Messages are being rejected by Messaging Gateway with a verdict of "System denied IP"
search cancel

Messages are being rejected by Messaging Gateway with a verdict of "System denied IP"

book

Article ID: 152089

calendar_today

Updated On: 12-16-2024

Products

Messaging Gateway

Issue/Introduction

Symantec Messaging Gateway (SMG) is rejecting mail with a verdict of "System denied IP".

Environment

Messaging Gateway

Cause

The IP address of the sender's email server may be on one or more of the following reputation services but the Action set to reject the connection:

  • The Symantec Global Bad Sender list
  • The Local Bad Sender IP list
  • A Third Party Bad Sender list configured in Reputation > Third party bad senders

By default, IP based filtering services take the Reject the connection action but, if the action is changed to something that requires Messaging Gateway to accept the message, Messaging Gateway will note that an IP matched one of the reputation lists in the audit logs before passing the message on to other filtering services for scanning rather than take the default action of rejecting the connection entirely.

Usually IP based reputation filtering only operates on the connecting IP but, if the action is not set to Reject or Defer the connection, all IP addresses in the message's Received headers will be tested against IP reputation services which are no longer operating at SMTP network connection time.

Resolution

This behavior is normal when:

  • The filtering engine determines that the message needs to be accepted in order to establish the logical connection address
  • Queued message has the connection IP added to one of the Bad Senders lists after it was queued, but before it is processed by the spam filters.

Alternately, a message may be filtered by one of the blocked IP lists but the IP was removed before the IP was checked via the IP Reputation Lookup page. In this case, the verdict will show "System denied IP" but no entry will appear in any Bad Sender lists. 

If you believe that an IP has been erroneously listed in the Global Bad Sender list you can request that the IP be reviewed via the https://ipremoval.sms.symantec.com/lookup/ page.