Outgoing email errors

emailemail-bouncesemail-serverweb-hosting

A couple of months ago some of our emails got hacked (they got hands on the passwords) and they sent out 1000+ spam emails from those specfic accounts to random adresses. Now months later after having the hack problem fixed, the email accounts still face outgoing mail errors. Not with all emails, some get sent fine others will be blocked.

For instance some of the errors we get are:

Error example 1

href="mailto:xxx@hotmail.com">xxx@hotmail.com
host s01.spamexperts.axc.nl [185.182.56.9]
SMTP error from remote mail server after end of data:
550 To contains invalid characters.

Error example 2

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es)
failed:

steven@jeni.be
host s01.spamexperts.axc.nl [185.182.56.9]
SMTP error from remote mail server after end of data:
550 To contains invalid characters.

Error Example 3

Reporting-MTA: dns; vserver87.axc.nl

Action: failed Final-Recipient: rfc822;Txxx@xxx.com
Status: 5.0.0 Remote-MTA: dns; s01.spamexperts.axc.nl Diagnostic-Code:
smtp; 550 Maximum line length exceeded (see RFC 5322 2.1.1).

Error Example 4

Reporting-MTA: dns; vserver87.acx.nl

Action: failed Final-Recipient: rfc882;xxxx@xxx.be Status: 5.0.0
Remote-MTA: dns; s01.spamexpers.axc.nl Diagnostic-Code: smtp; 550
Maximum line length exceeded (See RFC 5322 2.1.1)

We are getting kinda desperate here to get this problem fixed because we don't know what to do anymore.

If it matters everything is hosted on Versio.nl

Does anyone has any clue what is going on with the emails and/or has an idea on how to fix the issues?

Kind regards

Best Answer

These errors don't seem to indicate a reputation issue.

The first three indicate issues with the destination address being sent by your server. It appears the address entry has been mangled. This likely applies to the address in the RCPT TO data.

The last may be related, or a different issue. Again it points to mangling of the message.

Try running a program like tcpdump to capture the traffic to one or two of the destinations having problems. Examine the contents to see what is being mangled.

It is possible that some address rewrite rules were implemented on your server that are mangling the data. This may be expanding the addresses to excessive lengths and or inserting invalid characters

The bounce messages should include the original message or at least the headers of the message. These may help understanding what is happening. The RFC describes the headers and their correct format.

Building a new mail server and replacing the existing server may be in order.