Messages blocked by Mimecast in protocol are displayed in The Rejection Viewer. Mimecast rejects emails that match certain criteria (e.g. they contain a virus signature, destined to a recipient that doesn't exist). In these instances no email data is accepted by Mimecast, and rejected messages cannot be retrieved. With all rejections, Mimecast sends a rejection code to the sending mail server, and the mail server should forward a Non-Delivery Report (NDR) to the sender.
The Rejection Viewer should be used when troubleshooting failed inbound delivery attempts. The rejection information displayed details why Mimecast rejected a message. This can be due to a variety of reasons (as listed below). If the email is legitimate, you can use this information to address the issue, and ensure that the email is allowed through to the internal recipient on the next send attempt.
Using the Rejection Viewer
The Rejection Viewer lists all rejections for the current day, although rejection information is retained for a maximum of seven days. The information includes the sender's address, recipient’s address, the sending mail server's IP address (known as the Triplet), the rejection type, and the rejection date / time.
To search for a failed email connection:
- Log in to the Administration Console.
- Click on the Administration toolbar button. A menu drop down is displayed.
- Click on the Monitoring | Rejections menu item.
- Enter either the Email Address, Domain or IP Address in the search bar.
- Click the Search button. The results are displayed.
- Select the item to view the Rejection Properties.
Common Rejection Types and Resolutions
|Rejection Type||Rejection Description||Rejection Resolution|
|IP found in RBL||The sending IP address is a known spammer, and is either listed in a Real-time Blackhole List (RBL) or the IP address is classified as having a poor reputation.||Add the senders details to an Auto Allow Policies or Permitted Senders policy. It is also recommended the sender requests is removed from the RBL.|
|Sender failed to Retry||Applied to unknown sending addresses, where the sending email server has not re-attempted the delivery of the email within a 12 hour period (between 1 minutes and 12 hours).|
|Invalid Recipient Address||The internal destination email address doesn't exist or is incorrect, and Mimecast cannot deliver the message to the user.||The sender must resend the email to a valid internal recipient address.|
|Virus Signature Detected||One of the anti-virus signatures has been triggered, and the message has been deemed to be malware.||Anti-virus checks cannot be bypassed.|
|Spam Signature Detected||One of the anti-spam definitions has been triggered. This only causes the email to be rejected, if there is a very high content of spam words or phrases.||Anti-spam checks can be bypassed using a Creating / Changing a Permitted Senders Policy or Auto Allow Policies policy.|
|Envelope Rejected / Manual Envelope Rejected||A Blocked Sender Policy is in effect (either company wide, or individual) which prevents the email from being accepted by Mimecast.||The personal or administrator set Creating / Changing a Blocked Senders Policy must be removed or modified to exclude the sender's address.|
Rejected by header based Blocked Senders – Block policy for Header From
Envelope Rejected – Block policy for Envelope from address
Rejected by header based manually Blocked Senders – block for manual block
|A Blocked Sender policy is in effect (either company wide, or individual), which prevents the email from being accepted by Mimecast. The policy has been configured to scan the Envelope or Header address, as described by the error code.||The personal or administrator set Creating / Changing a Blocked Senders Policy must be removed or modified to exclude the sender's address.|
Anti-Spoofing Lockout - Inbound not allowed
|An Anti-Spoofing Lockout policy has been added to block inbound emails coming from an external source destined to the internal domain, where the external source is masquerading as an internal domain sender.|
Create an Anti-Spoofing Policies to take no action to exclude the sender's address or IP address.
|SMTP Code [Error Description]||View the full article for a description of general Mimecast SMTP Error Codes.||The resolution is dependent on the recipient MTA.|
|Invalid Sender Address||The sender address has been blocked by the next hop mail server.||This is often due to Sender Callback Verification failing, and may happen when <> (null addresses) are blocked.|
|IP Reputation Policy||The reputation of the sender has caused the rejection action.||View the page on Connection Attempts for further details.|
|Message Size Limit Reached||The email size is too large to be accepted by Mimecast.||An Email Size Limits Policies may be in effect.|
For more information on the Mimecast Security Systems, view the full article.
For a graphic representation of the Rejections, view the article on Reporting.
Troubleshooting Failed Email Delivery
When troubleshooting failed or delayed emails, it is recommended to start your search using Tracking. Tracking searches across all of the Mimecast viewers and queues and displays where the email attempt has been logged, or if the email has been accepted and archived. If an email was rejected, you can then select the entry and view additional information in the Rejection Viewer.