line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Sisimai::Rhost::Mimecast; |
2
|
4
|
|
|
4
|
|
1630
|
use feature ':5.10'; |
|
4
|
|
|
|
|
9
|
|
|
4
|
|
|
|
|
426
|
|
3
|
4
|
|
|
4
|
|
25
|
use strict; |
|
4
|
|
|
|
|
8
|
|
|
4
|
|
|
|
|
86
|
|
4
|
4
|
|
|
4
|
|
16
|
use warnings; |
|
4
|
|
|
|
|
10
|
|
|
4
|
|
|
|
|
1976
|
|
5
|
|
|
|
|
|
|
|
6
|
|
|
|
|
|
|
sub get { |
7
|
|
|
|
|
|
|
# Detect bounce reason from https://www.mimecast.com/ |
8
|
|
|
|
|
|
|
# @param [Sisimai::Data] argvs Parsed email object |
9
|
|
|
|
|
|
|
# @return [String] The bounce reason at Mimecast |
10
|
|
|
|
|
|
|
# @since v4.25.15 |
11
|
13
|
|
|
13
|
0
|
1651
|
my $class = shift; |
12
|
13
|
|
100
|
|
|
50
|
my $argvs = shift // return undef; |
13
|
|
|
|
|
|
|
|
14
|
12
|
50
|
|
|
|
43
|
return undef unless length $argvs->{'diagnosticcode'}; |
15
|
12
|
50
|
|
|
|
62
|
return undef unless $argvs->{'replycode'} =~ /\A[245]\d\d\z/; |
16
|
|
|
|
|
|
|
|
17
|
12
|
|
|
|
|
124
|
state $messagesof = { |
18
|
|
|
|
|
|
|
# https://community.mimecast.com/s/article/Mimecast-SMTP-Error-Codes-842605754 |
19
|
|
|
|
|
|
|
'blocked' => [ |
20
|
|
|
|
|
|
|
# - The sender's IP address has been blocked by a Blocked Senders Policy. |
21
|
|
|
|
|
|
|
# - Remove the entry from the policy. |
22
|
|
|
|
|
|
|
[421, 'sender address blocked'], |
23
|
|
|
|
|
|
|
|
24
|
|
|
|
|
|
|
# - The Sender's IP address has been placed on the block list due to too many invalid |
25
|
|
|
|
|
|
|
# connections. |
26
|
|
|
|
|
|
|
# - The sender's mail server must retry the connection. The mail server performing the |
27
|
|
|
|
|
|
|
# connection says the recipient address validation isn't responding. |
28
|
|
|
|
|
|
|
[451, 'recipient temporarily unavailable'], |
29
|
|
|
|
|
|
|
|
30
|
|
|
|
|
|
|
# - You've reached your mail server's limit. |
31
|
|
|
|
|
|
|
# - Wait and try again. The mail server won't accept any messages until you're under |
32
|
|
|
|
|
|
|
# the limit. |
33
|
|
|
|
|
|
|
[451, 'ip temporarily blacklisted'], |
34
|
|
|
|
|
|
|
|
35
|
|
|
|
|
|
|
# - The sending mail server is subjected to Greylisting. This requires the server to |
36
|
|
|
|
|
|
|
# retry the connection, between one minute and 12 hours. Alternatively, the sender's |
37
|
|
|
|
|
|
|
# IP address has a poor reputation. |
38
|
|
|
|
|
|
|
# - These reputation checks can be bypassed with an Auto Allow or Permitted Senders |
39
|
|
|
|
|
|
|
# policy. If it's legitimate traffic, amend your Greylisting policy. |
40
|
|
|
|
|
|
|
[451, 'internal resources are temporarily unavailable'], |
41
|
|
|
|
|
|
|
|
42
|
|
|
|
|
|
|
# - Ongoing reputation checks have resulted in the message being rejected due to poor |
43
|
|
|
|
|
|
|
# IP reputation. This could occur after a 4xx error. |
44
|
|
|
|
|
|
|
# - Create an Auto Allow or Permitted Senders policy. |
45
|
|
|
|
|
|
|
# Note: |
46
|
|
|
|
|
|
|
# You can request a review of your source IP ranges by completing our online form. |
47
|
|
|
|
|
|
|
[550, 'local ct ip reputation - (reject)'], |
48
|
|
|
|
|
|
|
|
49
|
|
|
|
|
|
|
# - The sender's IP address is listed in an RBL. The text displayed is specific to the |
50
|
|
|
|
|
|
|
# RBL which lists the sender's IP address. |
51
|
|
|
|
|
|
|
# - Bypass the RBL with an Auto Allow or Permitted Senders policy. Additionally request |
52
|
|
|
|
|
|
|
# the associated IP address from the RBL. |
53
|
|
|
|
|
|
|
#[550, '< details of RBL >'], NEED AN ACTUAL ERROR MESSAGE STRING |
54
|
|
|
|
|
|
|
|
55
|
|
|
|
|
|
|
# - The inbound message has been rejected because the originated IP address isn't list- |
56
|
|
|
|
|
|
|
# ed in the published SPF records for the sending domain. |
57
|
|
|
|
|
|
|
# - Ensure all the IP addresses for your mail servers are listed in your SPF records. |
58
|
|
|
|
|
|
|
# Alternatively, create a DNS Authentication (Inbound / Outbound) policy with the |
59
|
|
|
|
|
|
|
# "Inbound SPF" or "Reject on Hard Fail" option disabled. Messages that fail our SPF |
60
|
|
|
|
|
|
|
# checks are subjected to spam and RBL checks, instead of being rejected. |
61
|
|
|
|
|
|
|
[550, 'spf sender invalid - envelope rejected'], |
62
|
|
|
|
|
|
|
|
63
|
|
|
|
|
|
|
# - The DKIM key for the outbound message is broken and doesn't match the DNS record of |
64
|
|
|
|
|
|
|
# the registered sender. |
65
|
|
|
|
|
|
|
# - Check your organization's DNS record is populated with the right public key as part |
66
|
|
|
|
|
|
|
# of the DNS Authentication Outbound Signing definition. The private key of the key- |
67
|
|
|
|
|
|
|
# pair must be populated in the DNS Authentication policy, along with the domain and |
68
|
|
|
|
|
|
|
# selector of that record. |
69
|
|
|
|
|
|
|
[550, 'dkim sender invalid - envelope rejected'], |
70
|
|
|
|
|
|
|
|
71
|
|
|
|
|
|
|
# - The inbound message has been rejected because the originated IP address isn't list- |
72
|
|
|
|
|
|
|
# ed in the published SPF records for the sending domain. |
73
|
|
|
|
|
|
|
# - Ensure all the IP addresses for your mail servers are listed in your SPF records. |
74
|
|
|
|
|
|
|
[550, 'dmarc sender invalid - envelope rejected'], |
75
|
|
|
|
|
|
|
], |
76
|
|
|
|
|
|
|
'mesgtoobig' => [ |
77
|
|
|
|
|
|
|
# - The email size either exceeds an Email Size Limit policy or is larger than the |
78
|
|
|
|
|
|
|
# Mimecast service limit. The default is 100 MB for the Legacy MTA, and 200 MB for |
79
|
|
|
|
|
|
|
# "the Latest MTA". |
80
|
|
|
|
|
|
|
# - Resend the message ensuring it's smaller than the limitation set. The transmission |
81
|
|
|
|
|
|
|
# and content-encoding can add significantly to the total message size (e.g. a mes- |
82
|
|
|
|
|
|
|
# sage with a 70 MB attachment, can have an overall size larger than 100 MB). |
83
|
|
|
|
|
|
|
[554, 'maximum email size exceeded'], |
84
|
|
|
|
|
|
|
], |
85
|
|
|
|
|
|
|
'networkerror' => [ |
86
|
|
|
|
|
|
|
# - The message has too many "received headers" as it has been forwarded across multi- |
87
|
|
|
|
|
|
|
# ple hops. Once 25 hops have been reached, the email is rejected. |
88
|
|
|
|
|
|
|
# - Investigate the email addresses in the communication pairs, to see what forwarders |
89
|
|
|
|
|
|
|
# are configured on the mail servers. |
90
|
|
|
|
|
|
|
[554, 'mail loop detected'], |
91
|
|
|
|
|
|
|
], |
92
|
|
|
|
|
|
|
'norelaying' => [ |
93
|
|
|
|
|
|
|
# - Both the sender and recipient domains specified in the transmission are external to |
94
|
|
|
|
|
|
|
# Mimecast, and aren't allowed to relay through the Mimecast service and/or the con- |
95
|
|
|
|
|
|
|
# necting IP address isn't recognized as authorized. |
96
|
|
|
|
|
|
|
# - Mimecast customers should contact Mimecast Support to add the Authorized Outbound |
97
|
|
|
|
|
|
|
# address, or to take other remedial action. |
98
|
|
|
|
|
|
|
[451, 'open relay not allowed'], |
99
|
|
|
|
|
|
|
], |
100
|
|
|
|
|
|
|
'notaccept' => [ |
101
|
|
|
|
|
|
|
# - The customer account Inbound emails are disabled in the Administration Console. |
102
|
|
|
|
|
|
|
# - Contact Mimecast Support if the account's inbound traffic should be allowed. |
103
|
|
|
|
|
|
|
[451, 'account inbounds disabled'], |
104
|
|
|
|
|
|
|
], |
105
|
|
|
|
|
|
|
'onhold' => [ |
106
|
|
|
|
|
|
|
# - The customer account outbound emails are disabled in the Administration Console. |
107
|
|
|
|
|
|
|
# - Contact Mimecast Support if the account's outbound traffic should be allowed. |
108
|
|
|
|
|
|
|
[451, 'account outbounds disabled'], |
109
|
|
|
|
|
|
|
|
110
|
|
|
|
|
|
|
# - Omni Directional hostnames are enabled. |
111
|
|
|
|
|
|
|
# - Disable Omni Directional hostnames. |
112
|
|
|
|
|
|
|
[451, 'hostname is not authorized'], |
113
|
|
|
|
|
|
|
|
114
|
|
|
|
|
|
|
# - Attempts are being made to journal mail that is past the set expiry threshold. The |
115
|
|
|
|
|
|
|
# failure will be replaced by a retry response because the message is marked for re- |
116
|
|
|
|
|
|
|
# try if rejected, causing the journal queue to grow. |
117
|
|
|
|
|
|
|
# - Check to confirm there are no significant time discrepancies on the mail server. |
118
|
|
|
|
|
|
|
# Discontinue journaling old messages past the expiry threshold. |
119
|
|
|
|
|
|
|
[550, 'journal message past expiration'], |
120
|
|
|
|
|
|
|
], |
121
|
|
|
|
|
|
|
'policyviolation' => [ |
122
|
|
|
|
|
|
|
# - The message has triggered an Anti-Spoofing policy. |
123
|
|
|
|
|
|
|
# - Create an Anti-Spoofing policy to take no action for the sender's address or IP ad- |
124
|
|
|
|
|
|
|
# dress. |
125
|
|
|
|
|
|
|
[550, 'anti-spoofing policy - inbound not allowed'], |
126
|
|
|
|
|
|
|
[550, 'rejected by header-based anti-spoofing policy'], |
127
|
|
|
|
|
|
|
|
128
|
|
|
|
|
|
|
# - The message has triggered a Content Examination policy. |
129
|
|
|
|
|
|
|
# - Either create a Content Examination Bypass policy or adjust the Content Examination |
130
|
|
|
|
|
|
|
# policy as required. |
131
|
|
|
|
|
|
|
[550, 'message bounced due to content examination policy'], |
132
|
|
|
|
|
|
|
|
133
|
|
|
|
|
|
|
# - The message has triggered a Geographical Restriction policy. |
134
|
|
|
|
|
|
|
# - Delete or amend the policy. |
135
|
|
|
|
|
|
|
[554, 'host network not allowed'], |
136
|
|
|
|
|
|
|
], |
137
|
|
|
|
|
|
|
'rejected' => [ |
138
|
|
|
|
|
|
|
# - The sender's email address or domain has triggered a Blocked Senders Policy or |
139
|
|
|
|
|
|
|
# there's an SPF hard rejection. |
140
|
|
|
|
|
|
|
# - Delete or modify the Blocked Senders policy to exclude the sender address. |
141
|
|
|
|
|
|
|
[550, 'administrative prohibition envelope blocked'], |
142
|
|
|
|
|
|
|
|
143
|
|
|
|
|
|
|
# - A personal block policy is in place for the email address/domain. |
144
|
|
|
|
|
|
|
# - Remove the email address/domain from the Managed Senders list. |
145
|
|
|
|
|
|
|
[550, 'envelope blocked – user entry'], |
146
|
|
|
|
|
|
|
[550, 'envelope blocked – user domain entry'], |
147
|
|
|
|
|
|
|
[550, 'rejected by header-based manually blocked senders - block for manual block'], |
148
|
|
|
|
|
|
|
|
149
|
|
|
|
|
|
|
# - A Block Sender Policy has been applied to reject emails based on the Header From or |
150
|
|
|
|
|
|
|
# Envelope From address. |
151
|
|
|
|
|
|
|
# - Delete or change the Blocked Senders policy. |
152
|
|
|
|
|
|
|
[550, 'rejected by header-based blocked senders - block policy for header from'], |
153
|
|
|
|
|
|
|
[550, 'envelope rejected - block policy for envelope from address'], |
154
|
|
|
|
|
|
|
], |
155
|
|
|
|
|
|
|
'securityerror' => [ |
156
|
|
|
|
|
|
|
# - Messages submitted to SMTP port 587 require authentication. This error indicates |
157
|
|
|
|
|
|
|
# the authentication details provided were incorrect. |
158
|
|
|
|
|
|
|
# - Check your authentication details match an internal email address in Mimecast, with |
159
|
|
|
|
|
|
|
# a corresponding Mimecast cloud password. Alternatively, consider sending the mes- |
160
|
|
|
|
|
|
|
# sage on SMTP port 25. |
161
|
|
|
|
|
|
|
[535, 'incorrect authentication data'], |
162
|
|
|
|
|
|
|
[550, 'submitter failed to disabled'], |
163
|
|
|
|
|
|
|
|
164
|
|
|
|
|
|
|
# - This email has been sent using SMTP, but TLS is required by policy. |
165
|
|
|
|
|
|
|
# - Delete or change the Secure Receipt or Secure Delivery policy enforcing TLS. |
166
|
|
|
|
|
|
|
# Alternatively, ensure the certificates on the mail server haven't expired. If using |
167
|
|
|
|
|
|
|
# a proxy server, ensure it isn't intercepting the traffic and modifying encryption |
168
|
|
|
|
|
|
|
# parameters. |
169
|
|
|
|
|
|
|
[553, 'this route requires encryption (tls)'], |
170
|
|
|
|
|
|
|
|
171
|
|
|
|
|
|
|
# - A TLS connection has been attempted using a TLS version that is lower than TLS 1.2. |
172
|
|
|
|
|
|
|
# - Delete or change the Secure Receipt or Secure Delivery policy enforcing TLS. |
173
|
|
|
|
|
|
|
# Alternatively, ensure the mail server attempting to connect is using the appropri- |
174
|
|
|
|
|
|
|
# ate version of TLS. |
175
|
|
|
|
|
|
|
[553, 'this route requires tls version 1.2 or greater'], |
176
|
|
|
|
|
|
|
|
177
|
|
|
|
|
|
|
# - A secure connection was attempted using ciphers that do not meet the configured ci- |
178
|
|
|
|
|
|
|
# pher strength. |
179
|
|
|
|
|
|
|
# - Delete or change the Secure Receipt or Secure Delivery policy enforcing TLS. Alter- |
180
|
|
|
|
|
|
|
# natively, ensure the certificates on the mail server haven't expired. If using a |
181
|
|
|
|
|
|
|
# proxy server, ensure it isn't intercepting the traffic and modifying encryption |
182
|
|
|
|
|
|
|
# parameters. |
183
|
|
|
|
|
|
|
[553, 'this route requires high-strength ciphers'], |
184
|
|
|
|
|
|
|
|
185
|
|
|
|
|
|
|
# - Validation on your umbrella account's domain name does not conform to your DNS. |
186
|
|
|
|
|
|
|
# - Check you DNS has the required umbrella accounts listed as comma-separated values. |
187
|
|
|
|
|
|
|
[554, 'configuration is invalid for this certificate'], |
188
|
|
|
|
|
|
|
], |
189
|
|
|
|
|
|
|
'systemerror' => [ |
190
|
|
|
|
|
|
|
# - The Mimecast server is under maximum load. |
191
|
|
|
|
|
|
|
# - No action is required from the end-user. The message will retry 30 times and when |
192
|
|
|
|
|
|
|
# server resources are available, the message is processed. |
193
|
|
|
|
|
|
|
[451, 'unable to process connection at this time'], |
194
|
|
|
|
|
|
|
|
195
|
|
|
|
|
|
|
# - The message was incorrectly terminated. This can be caused by: |
196
|
|
|
|
|
|
|
# - Files that previously contained a virus, but haven't been cleaned by an anti-virus |
197
|
|
|
|
|
|
|
# product, leaving traces in the message. |
198
|
|
|
|
|
|
|
# - Firewall issues on the sender's side. |
199
|
|
|
|
|
|
|
# - Incorrectly configured content rules on a security device. |
200
|
|
|
|
|
|
|
# - Investigate the Intrusion Detection software or other SMTP protocol analyzers. If |
201
|
|
|
|
|
|
|
# running a Cisco Firewall, ensure the Mail- guard or SMTP Fixup module is disabled. |
202
|
|
|
|
|
|
|
[451, 'message ended early'], |
203
|
|
|
|
|
|
|
|
204
|
|
|
|
|
|
|
# - Generic error if the reason is unknown |
205
|
|
|
|
|
|
|
# - Contact Mimecast Support. |
206
|
|
|
|
|
|
|
[451, 'unable to process command'], |
207
|
|
|
|
|
|
|
|
208
|
|
|
|
|
|
|
# - Generic error if the reason is unknown |
209
|
|
|
|
|
|
|
# - Contact Mimecast Support. |
210
|
|
|
|
|
|
|
[451, 'unable to process an email at this time'], |
211
|
|
|
|
|
|
|
], |
212
|
|
|
|
|
|
|
'toomanyconn' => [ |
213
|
|
|
|
|
|
|
# - There are too many concurrent inbound connections for the account. The default is 20. |
214
|
|
|
|
|
|
|
# - The IP address is automatically removed from the block list after five minutes. |
215
|
|
|
|
|
|
|
# Continued invalid connections result in the IP being readded to the block list. En- |
216
|
|
|
|
|
|
|
# sure you don't route outbound or journal messages to Mimecast from an IP address |
217
|
|
|
|
|
|
|
# that hasn't been authorized to do so. |
218
|
|
|
|
|
|
|
[451, 'account service is temporarily unavailable'], |
219
|
|
|
|
|
|
|
|
220
|
|
|
|
|
|
|
# - The sending server issues more than 100 RCPT TO entries. By default, Mimecast only |
221
|
|
|
|
|
|
|
# accepts 100 RCPT TO entries per message body (DATA). The error triggers the sending |
222
|
|
|
|
|
|
|
# mail server to provide the DATA for the first 100 recipients before it provides the |
223
|
|
|
|
|
|
|
# next batch of RCPT TO entries. |
224
|
|
|
|
|
|
|
# - Most mail servers respect the transient error and treat it as a "truncation request". |
225
|
|
|
|
|
|
|
# If your mail server, firewall, or on-site solution doesn't respect the error, you |
226
|
|
|
|
|
|
|
# must ensure that no more than 100 recipients are submitted. |
227
|
|
|
|
|
|
|
# Note: |
228
|
|
|
|
|
|
|
# Solutions like SMTP Fix-Up / MailGuard and ESMTP inspection on Cisco Pix and |
229
|
|
|
|
|
|
|
# ASA Firewalls are known not to respect the transient error. We advise you to |
230
|
|
|
|
|
|
|
# disable this functionality. |
231
|
|
|
|
|
|
|
[452, 'too many recipients'], |
232
|
|
|
|
|
|
|
|
233
|
|
|
|
|
|
|
# - There are too many concurrent outbound connections for the account. |
234
|
|
|
|
|
|
|
# - Send the messages in smaller chunks to recipients. |
235
|
|
|
|
|
|
|
[550, 'exceeding outbound thread limit'], |
236
|
|
|
|
|
|
|
], |
237
|
|
|
|
|
|
|
'userunknown' => [ |
238
|
|
|
|
|
|
|
# - The email address isn't a valid SMTP address. |
239
|
|
|
|
|
|
|
# - The sender must resend the message to a valid internal email address. |
240
|
|
|
|
|
|
|
[501, 'invalid address'], |
241
|
|
|
|
|
|
|
|
242
|
|
|
|
|
|
|
# - The server has encountered a bad sequence of commands, or it requires an authenti- |
243
|
|
|
|
|
|
|
# cation. |
244
|
|
|
|
|
|
|
# - In case of a "bad sequence", the server has pulled off its commands in the wrong |
245
|
|
|
|
|
|
|
# order, usually because of a broken connection. If authentication is needed, enter |
246
|
|
|
|
|
|
|
# your username and password. |
247
|
|
|
|
|
|
|
[503, 'user unknown'], |
248
|
|
|
|
|
|
|
|
249
|
|
|
|
|
|
|
# - Known recipient, LDAP, or SMTP call forwarding recipient validation checks haven't |
250
|
|
|
|
|
|
|
# returned a valid internal user. |
251
|
|
|
|
|
|
|
# - The sender must resend the message to a valid internal recipient address. |
252
|
|
|
|
|
|
|
[550, 'invalid recipient'], |
253
|
|
|
|
|
|
|
], |
254
|
|
|
|
|
|
|
'virusdetected' => [ |
255
|
|
|
|
|
|
|
# - A signature was detected that could either be a virus, or a spam score over the |
256
|
|
|
|
|
|
|
# maximum threshold. The spam score isn't available in the Administration Console. If |
257
|
|
|
|
|
|
|
# you aren't a Mimecast customer but have emails rejected with this error code, con- |
258
|
|
|
|
|
|
|
# tact the recipient to adjust their configuration and permit your address. If unsuc- |
259
|
|
|
|
|
|
|
# cessful, your IT department can submit a request to review these email rejections |
260
|
|
|
|
|
|
|
# via our Sender Feedback form. |
261
|
|
|
|
|
|
|
# - Anti-virus checks cannot be bypassed. Contact the sender to see if they can stop |
262
|
|
|
|
|
|
|
# these messages from being blocked. Anti-spam checks can be bypassed using a Per- |
263
|
|
|
|
|
|
|
# mitted Senders or Auto Allow policy. Rejected emails can be viewed in your Outbound |
264
|
|
|
|
|
|
|
# Activity and searching for the required email address. |
265
|
|
|
|
|
|
|
[554, 'email rejected due to security policies'], |
266
|
|
|
|
|
|
|
], |
267
|
|
|
|
|
|
|
}; |
268
|
|
|
|
|
|
|
|
269
|
12
|
|
50
|
|
|
56
|
my $esmtperror = lc $argvs->{'diagnosticcode'} // 0; |
270
|
12
|
|
50
|
|
|
54
|
my $esmtpreply = int $argvs->{'replycode'} // 0; |
271
|
12
|
|
|
|
|
21
|
my $reasontext = ''; |
272
|
|
|
|
|
|
|
|
273
|
12
|
|
|
|
|
68
|
REASON: for my $e ( keys %$messagesof ) { |
274
|
|
|
|
|
|
|
# Try to find with each error message defined in $messagesof |
275
|
70
|
|
|
|
|
76
|
for my $f ( @{ $messagesof->{ $e } } ) { |
|
70
|
|
|
|
|
128
|
|
276
|
|
|
|
|
|
|
# Find an error reason |
277
|
161
|
100
|
|
|
|
283
|
next unless $esmtpreply == $f->[0]; |
278
|
29
|
100
|
|
|
|
110
|
next unless index($esmtperror, $f->[1]) > -1; |
279
|
12
|
|
|
|
|
21
|
$reasontext = $e; |
280
|
12
|
|
|
|
|
26
|
last REASON; |
281
|
|
|
|
|
|
|
} |
282
|
|
|
|
|
|
|
} |
283
|
12
|
|
|
|
|
53
|
return $reasontext; |
284
|
|
|
|
|
|
|
} |
285
|
|
|
|
|
|
|
|
286
|
|
|
|
|
|
|
1; |
287
|
|
|
|
|
|
|
__END__ |