Description: This article will go over blocked email from Barracuda. The header error states that the recipient or sender is blocked (#550 permanent failure for one or more recipients ).
Today a help-desk ticket came in stating that the client could not send to a customer. They sent the below bounce back from their on-prem Exchange server.
Diagnostic information for administrators:
Generating server: SERVER.XXX.local
When I logged into Barracuda I reviewed the blocked e-mail and saw the following error:
Received: from mail.XXX.org (123-456-78-82-Wisconsin.hfc.comcastbusiness.net [123.456.78.82]) by mx1403.ess.rzc.cudaops.com (version=TLSv1 cipher=AES128-SHA bits=128 verify=NO); Tue, 23 May 2017 19:54:33 +0000
Received: from SERVER.XXX.local ([10.10.0.1]) by SERVER.XXX.local
([10.10.0.1]) with mapi; Tue, 23 May 2017 14:54:32 -0500
The above message X-BESS-REASON-EXTRA: shows the customers domain pointing to a known spam site. Barracuda will not only scan the e-mail for malicious links but also domains website.
Going to the website and inspecting the source I found the following:
The website has a hidden field pointing to known SPAM and malicious sites. It looks like every time a user visits the website these domains will also get a hit.
To fix this we contacted the website’s IT team and let them know that it looks like their website had been compromised.