File Coverage

lib/Sisimai/Rhost/Mimecast.pm

Criterion	Covered	Total	%
statement	25	25	100.0
branch	6	8	75.0
condition	4	6	66.6
subroutine	4	4	100.0
pod	0	1	0.0
total	39	44	88.6

line	stmt	bran	cond	sub	pod	time	code
1							package Sisimai::Rhost::Mimecast;
2	4			4		1630	use feature ':5.10';
	4					9
	4					426
3	4			4		25	use strict;
	4					8
	4					86
4	4			4		16	use warnings;
	4					10
	4					1976
5
6							sub get {
7							# Detect bounce reason from https://www.mimecast.com/
8							# @param [Sisimai::Data] argvs Parsed email object
9							# @return [String] The bounce reason at Mimecast
10							# @since v4.25.15
11	13			13	0	1651	my $class = shift;
12	13		100			50	my $argvs = shift // return undef;
13
14	12	50				43	return undef unless length $argvs->{'diagnosticcode'};
15	12	50				62	return undef unless $argvs->{'replycode'} =~ /\A[245]\d\d\z/;
16
17	12					124	state $messagesof = {
18							# https://community.mimecast.com/s/article/Mimecast-SMTP-Error-Codes-842605754
19							'blocked' => [
20							# - The sender's IP address has been blocked by a Blocked Senders Policy.
21							# - Remove the entry from the policy.
22							[421, 'sender address blocked'],
23
24							# - The Sender's IP address has been placed on the block list due to too many invalid
25							# connections.
26							# - The sender's mail server must retry the connection. The mail server performing the
27							# connection says the recipient address validation isn't responding.
28							[451, 'recipient temporarily unavailable'],
29
30							# - You've reached your mail server's limit.
31							# - Wait and try again. The mail server won't accept any messages until you're under
32							# the limit.
33							[451, 'ip temporarily blacklisted'],
34
35							# - The sending mail server is subjected to Greylisting. This requires the server to
36							# retry the connection, between one minute and 12 hours. Alternatively, the sender's
37							# IP address has a poor reputation.
38							# - These reputation checks can be bypassed with an Auto Allow or Permitted Senders
39							# policy. If it's legitimate traffic, amend your Greylisting policy.
40							[451, 'internal resources are temporarily unavailable'],
41
42							# - Ongoing reputation checks have resulted in the message being rejected due to poor
43							# IP reputation. This could occur after a 4xx error.
44							# - Create an Auto Allow or Permitted Senders policy.
45							# Note:
46							# You can request a review of your source IP ranges by completing our online form.
47							[550, 'local ct ip reputation - (reject)'],
48
49							# - The sender's IP address is listed in an RBL. The text displayed is specific to the
50							# RBL which lists the sender's IP address.
51							# - Bypass the RBL with an Auto Allow or Permitted Senders policy. Additionally request
52							# the associated IP address from the RBL.
53							#[550, '< details of RBL >'], NEED AN ACTUAL ERROR MESSAGE STRING
54
55							# - The inbound message has been rejected because the originated IP address isn't list-
56							# ed in the published SPF records for the sending domain.
57							# - Ensure all the IP addresses for your mail servers are listed in your SPF records.
58							# Alternatively, create a DNS Authentication (Inbound / Outbound) policy with the
59							# "Inbound SPF" or "Reject on Hard Fail" option disabled. Messages that fail our SPF
60							# checks are subjected to spam and RBL checks, instead of being rejected.
61							[550, 'spf sender invalid - envelope rejected'],
62
63							# - The DKIM key for the outbound message is broken and doesn't match the DNS record of
64							# the registered sender.
65							# - Check your organization's DNS record is populated with the right public key as part
66							# of the DNS Authentication Outbound Signing definition. The private key of the key-
67							# pair must be populated in the DNS Authentication policy, along with the domain and
68							# selector of that record.
69							[550, 'dkim sender invalid - envelope rejected'],
70
71							# - The inbound message has been rejected because the originated IP address isn't list-
72							# ed in the published SPF records for the sending domain.
73							# - Ensure all the IP addresses for your mail servers are listed in your SPF records.
74							[550, 'dmarc sender invalid - envelope rejected'],
75							],
76							'mesgtoobig' => [
77							# - The email size either exceeds an Email Size Limit policy or is larger than the
78							# Mimecast service limit. The default is 100 MB for the Legacy MTA, and 200 MB for
79							# "the Latest MTA".
80							# - Resend the message ensuring it's smaller than the limitation set. The transmission
81							# and content-encoding can add significantly to the total message size (e.g. a mes-
82							# sage with a 70 MB attachment, can have an overall size larger than 100 MB).
83							[554, 'maximum email size exceeded'],
84							],
85							'networkerror' => [
86							# - The message has too many "received headers" as it has been forwarded across multi-
87							# ple hops. Once 25 hops have been reached, the email is rejected.
88							# - Investigate the email addresses in the communication pairs, to see what forwarders
89							# are configured on the mail servers.
90							[554, 'mail loop detected'],
91							],
92							'norelaying' => [
93							# - Both the sender and recipient domains specified in the transmission are external to
94							# Mimecast, and aren't allowed to relay through the Mimecast service and/or the con-
95							# necting IP address isn't recognized as authorized.
96							# - Mimecast customers should contact Mimecast Support to add the Authorized Outbound
97							# address, or to take other remedial action.
98							[451, 'open relay not allowed'],
99							],
100							'notaccept' => [
101							# - The customer account Inbound emails are disabled in the Administration Console.
102							# - Contact Mimecast Support if the account's inbound traffic should be allowed.
103							[451, 'account inbounds disabled'],
104							],
105							'onhold' => [
106							# - The customer account outbound emails are disabled in the Administration Console.
107							# - Contact Mimecast Support if the account's outbound traffic should be allowed.
108							[451, 'account outbounds disabled'],
109
110							# - Omni Directional hostnames are enabled.
111							# - Disable Omni Directional hostnames.
112							[451, 'hostname is not authorized'],
113
114							# - Attempts are being made to journal mail that is past the set expiry threshold. The
115							# failure will be replaced by a retry response because the message is marked for re-
116							# try if rejected, causing the journal queue to grow.
117							# - Check to confirm there are no significant time discrepancies on the mail server.
118							# Discontinue journaling old messages past the expiry threshold.
119							[550, 'journal message past expiration'],
120							],
121							'policyviolation' => [
122							# - The message has triggered an Anti-Spoofing policy.
123							# - Create an Anti-Spoofing policy to take no action for the sender's address or IP ad-
124							# dress.
125							[550, 'anti-spoofing policy - inbound not allowed'],
126							[550, 'rejected by header-based anti-spoofing policy'],
127
128							# - The message has triggered a Content Examination policy.
129							# - Either create a Content Examination Bypass policy or adjust the Content Examination
130							# policy as required.
131							[550, 'message bounced due to content examination policy'],
132
133							# - The message has triggered a Geographical Restriction policy.
134							# - Delete or amend the policy.
135							[554, 'host network not allowed'],
136							],
137							'rejected' => [
138							# - The sender's email address or domain has triggered a Blocked Senders Policy or
139							# there's an SPF hard rejection.
140							# - Delete or modify the Blocked Senders policy to exclude the sender address.
141							[550, 'administrative prohibition envelope blocked'],
142
143							# - A personal block policy is in place for the email address/domain.
144							# - Remove the email address/domain from the Managed Senders list.
145							[550, 'envelope blocked – user entry'],
146							[550, 'envelope blocked – user domain entry'],
147							[550, 'rejected by header-based manually blocked senders - block for manual block'],
148
149							# - A Block Sender Policy has been applied to reject emails based on the Header From or
150							# Envelope From address.
151							# - Delete or change the Blocked Senders policy.
152							[550, 'rejected by header-based blocked senders - block policy for header from'],
153							[550, 'envelope rejected - block policy for envelope from address'],
154							],
155							'securityerror' => [
156							# - Messages submitted to SMTP port 587 require authentication. This error indicates
157							# the authentication details provided were incorrect.
158							# - Check your authentication details match an internal email address in Mimecast, with
159							# a corresponding Mimecast cloud password. Alternatively, consider sending the mes-
160							# sage on SMTP port 25.
161							[535, 'incorrect authentication data'],
162							[550, 'submitter failed to disabled'],
163
164							# - This email has been sent using SMTP, but TLS is required by policy.
165							# - Delete or change the Secure Receipt or Secure Delivery policy enforcing TLS.
166							# Alternatively, ensure the certificates on the mail server haven't expired. If using
167							# a proxy server, ensure it isn't intercepting the traffic and modifying encryption
168							# parameters.
169							[553, 'this route requires encryption (tls)'],
170
171							# - A TLS connection has been attempted using a TLS version that is lower than TLS 1.2.
172							# - Delete or change the Secure Receipt or Secure Delivery policy enforcing TLS.
173							# Alternatively, ensure the mail server attempting to connect is using the appropri-
174							# ate version of TLS.
175							[553, 'this route requires tls version 1.2 or greater'],
176
177							# - A secure connection was attempted using ciphers that do not meet the configured ci-
178							# pher strength.
179							# - Delete or change the Secure Receipt or Secure Delivery policy enforcing TLS. Alter-
180							# natively, ensure the certificates on the mail server haven't expired. If using a
181							# proxy server, ensure it isn't intercepting the traffic and modifying encryption
182							# parameters.
183							[553, 'this route requires high-strength ciphers'],
184
185							# - Validation on your umbrella account's domain name does not conform to your DNS.
186							# - Check you DNS has the required umbrella accounts listed as comma-separated values.
187							[554, 'configuration is invalid for this certificate'],
188							],
189							'systemerror' => [
190							# - The Mimecast server is under maximum load.
191							# - No action is required from the end-user. The message will retry 30 times and when
192							# server resources are available, the message is processed.
193							[451, 'unable to process connection at this time'],
194
195							# - The message was incorrectly terminated. This can be caused by:
196							# - Files that previously contained a virus, but haven't been cleaned by an anti-virus
197							# product, leaving traces in the message.
198							# - Firewall issues on the sender's side.
199							# - Incorrectly configured content rules on a security device.
200							# - Investigate the Intrusion Detection software or other SMTP protocol analyzers. If
201							# running a Cisco Firewall, ensure the Mail- guard or SMTP Fixup module is disabled.
202							[451, 'message ended early'],
203
204							# - Generic error if the reason is unknown
205							# - Contact Mimecast Support.
206							[451, 'unable to process command'],
207
208							# - Generic error if the reason is unknown
209							# - Contact Mimecast Support.
210							[451, 'unable to process an email at this time'],
211							],
212							'toomanyconn' => [
213							# - There are too many concurrent inbound connections for the account. The default is 20.
214							# - The IP address is automatically removed from the block list after five minutes.
215							# Continued invalid connections result in the IP being readded to the block list. En-
216							# sure you don't route outbound or journal messages to Mimecast from an IP address
217							# that hasn't been authorized to do so.
218							[451, 'account service is temporarily unavailable'],
219
220							# - The sending server issues more than 100 RCPT TO entries. By default, Mimecast only
221							# accepts 100 RCPT TO entries per message body (DATA). The error triggers the sending
222							# mail server to provide the DATA for the first 100 recipients before it provides the
223							# next batch of RCPT TO entries.
224							# - Most mail servers respect the transient error and treat it as a "truncation request".
225							# If your mail server, firewall, or on-site solution doesn't respect the error, you
226							# must ensure that no more than 100 recipients are submitted.
227							# Note:
228							# Solutions like SMTP Fix-Up / MailGuard and ESMTP inspection on Cisco Pix and
229							# ASA Firewalls are known not to respect the transient error. We advise you to
230							# disable this functionality.
231							[452, 'too many recipients'],
232
233							# - There are too many concurrent outbound connections for the account.
234							# - Send the messages in smaller chunks to recipients.
235							[550, 'exceeding outbound thread limit'],
236							],
237							'userunknown' => [
238							# - The email address isn't a valid SMTP address.
239							# - The sender must resend the message to a valid internal email address.
240							[501, 'invalid address'],
241
242							# - The server has encountered a bad sequence of commands, or it requires an authenti-
243							# cation.
244							# - In case of a "bad sequence", the server has pulled off its commands in the wrong
245							# order, usually because of a broken connection. If authentication is needed, enter
246							# your username and password.
247							[503, 'user unknown'],
248
249							# - Known recipient, LDAP, or SMTP call forwarding recipient validation checks haven't
250							# returned a valid internal user.
251							# - The sender must resend the message to a valid internal recipient address.
252							[550, 'invalid recipient'],
253							],
254							'virusdetected' => [
255							# - A signature was detected that could either be a virus, or a spam score over the
256							# maximum threshold. The spam score isn't available in the Administration Console. If
257							# you aren't a Mimecast customer but have emails rejected with this error code, con-
258							# tact the recipient to adjust their configuration and permit your address. If unsuc-
259							# cessful, your IT department can submit a request to review these email rejections
260							# via our Sender Feedback form.
261							# - Anti-virus checks cannot be bypassed. Contact the sender to see if they can stop
262							# these messages from being blocked. Anti-spam checks can be bypassed using a Per-
263							# mitted Senders or Auto Allow policy. Rejected emails can be viewed in your Outbound
264							# Activity and searching for the required email address.
265							[554, 'email rejected due to security policies'],
266							],
267							};
268
269	12		50			56	my $esmtperror = lc $argvs->{'diagnosticcode'} // 0;
270	12		50			54	my $esmtpreply = int $argvs->{'replycode'} // 0;
271	12					21	my $reasontext = '';
272
273	12					68	REASON: for my $e ( keys %$messagesof ) {
274							# Try to find with each error message defined in $messagesof
275	70					76	for my $f ( @{ $messagesof->{ $e } } ) {
	70					128
276							# Find an error reason
277	161	100				283	next unless $esmtpreply == $f->[0];
278	29	100				110	next unless index($esmtperror, $f->[1]) > -1;
279	12					21	$reasontext = $e;
280	12					26	last REASON;
281							}
282							}
283	12					53	return $reasontext;
284							}
285
286							1;
287							__END__