A wise man once blogged about an issue with routing outbound SMTP to godaddy hosted domains (messages that route via smtp.secureserver.net).
5 years later the problem persists.
Even though the IP being used for outbound SMTP is not, nor has ever been, "blocked" by anyone, you will still see the following after the initial SMTP handshake (turn up outbound SMTP debugging, if necessary):
SMTPClient: ReceiveResponse: 554 Your access to this mail system has been rejected due to spam or virus content. If you believe that this failure is in error, please submit an unblock request at http://unblock.secureserver.net
Going to the URL yields an ever-so-helpful, "Thank You. [ip address that was entered] is not blocked at this time. It may have been unblocked due to an earlier request.
If you have additional questions please call 480-624-2500."
Well, your SMTP server says it's still blocked, so what gives?
So, I called the number, and talked to "Mark." It took a while for what I was calling about to click with Mark, but, eventually he insisted that because I couldn't send him an example of a bounced message with a message header that that the problem had to be on my side. I tried to explain that there wouldn't be a header for a message that was not actually routed to their systems (and if it were routed to their systems we wouldn't be having this call in the first place). Sending the chunk from the log showing that it was their side that was preventing the delivery didn't help convince him.
Anyway, nothing was solved during the call.
Here's the solution:
Even if your outbound SMTP server is not intended to accept inbound SMTP from outside your internal network, you have to open port 25 for the server's public IP. If you choose to do this ( in my situation, I had to since godaddy doesn't appear to be changing their non-standard approach any time soon), and you don't want to truly expose your server to public SMTP traffic, be sure the server's configuration doc is in order.
For example, Router/SMTP > Restrictions and Controls > SMTP Inbound Controls > Inbound Connection Controls (section) > Allow connections only from the following SMTP internet hostnames/IP addresses (field)
In an environment where this list can be large, I like to use a group for this value and then make modifications to the group, as necessary.
In this case, I knew that only 2 IP addresses would ever need to route inbound SMTP to this server (the two servers that are specifically set up to do this in the DMZ), so I entered the two IP addresses [in brackets] and restarted the router/smtp and... voilà.
Now godaddy gets a response to their helo (even though the response is basically "you will NEVER send SMTP back through me"), and the oubound mail is accepted by smtp.secureserver.net for delivery.
Cautiously Optimistic the compact -replica saved the day
Thu, Jan 30th 2014 5:09a David Brown l compact -C mail/user.nsf
[0A50:007E-0E70] 01/30/2014 05:38:55 AM Remote console command issued by admin/org: l compact -C mail/user.nsf
[0818:0004-0A98] 01/30/2014 05:38:59 AM Informational, database design compression is enabled in database mailuser.nsf.
[0818:0004-0A98] 01/30/2014 05:38:59 AM Informational, document data compression is enabled in database mailuser.nsf.
[0818:0004-0A98] 01/30/2014 05:38:59 AM Informational, LZ1 is en [read] Keywords: admin
September 3, 2013 10:08 PM
Tue, Sep 3rd 2013 9:14p David Brown Ok. I saw this bug mentioned in the Technote explaining the compact -REPLICA options but forgot that it wouldn't be fixed in any of the 8.5.3 HFs (including 8.5.3FP3 HF324)
So, if you are tempted to run something like "load compact -REPLICA -IDS_FULL=80"...
you should actually run "load compact -REPLICA -IDS_FULL 080"
You could also specify "load compact -REPLICA -IDS_FULL=080"
Even if the database is not over the 80% threshold (as specified in the example above), ther [read] Keywords: administration
Applying patches to ESXi 5.x without using vSphere or CLI
Tue, Jul 30th 2013 4:13p David Brown How to enable and use ESXi Shell Access with the Direct Console to apply patches (when you don't have access to the server via vSphere or CLI)
At the direct console of the ESXi host, press F2 and provide credentials when prompted.
Scroll to Troubleshooting Options and press Enter.
Choose Enable ESXi Shell and press Enter.
Press Esc until you return to the main direct console screen.
At the main direct console screen, press Alt-F1 to open a virtual console window to the h [read] Keywords: network
PIRC Design Modification TimeDate Location
Mon, Jun 17th 2013 12:14p David Brown PIRC added the "Design Modification TimeDate" the database.
It is updated in the database whenever design refresh or replace is run and makes an update.
Does anyone know where I can find the "Design Modification TimeDate" field and/or property?
Is it available in the Designer client or only via NotesPeek or?
Thanks. [read] Keywords: database
Configuring a Barracuda for round-robin or failover
Fri, Sep 21st 2012 2:09p David Brown Shamelessly grabbed directly from the help file...
Destination Server Name/IP - IP address or hostname that receives email after the spam and virus scans. It is usually best to use a hostname rather than an IP address so that the destination mail server can be moved and DNS updated at any time without any changes to the Barracuda Spam & Virus Firewall.
If you set Use MX Records below to Yes, you must enter a domain name for this field. If multiple servers are specified, then the [read] Keywords: apple
Registering new users with PIRC enabled by default
Wed, Feb 15th 2012 9:12a David Brown In the process of enabling PIRC (http://www-01.ibm.com/support/docview.wss?ca=kb&rs=899&uid=swg21501675), it occurs to me that there doesn't seem to be a direct way of PIRC-enabling the new file upon mail database creation. Sure it is easy enough to set the advanced property for all databases in a directory, etc, but that is only as good as the moment you do that. The mailfile for the next user to be registered (and their clustered mail database(s) also created during registration) [read] Keywords: ibm
Tip on using BES Transporter
Mon, Feb 6th 2012 1:09p David Brown BES Transporter is a powerful tool included in the BlackBerry Enterprise Server Resource Kit.
I recently used BES Transporter to move active users from a 4.1.6 customer-managed BES to a 5.0.3 BES hosted at a GBS datacenter. The beauty is that the users were unaware that the move even happened. They did not have to wipe or reactivate their devices as part of the process.
However, in the pilot phase, I did encounter one glitch that even stumped RIM support.
Suffice to say, you can create r [read] Keywords: bes