Monitoring Rejected Messages

Document created by user.oxriBaJeN4 Employee on Sep 11, 2015Last modified by user.oxriBaJeN4 Employee on Jul 5, 2017
Version 13Show Document
  • View in full screen mode

Messages blocked by Mimecast in protocol are displayed in The Rejection Viewer. Mimecast rejects emails that match certain criteria (e.g. they contain a virus signature, destined to a recipient that doesn't exist). In these instances no email data is accepted by Mimecast, and rejected messages cannot be retrieved.  With all rejections, Mimecast sends a rejection code to the sending mail server, and the mail server should forward a Non-Delivery Report (NDR) to the sender.


The Rejection Viewer should be used when troubleshooting failed inbound delivery attempts. The rejection information displayed details why Mimecast rejected a message. This can be due to a variety of reasons (as listed below). If the email is legitimate, you can use this information to address the issue, and ensure that the email is allowed through to the internal recipient on the next send attempt.


Using the Rejection Viewer


The Rejection Viewer lists all rejections for the current day, although rejection information is retained for a maximum of seven days. The information includes the sender's address, recipient’s address, the sending mail server's IP address (known as the Triplet), the rejection type, and the rejection date / time.


To search for a failed email connection:

  1. Log in to the Administration Console.
  2. Click on the Administration toolbar button. A menu drop down is displayed.
  3. Click on the Monitoring | Rejections menu item.
  4. Enter either the Email Address, Domain or IP Address in the search bar.
  5. Click the Search button. The results are displayed.
  6. Select the item to view the Rejection Properties.

Common Rejection Types and Resolutions


Rejection TypeRejection Description
Rejection Resolution
IP found in RBLThe sending IP address is a known spammer, and is either listed in a block list, or the IP address is classified as having a poor reputation.Add the senders details to a Permitted Senders policy. It is also recommended the sender requests is removed from the block list.
Sender failed to RetryApplied to unknown sending addresses, where the sending email server has not re-attempted the delivery of the email within a 12 hour period (between 1 minutes and 12 hours).

The temporary fail check is part of the greylisting process. It can be bypassed with an Configuring Auto Allow Policies or Permitted Senders policy, or by creating a  greylisting bypass policy.

Invalid Recipient AddressThe internal destination email address doesn't exist or is incorrect, and Mimecast cannot deliver the message to the user.The sender must resend the email to a valid internal recipient address.
Virus Signature DetectedOne of the anti-virus signatures has been triggered, and the message has been deemed to be malware.Anti-virus checks cannot be bypassed.
Spam Signature DetectedOne of the anti-spam definitions has been triggered. This only causes the email to be rejected, if there is a very high content of spam words or phrases.Anti-spam checks can be bypassed using a Creating / Changing a Permitted Senders Policy.
Envelope Rejected / Manual Envelope RejectedA Blocked Sender Policy is in effect (either company wide, or individual) which prevents the email from being accepted by Mimecast.The personal or administrator set Configuring Blocked Senders Policies must be removed or modified to exclude the sender's address.

Rejected by header based Blocked Senders – Block policy for Header From

Envelope Rejected – Block policy for Envelope from address

Rejected by header based manually Blocked Senders – block for manual block

A Blocked Sender policy is in effect (either company wide, or individual), which prevents the email from being accepted by Mimecast. The policy has been configured to scan the Envelope or Header address, as described by the error code.The personal or administrator set Configuring Blocked Senders Policies must be removed or modified to exclude the sender's address.

Anti-Spoofing Lockout - Inbound not allowed

An Anti-Spoofing Lockout policy has been added to block inbound emails coming from an external source destined to the internal domain, where the external source is masquerading as an internal domain sender.

Create an Configuring Anti-Spoofing Policies to take no action to exclude the sender's address or IP address.

SMTP Code [Error Description]View the full article for a description of general Mimecast SMTP Error Codes.The resolution is dependent on the recipient MTA.
Invalid Sender AddressThe sender address has been blocked by the next hop mail server.This is often due to Sender Callback Verification failing, and may happen when <> (null addresses) are blocked.
IP Reputation PolicyThe reputation of the sender has caused the rejection action.View the page on Connection Attempts for further details.
Message Size Limit ReachedThe email size is too large to be accepted by Mimecast.An Configuring Email Size Limits Policies may be in effect.
To create an Auto Allow entry, ask the internal end user to send an email to the original sender asking them to resend the message in question. When they send this email, it will add the recipient to the Auto Allow database. Therefore when the sender tries to resend the message, it will bypass both reputation and spam scanning checks.

For more information on the Mimecast Security Systems, view the full article.

For a graphic representation of the Rejections, view the article on Reporting.


Troubleshooting Failed Email Delivery


When troubleshooting failed or delayed emails, it is recommended to start your search using Tracking. Tracking searches across all of the Mimecast viewers and queues and displays where the email attempt has been logged, or if the email has been accepted and archived. If an email was rejected, you can then select the entry and view additional information in the Rejection Viewer.

1 person found this helpful