             ],
449             'securityerror' => [
450             # Exchange Server 2019 ----------------------------------------------------------------
451             # - A firewall or other device is blocking the Extended SMTP command that's required
452             # for Exchange Server authentication (X-EXPS). Internal email traffic is flowing
453             # through connectors that aren't configured to use the Exchange Server authentication
454             # method . Verify the remote IP address ranges on any custom Receive connectors.
455             ['5.7.3', 0, 0, 'cannot achieve exchange server authentication'],
456             ['5.7.3', 0, 0, 'not authorized'],
457              
458             # Exchange Online ---------------------------------------------------------------------
459             # - DNSSEC checks have passed, yet upon connection, destination mail server doesn't re-
460             # spond to the STARTTLS command. The destination server responds to the STARTTLS com-
461             # mand, but the TLS handshake fails.
462             # - This message usually indicates an issue on the destination email server. Check the
463             # validity of the recipient address. Determine if the destination server is configur-
464             # ed correctly to receive the messages.
465             ['4.7.321', 0, 0, 'starttls-not-supported: destination mail server must support tls to receive mail'],
466             ['5.7.321', 0, 0, 'starttls-not-supported: destination mail server must support tls to receive mail'],
467              
468             # - The sending email system didn't authenticate with the receiving email system. The
469             # receiving email system requires authentication before message submission.
470             # - This error occurs when the receiving server must be authenticated before message
471             # submission, and the sending email system hasn't authenticated with the receiving e-
472             # mail system. The sending email system administrator must configure the sending e-
473             # mail system to authenticate with the receiving email system for delivery to be suc-
474             # cessful.
475             ['5.7.1', 0, 0, 'client was not authenticated'],
476              
477             # - You configured an application or device to send (relay) email messages in Microsoft
478             # 365 or Office 365 using the smtp.office365.com endpoint, and there's a problem with
479             # the configuration of the application or device.
480             ['5.7.57', 0, 0, 'client was not authenticated to send anonymous mail during mail from'],
481             ],
482             'spamdetected' => [
483             # Exchange Server 2019 ----------------------------------------------------------------
484             # - The message was quarantined by content filtering. To configure exceptions to con-
485             # tent filtering, see Use the Exchange Management Shell to configure recipient and
486             # sender exceptions for content filtering.
487             ['5.2.1', 0, 0, 'content filter agent quarantined this message'],
488             ],
489             'suspend' => [
490             # Exchange Online ---------------------------------------------------------------------
491             # - The recipient address that you're attempting to contact isn't valid.
492             # - Verify the recipient's email address, and try again.
493             # - If you feel this is in error, contact support.
494             ['5.7.504', 0, 0, 'recipient address rejected: access denied'],
495             ['5.7.505', 0, 0, 'access denied, banned recipient'],
496              
497             # Previous versions of Exchange Server ------------------------------------------------
498             ['5.2.1', 0, 0, 'mailbox cannot be accessed'],
499             ],
500             'syntaxerror' => [
501             # Exchange Server 2019 ----------------------------------------------------------------
502             # - Receive connectors that are used for internal mail flow are missing the required
503             # Exchange Server authentication mechanism. For more information about authentication
504             # on Receive connectors, see Receive connector authentication mechanisms.
505             ['5.3.3', 0, 0, 'unrecognized command'],
506              
507             # - SMTP commands are sent out of sequence (for example, a server sends an SMTP command
508             # like AUTH or MAIL FROM before identifying itself with the EHLO command). After es-
509             # tablishing a connection to a messaging server, the first SMTP command must always
510             # be EHLO or HELO.
511             ['5.5.2', 0, 0, 'send hello first'],
512             ],
513             'systemerror' => [
514             # Exchange Server 2019 ----------------------------------------------------------------
515             # - You've configured a custom Receive connector in the Transport (Hub) service on a
516             # Mailbox server that listens on port 25. Typically, custom Receive connectors that
517             # listen on port 25 belong in the Front End Transport service on the Mailbox server.
518             # Important Exchange server components are inactive. You can confirm this by running
519             # the following command in the Exchange Management Shell:
520             # Get-ServerComponent -Identity .
521             # To restart all inactive components, run the following command:
522             # Set-ServerComponentState -Identity -Component ServerWideOffline
523             # -State Active -Requester Maintenance.
524             # Incompatible transport agents (in particular, after an Exchange update). After you
525             # identify the transport agent, disable it or uninstall it. For more information, see
526             # Troubleshoot transport agents.
527             ['4.3.2', 0, 0, 'service not available'],
528             ['4.3.2', 0, 0, 'service not active'],
529              
530             # - A mail loop was detected. Verify that the FQDN property on the Receive connector
531             # doesn't match the FQDN of another server, service, or device that's used in mail
532             # flow in your organization (by default, the Receive connector uses the FQDN of the
533             # Exchange server).
534             ['5.3.5', 0, 0, 'system incorrectly configured'],
535              
536             # Exchange Online ---------------------------------------------------------------------
537             # - Journaling on-premises messages to Microsoft 365 or Office 365 isn't supported for
538             # this organization because they haven't turned on Journaling Archive in their set-
539             # tings.
540             # - A journaling rule is configured in the organization's on-premises environment to
541             # journal on-premises messages to Microsoft 365 or Office 365, but Journaling Archive
542             # is disabled. For this scenario to work, the organization's Office 365 administrator
543             # should either enable Journaling Archive or change the journaling rule to journal
544             # messages to a different location.
545             ['5.3.190', 0, 0, 'journaling on-premises messages to microsoft 365 or office 365 not supported when journaling archive is disabled'],
546              
547             # Previous versions of Exchange Server ------------------------------------------------
548             ['5.0.0', 0, 0, 'helo / ehlo requires domain address'],
549             ['5.1.4', 0, 0, 'destination mailbox address ambiguous'],
550             ['5.2.4', 0, 0, 'mailing list expansion problem'],
551             ['5.2.14', 0, 0, 'misconfigured forwarding address'],
552              
553             # Undocumented error messages ---------------------------------------------------------
554             ['4.4.3', 0, 0, 'temporary server error. please try again later attr18'],
555             ['4.7.0', 0, 0, 'temporary server error. please try again later. prx4 nexthop:'],
556             ['4.4.24', 0, 0, 'message failed to be replicated: insufficient system resource:'],
557             ['4.4.25', 0, 0, 'message failed to be replicated: no healthy secondary server available to accept replica at this time.'],
558             ['4.4.28', 0, 0, 'message failed to be replicated: the operation was canceled'],
559              
560             # - status=deferred (host hotmail-com.olc.protection.outlook.com[192.0.2.1] said:
561             # 451 4.7.500 Server busy. Please try again later from [192.0.2.2]. (AS761) (in reply
562             # to RCPT TO command))
563             ['4.7.500', 0, 0, 'server busy. please try again later from '],
564              
565             # - status=deferred (host apc.olc.protection.outlook.com[192.0.2.1] said:
566             # 451 4.7.700 PFA agent busy, please try again. [***.***.prod.protection.outlook.com]
567             # (in reply to MAIL FROM command))
568             ['4.7.700', 0, 0, 'pfa agent busy, please try again.'],
569             ],
570             'systemfull' => [
571             # Exchange Server 2019 ----------------------------------------------------------------
572             # - Free disk space is low (for example, the disk that holds the queue database doesn't
573             # have the required amount of free space). For more information, see Understanding
574             # back pressure. To move the queue database to a different disk, see Change the loca-
575             # tion of the queue database.
576             # - Available memory is low (for example, Exchange installed on a virtual machine that
577             # is configured to use dynamic memory). Always use static memory on Exchange virtual
578             # machines.
579             ['4.3.1', 0, 0, 'insufficient system resources'],
580             ],
581             'toomanyconn' => [
582             # Exchange Server 2019 ----------------------------------------------------------------
583             # - The combined total of recipients on the To, Cc, and Bcc lines of the message ex-
584             # ceeds the total number of recipients allowed in a single message for the organiza-
585             # tion, Receive connector, or sender. For more information, see Message size and re-
586             # cipient limits in Exchange Server.
587             ['5.5.3', 0, 0, 'too many recipients'],
588            
589             # Exchange Online ---------------------------------------------------------------------
590             # - The message has more than 200 SMTP envelope recipients from the same domain.
591             # - An envelope recipient is the original, unexpanded recipient that's used in the RCPT
592             # TO command to transmit the message between SMTP servers. When this error is return-
593             # ed by Microsoft 365 or Office 365, the sending server must break up the number of
594             # envelope recipients into smaller chunks (chunking) and resend the message.
595             ['4.5.3', 0, 0, 'too many recipients'],
596              
597             # Previous versions of Exchange Server ------------------------------------------------
598             ['5.2.122', 0, 0, 'the recipient has exceeded their limit for'],
599              
600             # Exchange Online ---------------------------------------------------------------------
601             # - The recipient mailbox's ability to accept messages is being throttled because it's
602             # receiving too many messages too quickly. This is done so a single recipient's mail
603             # processing doesn't unfairly impact other recipients sharing the same mailbox data-
604             # base.
605             ['4.3.2', 0, 0, 'storedrv.deliver; recipient thread limit exceeded'],
606              
607             # - The sender has exceeded the recipient rate limit as described in Sending limits.
608             # - This could indicate the account has been compromised and is being used to send
609             # spam.
610             ['5.1.90', 0, 0, "your message can't be sent because you've reached your daily limit for message recipients"],
611              
612             # - The sender has exceeded the recipient rate limit or the message rate limit as de-
613             # scribed in Sending limits.
614             # - This could indicate the account has been compromised and is being used to send
615             # spam.
616             ['5.2.2', 0, 0, 'submission quota exceeded'],
617              
618             # - The sender has exceeded the maximum number of messages they're allowed to send per
619             # hour to a specific recipient in Exchange Online.
620             # - The automated mailer or sender should try again later, and reduce the number of
621             # messages they send per hour to a specific recipient. This limit helps protect
622             # Microsoft 365 or Office 365 users from rapidly filling their inboxes with a large
623             # number of messages from errant automated notification systems or other single-send-
624             # er mail storms.
625             ['5.2.121', 0, 0, "recipient's per hour message receive limit from specific sender exceeded"],
626              
627             # - The Microsoft 365 or Office 365 recipient has exceeded the number of messages they
628             # can receive per hour from all senders.
629             # - The automated mailer or sender should try again later, and reduce the number of
630             # messages they send per hour to a specific recipient. This limit helps protect
631             # Microsoft 365 and Office 365 users from rapidly filling their inboxes with a large
632             # number of messages from errant automated notification systems or other mail storms.
633             ['5.2.122', 0, 0, "recipient's per hour message receive limit exceeded"],
634              
635             # - Access denied, [$SenderIPAddress] has exceeded permitted limits within $range range
636             # - The sender's IPv6 range has attempted to send too many messages in too short a time
637             # period.
638             ['5.7.508', 0, 0, 'has exceeded permitted limits within'],
639              
640             # - The majority of traffic from this tenant has been detected as suspicious and has
641             # resulted in a ban on sending ability for the tenant.
642             # - Ensure that any compromises or open relays have been resolved, and then contact
643             # support through your regular channel. For more information, see Fix email delivery
644             # issues for error codes 5.7.700 through 5.7.750 in Exchange Online.
645             ['5.7.', 700, 749, 'access denied, tenant has exceeded threshold'],
646             ['5.7.', 700, 749, 'access denied, traffic not accepted from this ip'],
647             ],
648             'userunknown' => [
649             # Exchange Server 2019 ----------------------------------------------------------------
650             # - The recipient's email address is incorrect (the recipient doesn't exist in the des-
651             # tination messaging system). Verify the recipient's email address. You recreated a
652             # deleted mailbox, and internal users are addressing email messages in Outlook or
653             # Outlook on the web using old entries in their autocomplete cache (the X.500 values
654             # or LegacyExchangeDN values for the recipient are now different). Tell users to de-
655             # lete the entry from their autocomplete cache and select the recipient again.
656             ['5.1.1', 0, 0, 'resolver.adr.exrecipnotfound; not found'],
657             ['5.1.1', 0, 0, 'user unknown'],
658              
659             # - The recipient's email address is incorrect (for example, it contains unsupported
660             # characters or invalid formatting).
661             ['5.1.3', 0, 0, 'storedrv.submit; invalid recipient address'],
662              
663             # - Receive connectors reject SMTP connections that contain the top level domains de-
664             # fined in RFC 2606 (.test, .example, .invalid, or .localhost), This behavior is con-
665             # trolled by the RejectReservedTopLevelRecipientDomains parameter on the New-Receive-
666             # Connector and Set-ReceiveConnector cmdlets.
667             ['5.1.', 4, 5, 'recipient address reserved by rfc 2606'],
668              
669             # - Receive connectors reject SMTP connections that contain single label domains (for
670             # example, chris@contoso instead of chris@contoso.com) This behavior is controlled by
671             # the RejectSingleLabelRecipientDomains parameter on the New-ReceiveConnector and
672             # Set-ReceiveConnector cmdlets.
673             ['5.1.6', 0, 0, 'recipient addresses in single label domains not accepted'],
674              
675             # Exchange Online ---------------------------------------------------------------------
676             # - This failure might be caused by the following conditions:
677             # - The recipient's email address was entered incorrectly by the sender.
678             # - No recipient's exists in the destination email system.
679             # - The recipient's mailbox has been moved and the Outlook recipient cache on the
680             # sender's computer hasn't updated.
681             # - An invalid legacy domain name (DN) exists for the recipient's mailbox Active Di-
682             # rectory Domain Service.
683             # - This error typically occurs when the sender of the message incorrectly enters the
684             # email address of the recipient. The sender should check the recipient's email ad-
685             # dress and send again. This error can also occur if the recipient email address was
686             # correct in the past but has changed or has been removed from the destination email
687             # system. If the sender of the message is in the same organization as the recipient,
688             # and the recipient's mailbox still exists, determine whether the recipient's mailbox
689             # has been relocated to a new email server. If this is the case, Outlook might not
690             # have updated the recipient cache correctly. Instruct the sender to remove the re-
691             # cipient's address from sender's Outlook recipient cache and then create a new mes-
692             # sage. Resending the original message will result in the same failure.
693             ['5.1.1', 0, 0, 'bad destination mailbox address'],
694              
695             # - The recipient's wasn't found by SMTP address lookup.
696             ['5.1.10', 0, 0, 'recipient not found'],
697              
698             # - The recipient's address doesn't exist.
699             ['5.4.1', 0, 0, 'recipient address rejected: access denied'],
700              
701             # - The recipient's domain is @hotmail.com or @outlook.com and it wasn't
702             # found by SMTP address lookup.
703             # - Similar to 550 5.1.10.
704             ['5.5.0', 0, 0, 'requested action not taken: mailbox unavailable'],
705              
706             # Previous versions of Exchange Server ------------------------------------------------
707             ['5.1.2', 0, 0, 'invalid x.400 address'],
708             ],
709             };
710              
711 24         98 my $statuscode = $argvs->deliverystatus;
712 24         203 my $thirddigit = int [split /[.]/, $statuscode]->[-1];
713 24         80 my $esmtperror = lc $argvs->diagnosticcode;
714 24         134 my $reasontext = '';
715              
716 24         158 REASON: for my $e ( keys %$messagesof ) {
717             # The key is a reason name
718 314         343 for my $f ( @{ $messagesof->{ $e } } ) {
  314         556  
719             # ["status-code", min, max, "error message"]
720 2151 100       3272 if( $f->[1] == $f->[2] ) {
721             # This error code have no range
722 1993 100       3251 next unless $statuscode eq $f->[0];
723              
724             } else {
725             # This error code has a range
726 158 100       346 next if index($statuscode, $f->[0]) < 0;
727 28 100       58 next if $thirddigit < $f->[1];
728 25 100       63 next if $thirddigit > $f->[2];
729             }
730              
731 33 100       118 next unless index($esmtperror, $f->[3]) > -1;
732 24         44 $reasontext = $e;
733 24         52 last REASON;
734             }
735             }
736              
737 24         101 return $reasontext;
738             }
739              
740             1;
741             __END__