Messaging Gateway

Hi all,

From a time ago, our SMG block messages that come from google. According my own investigation the sender receives an email that said:

Message Blocked 
(A red light stop sign)
554 5.7.1 You are not allowed to connect

This occurs because the sender has google as his email (this could came from gmail or a company with mail in google cloud) is google. I tested connections with SMG and in once I can knew the origin IP and the IP was in bad list of Symantec. 
In the other hand, when a google user send an email with multiples copies, each destination (same domain, many users) means one origin IP for each, so this means, that one user in the organization receives email and other no.
This start one case by month, today with cloud migration, we have many claims form users that do not receives they mails.
I opened a case, but the girl did nothing.

Any know an idea or has the same problem.

regards,
Carlos Espinoza

------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.
------------------------------

Trying to understand the issue you are having, but I'm a little confused:
Are you saying that someone with a gmail account is trying to send mail through the SMG and it is getting blocked?  

Just because the sender is getting a 554 doesn't mean they are on the ****.  It could be that you have enabled reverse DNS checking
(in the BCC Protocols -> Settings and look at the "DNS Validation" section). 
Email will also be rejected if it is in any local **** that you have added.
(Reputation -> Bad Senders and look at any policies you have configured with a "Reject SMTP Connection" action)

Another place to check would be if you are using Quarantine and you have enabled End User Quarantine, check whether you have also enabled end user black/white listing:  some user may have set something up.

Regarding having multiple source IPs associated with the same sender, I'm sure it's possible, depending on how the sending MTA processes such things. (Not efficient, and it is an old spammer's trick from waaaay back, to rotate the IP you are sending from to try and avoid things like tar-pitting because of volume or, if you are lucky, get around IP reputation lists).

Not sure what "cloud migration" means or has to do with it, but (just a guess) that maybe some "extra hop" has been added somewhere or under some conditions that is impacting mail delivery.

Otherwise, it seems like you are saying "some IPs from Google are legit and some are bad"?

When you say "the girl did nothing", what did you tell her and what did you expect her to do?  Did you tell here "IP x.x.x.x is being blocked and it is legit, can you unblock it?"  or something else?
Original Message:
Sent: Apr 04, 2022 03:43 PM
From: Carlos Espinoza Chandia
Subject: Blocked IP that come from Google

Hi all,

From a time ago, our SMG block messages that come from google. According my own investigation the sender receives an email that said:

Message Blocked
(A red light stop sign)
554 5.7.1 You are not allowed to connect

This occurs because the sender has google as his email (this could came from gmail or a company with mail in google cloud) is google. I tested connections with SMG and in once I can knew the origin IP and the IP was in bad list of Symantec.
In the other hand, when a google user send an email with multiples copies, each destination (same domain, many users) means one origin IP for each, so this means, that one user in the organization receives email and other no.
This start one case by month, today with cloud migration, we have many claims form users that do not receives they mails.
I opened a case, but the girl did nothing.

Any know an idea or has the same problem.

regards,
Carlos Espinoza

------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.
------------------------------

Hello Thomas:

Are you saying that someone with a gmail account is trying to send mail through the SMG and it is getting blocked? 
Yes, but not only gmail, if the domain is managed by google (i.e. arista.com, there many others) occurs the same.

Otherwise, it seems like you are saying "some IPs from Google are legit and some are bad"?
As I see google use many IPs for send they messages and they change (security reasons, I think) and this IPs aren`t clean get, then the connection is refused, after a few days the IP are retired from the Symantec bad senders list.

Regarding having multiple source IPs associated with the same sender, I'm sure it's possible, depending on how the sending MTA processes such things. 
I have proof about this. In the SMG there are messages that comes from various IP for the same message and is the copy of the sender, but to the company arrives from different IPs.

...It could be that you have enabled reverse DNS
Yes I use DNS reverse verification, but the answer that the system send is in spanish, I changed it. In the other side, google has covered that (reverse DNS).

About "cloud migration" is in reference that many companies are change their email system from a local (on premise) to cloud system.

Test a SMTP connection from your home IP (home IP -- IP that your Internet Provider give in your house) is in black list, the SMG close your connection with the same message. Then go to the Message Audit Logs in the SMG and search by your IP, see the verdict.

I don't know what IP use google to send a particular message.

------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.
------------------------------

Original Message:
Sent: Apr 04, 2022 04:57 PM
From: Thomas Anderson
Subject: Blocked IP that come from Google

Trying to understand the issue you are having, but I'm a little confused:
Are you saying that someone with a gmail account is trying to send mail through the SMG and it is getting blocked?

Just because the sender is getting a 554 doesn't mean they are on the ****.  It could be that you have enabled reverse DNS checking
(in the BCC Protocols -> Settings and look at the "DNS Validation" section).
Email will also be rejected if it is in any local **** that you have added.
(Reputation -> Bad Senders and look at any policies you have configured with a "Reject SMTP Connection" action)

Another place to check would be if you are using Quarantine and you have enabled End User Quarantine, check whether you have also enabled end user black/white listing:  some user may have set something up.

Regarding having multiple source IPs associated with the same sender, I'm sure it's possible, depending on how the sending MTA processes such things. (Not efficient, and it is an old spammer's trick from waaaay back, to rotate the IP you are sending from to try and avoid things like tar-pitting because of volume or, if you are lucky, get around IP reputation lists).

Not sure what "cloud migration" means or has to do with it, but (just a guess) that maybe some "extra hop" has been added somewhere or under some conditions that is impacting mail delivery.

Otherwise, it seems like you are saying "some IPs from Google are legit and some are bad"?

When you say "the girl did nothing", what did you tell her and what did you expect her to do?  Did you tell here "IP x.x.x.x is being blocked and it is legit, can you unblock it?"  or something else?
Original Message:
Sent: Apr 04, 2022 03:43 PM
From: Carlos Espinoza Chandia
Subject: Blocked IP that come from Google

Hi all,

From a time ago, our SMG block messages that come from google. According my own investigation the sender receives an email that said:

Message Blocked
(A red light stop sign)
554 5.7.1 You are not allowed to connect

This occurs because the sender has google as his email (this could came from gmail or a company with mail in google cloud) is google. I tested connections with SMG and in once I can knew the origin IP and the IP was in bad list of Symantec.
In the other hand, when a google user send an email with multiples copies, each destination (same domain, many users) means one origin IP for each, so this means, that one user in the organization receives email and other no.
This start one case by month, today with cloud migration, we have many claims form users that do not receives they mails.
I opened a case, but the girl did nothing.

Any know an idea or has the same problem.

regards,
Carlos Espinoza

------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.
------------------------------

I would make a ticket to Broadcom


Original Message:
Sent: 4/4/2022 5:51:00 PM
From: CarlosEspinozaCh
Subject: RE: Blocked IP that come from Google

Hello Thomas:

Are you saying that someone with a gmail account is trying to send mail through the SMG and it is getting blocked? 
Yes, but not only gmail, if the domain is managed by google (i.e. arista.com, there many others) occurs the same.

Otherwise, it seems like you are saying "some IPs from Google are legit and some are bad"?
As I see google use many IPs for send they messages and they change (security reasons, I think) and this IPs aren`t clean get, then the connection is refused, after a few days the IP are retired from the Symantec bad senders list.

Regarding having multiple source IPs associated with the same sender, I'm sure it's possible, depending on how the sending MTA processes such things. 
I have proof about this. In the SMG there are messages that comes from various IP for the same message and is the copy of the sender, but to the company arrives from different IPs.

...It could be that you have enabled reverse DNS
Yes I use DNS reverse verification, but the answer that the system send is in spanish, I changed it. In the other side, google has covered that (reverse DNS).

About "cloud migration" is in reference that many companies are change their email system from a local (on premise) to cloud system.

Test a SMTP connection from your home IP (home IP -- IP that your Internet Provider give in your house) is in black list, the SMG close your connection with the same message. Then go to the Message Audit Logs in the SMG and search by your IP, see the verdict.

I don't know what IP use google to send a particular message.

------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.
------------------------------

Original Message:
Sent: Apr 04, 2022 04:57 PM
From: Thomas Anderson
Subject: Blocked IP that come from Google

Trying to understand the issue you are having, but I'm a little confused:
Are you saying that someone with a gmail account is trying to send mail through the SMG and it is getting blocked?

Just because the sender is getting a 554 doesn't mean they are on the ****.  It could be that you have enabled reverse DNS checking
(in the BCC Protocols -> Settings and look at the "DNS Validation" section).
Email will also be rejected if it is in any local **** that you have added.
(Reputation -> Bad Senders and look at any policies you have configured with a "Reject SMTP Connection" action)

Another place to check would be if you are using Quarantine and you have enabled End User Quarantine, check whether you have also enabled end user black/white listing:  some user may have set something up.

Regarding having multiple source IPs associated with the same sender, I'm sure it's possible, depending on how the sending MTA processes such things. (Not efficient, and it is an old spammer's trick from waaaay back, to rotate the IP you are sending from to try and avoid things like tar-pitting because of volume or, if you are lucky, get around IP reputation lists).

Not sure what "cloud migration" means or has to do with it, but (just a guess) that maybe some "extra hop" has been added somewhere or under some conditions that is impacting mail delivery.

Otherwise, it seems like you are saying "some IPs from Google are legit and some are bad"?

When you say "the girl did nothing", what did you tell her and what did you expect her to do?  Did you tell here "IP x.x.x.x is being blocked and it is legit, can you unblock it?"  or something else?
Original Message:
Sent: Apr 04, 2022 03:43 PM
From: Carlos Espinoza Chandia
Subject: Blocked IP that come from Google

Hi all,

From a time ago, our SMG block messages that come from google. According my own investigation the sender receives an email that said:

Message Blocked
(A red light stop sign)
554 5.7.1 You are not allowed to connect

This occurs because the sender has google as his email (this could came from gmail or a company with mail in google cloud) is google. I tested connections with SMG and in once I can knew the origin IP and the IP was in bad list of Symantec.
In the other hand, when a google user send an email with multiples copies, each destination (same domain, many users) means one origin IP for each, so this means, that one user in the organization receives email and other no.
This start one case by month, today with cloud migration, we have many claims form users that do not receives they mails.
I opened a case, but the girl did nothing.

Any know an idea or has the same problem.

regards,
Carlos Espinoza

------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.
------------------------------

Ah, OK, now I think I understand what you are seeing, and it makes sense.
For example:  I get a brand new account and my provider (Google, or whoever) gives me a public IP address, say for example 11.11.11.11.
Now I try sending email to YOU from that IP address.  
"Yes" the chances are really good that my IP WILL be blocked.  Not just by Broadcom/Symantec but by Spamhaus and a lot of other people as well.
Even when I do "all the right stuff" (set up reverse DNS records, set up SPF records, contact Google, Yahoo, etc and follow all their directions for becoming a "legit" email sender) it will take a while before they stop tarpitting and blacklisting me.

There are multiple things going on here: 
1.  my new IP address doesn't have any "sender reputation"  (I'm the "new kid on the block" and nobody will trust me yet).
2.  Providers suck up IP ranges in huge blocks (remember the good old days when you could just ask for and get/own your own IPs for life, without a "provider"??  looong gone).
3.  The "users" of the individual IP addresses in those blocks come and go (tomorrow I go to another service and they give me 12.12.12.12, and my old provider gives 11.11.11.11 go someone else).
So it takes time for some new entity to build up a good reputation and I will find myself spending a lot of time contacting people who administer mail systems and reputation services tring to convince them that I'm NOT a "bad actor".

Yes, it is a PITA, but things have evolved this way because of spammer tactics when people were more trusting.
Also everyone is much MORE cautions these days, because it's no longer just spammers filling up your inbox with adverts and such, now bad actors are really into using email to distribute ransomware, and other nasty bits.
(The only thing WORSE than that 2am weekend call that the system went belly up, is the call that your enterprise has been hacked and data stolen or erased).
NET:  It "sounds", unless I am mis-reading your post and responses, like you are describing expected behavior.
Original Message:
Sent: Apr 04, 2022 05:51 PM
From: Carlos Espinoza Chandia
Subject: Blocked IP that come from Google

Hello Thomas:

Are you saying that someone with a gmail account is trying to send mail through the SMG and it is getting blocked? 
Yes, but not only gmail, if the domain is managed by google (i.e. arista.com, there many others) occurs the same.

Otherwise, it seems like you are saying "some IPs from Google are legit and some are bad"?
As I see google use many IPs for send they messages and they change (security reasons, I think) and this IPs aren`t clean get, then the connection is refused, after a few days the IP are retired from the Symantec bad senders list.

Regarding having multiple source IPs associated with the same sender, I'm sure it's possible, depending on how the sending MTA processes such things. 
I have proof about this. In the SMG there are messages that comes from various IP for the same message and is the copy of the sender, but to the company arrives from different IPs.

...It could be that you have enabled reverse DNS
Yes I use DNS reverse verification, but the answer that the system send is in spanish, I changed it. In the other side, google has covered that (reverse DNS).

About "cloud migration" is in reference that many companies are change their email system from a local (on premise) to cloud system.

Test a SMTP connection from your home IP (home IP -- IP that your Internet Provider give in your house) is in black list, the SMG close your connection with the same message. Then go to the Message Audit Logs in the SMG and search by your IP, see the verdict.

I don't know what IP use google to send a particular message.

------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.

Original Message:
Sent: Apr 04, 2022 04:57 PM
From: Thomas Anderson
Subject: Blocked IP that come from Google

Trying to understand the issue you are having, but I'm a little confused:
Are you saying that someone with a gmail account is trying to send mail through the SMG and it is getting blocked?

Just because the sender is getting a 554 doesn't mean they are on the ****.  It could be that you have enabled reverse DNS checking
(in the BCC Protocols -> Settings and look at the "DNS Validation" section).
Email will also be rejected if it is in any local **** that you have added.
(Reputation -> Bad Senders and look at any policies you have configured with a "Reject SMTP Connection" action)

Another place to check would be if you are using Quarantine and you have enabled End User Quarantine, check whether you have also enabled end user black/white listing:  some user may have set something up.

Regarding having multiple source IPs associated with the same sender, I'm sure it's possible, depending on how the sending MTA processes such things. (Not efficient, and it is an old spammer's trick from waaaay back, to rotate the IP you are sending from to try and avoid things like tar-pitting because of volume or, if you are lucky, get around IP reputation lists).

Not sure what "cloud migration" means or has to do with it, but (just a guess) that maybe some "extra hop" has been added somewhere or under some conditions that is impacting mail delivery.

Otherwise, it seems like you are saying "some IPs from Google are legit and some are bad"?

When you say "the girl did nothing", what did you tell her and what did you expect her to do?  Did you tell here "IP x.x.x.x is being blocked and it is legit, can you unblock it?"  or something else?
Original Message:
Sent: Apr 04, 2022 03:43 PM
From: Carlos Espinoza Chandia
Subject: Blocked IP that come from Google

Hi all,

From a time ago, our SMG block messages that come from google. According my own investigation the sender receives an email that said:

Message Blocked
(A red light stop sign)
554 5.7.1 You are not allowed to connect

This occurs because the sender has google as his email (this could came from gmail or a company with mail in google cloud) is google. I tested connections with SMG and in once I can knew the origin IP and the IP was in bad list of Symantec.
In the other hand, when a google user send an email with multiples copies, each destination (same domain, many users) means one origin IP for each, so this means, that one user in the organization receives email and other no.
This start one case by month, today with cloud migration, we have many claims form users that do not receives they mails.
I opened a case, but the girl did nothing.

Any know an idea or has the same problem.

regards,
Carlos Espinoza

------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.
------------------------------

Hello Thomas:
You understood the problem that I have. In the only one point I disagree with, the IP is in the list of Symantec not in the Spamhaus. Before, I had Spamhaus as one of the provider of black list, but when I start with this problem I left only the Symantec Global Bad Senders. But the problem continuing. 
In the other hand, this problem starts this year with a lot of complaints from users (including the big boss) that they don't receive the messages with probes that the email was refused in our side. Every time, when we reviewed the domains, they are in google. What changed did Symantec to start this?

What we hope to solve this? Well, Broadcom will start conversations with Google and will said him. What are you doing? This fight is of titans we, the small people, take seat, view and clap.

For people that hope a solution in this, we changed the action in the policy of reputation, we put the action to send message to quarantine and an administrator decide if the message can be released. This is a troubleshooting, not a solution to the problem.


------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.
------------------------------

Original Message:
Sent: Apr 05, 2022 04:46 PM
From: Thomas Anderson
Subject: Blocked IP that come from Google

Ah, OK, now I think I understand what you are seeing, and it makes sense.
For example:  I get a brand new account and my provider (Google, or whoever) gives me a public IP address, say for example 11.11.11.11.
Now I try sending email to YOU from that IP address.
"Yes" the chances are really good that my IP WILL be blocked.  Not just by Broadcom/Symantec but by Spamhaus and a lot of other people as well.
Even when I do "all the right stuff" (set up reverse DNS records, set up SPF records, contact Google, Yahoo, etc and follow all their directions for becoming a "legit" email sender) it will take a while before they stop tarpitting and blacklisting me.

There are multiple things going on here:
1.  my new IP address doesn't have any "sender reputation"  (I'm the "new kid on the block" and nobody will trust me yet).
2.  Providers suck up IP ranges in huge blocks (remember the good old days when you could just ask for and get/own your own IPs for life, without a "provider"??  looong gone).
3.  The "users" of the individual IP addresses in those blocks come and go (tomorrow I go to another service and they give me 12.12.12.12, and my old provider gives 11.11.11.11 go someone else).
So it takes time for some new entity to build up a good reputation and I will find myself spending a lot of time contacting people who administer mail systems and reputation services tring to convince them that I'm NOT a "bad actor".

Yes, it is a PITA, but things have evolved this way because of spammer tactics when people were more trusting.
Also everyone is much MORE cautions these days, because it's no longer just spammers filling up your inbox with adverts and such, now bad actors are really into using email to distribute ransomware, and other nasty bits.
(The only thing WORSE than that 2am weekend call that the system went belly up, is the call that your enterprise has been hacked and data stolen or erased).
NET:  It "sounds", unless I am mis-reading your post and responses, like you are describing expected behavior.
Original Message:
Sent: Apr 04, 2022 05:51 PM
From: Carlos Espinoza Chandia
Subject: Blocked IP that come from Google

Hello Thomas:

Are you saying that someone with a gmail account is trying to send mail through the SMG and it is getting blocked? 
Yes, but not only gmail, if the domain is managed by google (i.e. arista.com, there many others) occurs the same.

Otherwise, it seems like you are saying "some IPs from Google are legit and some are bad"?
As I see google use many IPs for send they messages and they change (security reasons, I think) and this IPs aren`t clean get, then the connection is refused, after a few days the IP are retired from the Symantec bad senders list.

Regarding having multiple source IPs associated with the same sender, I'm sure it's possible, depending on how the sending MTA processes such things. 
I have proof about this. In the SMG there are messages that comes from various IP for the same message and is the copy of the sender, but to the company arrives from different IPs.

...It could be that you have enabled reverse DNS
Yes I use DNS reverse verification, but the answer that the system send is in spanish, I changed it. In the other side, google has covered that (reverse DNS).

About "cloud migration" is in reference that many companies are change their email system from a local (on premise) to cloud system.

Test a SMTP connection from your home IP (home IP -- IP that your Internet Provider give in your house) is in black list, the SMG close your connection with the same message. Then go to the Message Audit Logs in the SMG and search by your IP, see the verdict.

I don't know what IP use google to send a particular message.

------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.

Original Message:
Sent: Apr 04, 2022 04:57 PM
From: Thomas Anderson
Subject: Blocked IP that come from Google

Trying to understand the issue you are having, but I'm a little confused:
Are you saying that someone with a gmail account is trying to send mail through the SMG and it is getting blocked?

Just because the sender is getting a 554 doesn't mean they are on the ****.  It could be that you have enabled reverse DNS checking
(in the BCC Protocols -> Settings and look at the "DNS Validation" section).
Email will also be rejected if it is in any local **** that you have added.
(Reputation -> Bad Senders and look at any policies you have configured with a "Reject SMTP Connection" action)

Another place to check would be if you are using Quarantine and you have enabled End User Quarantine, check whether you have also enabled end user black/white listing:  some user may have set something up.

Regarding having multiple source IPs associated with the same sender, I'm sure it's possible, depending on how the sending MTA processes such things. (Not efficient, and it is an old spammer's trick from waaaay back, to rotate the IP you are sending from to try and avoid things like tar-pitting because of volume or, if you are lucky, get around IP reputation lists).

Not sure what "cloud migration" means or has to do with it, but (just a guess) that maybe some "extra hop" has been added somewhere or under some conditions that is impacting mail delivery.

Otherwise, it seems like you are saying "some IPs from Google are legit and some are bad"?

When you say "the girl did nothing", what did you tell her and what did you expect her to do?  Did you tell here "IP x.x.x.x is being blocked and it is legit, can you unblock it?"  or something else?
Original Message:
Sent: Apr 04, 2022 03:43 PM
From: Carlos Espinoza Chandia
Subject: Blocked IP that come from Google

Hi all,

From a time ago, our SMG block messages that come from google. According my own investigation the sender receives an email that said:

Message Blocked
(A red light stop sign)
554 5.7.1 You are not allowed to connect

This occurs because the sender has google as his email (this could came from gmail or a company with mail in google cloud) is google. I tested connections with SMG and in once I can knew the origin IP and the IP was in bad list of Symantec.
In the other hand, when a google user send an email with multiples copies, each destination (same domain, many users) means one origin IP for each, so this means, that one user in the organization receives email and other no.
This start one case by month, today with cloud migration, we have many claims form users that do not receives they mails.
I opened a case, but the girl did nothing.

Any know an idea or has the same problem.

regards,
Carlos Espinoza

------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.
------------------------------

Open a support call, but it may be in vane.


Original Message:
Sent: 4/8/2022 4:27:00 PM
From: CarlosEspinozaCh
Subject: RE: Blocked IP that come from Google

Hello Thomas:
You understood the problem that I have. In the only one point I disagree with, the IP is in the list of Symantec not in the Spamhaus. Before, I had Spamhaus as one of the provider of black list, but when I start with this problem I left only the Symantec Global Bad Senders. But the problem continuing. 
In the other hand, this problem starts this year with a lot of complaints from users (including the big boss) that they don't receive the messages with probes that the email was refused in our side. Every time, when we reviewed the domains, they are in google. What changed did Symantec to start this?

What we hope to solve this? Well, Broadcom will start conversations with Google and will said him. What are you doing? This fight is of titans we, the small people, take seat, view and clap.

For people that hope a solution in this, we changed the action in the policy of reputation, we put the action to send message to quarantine and an administrator decide if the message can be released. This is a troubleshooting, not a solution to the problem.


------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.
------------------------------

Original Message:
Sent: Apr 05, 2022 04:46 PM
From: Thomas Anderson
Subject: Blocked IP that come from Google

Ah, OK, now I think I understand what you are seeing, and it makes sense.
For example:  I get a brand new account and my provider (Google, or whoever) gives me a public IP address, say for example 11.11.11.11.
Now I try sending email to YOU from that IP address.
"Yes" the chances are really good that my IP WILL be blocked.  Not just by Broadcom/Symantec but by Spamhaus and a lot of other people as well.
Even when I do "all the right stuff" (set up reverse DNS records, set up SPF records, contact Google, Yahoo, etc and follow all their directions for becoming a "legit" email sender) it will take a while before they stop tarpitting and blacklisting me.

There are multiple things going on here:
1.  my new IP address doesn't have any "sender reputation"  (I'm the "new kid on the block" and nobody will trust me yet).
2.  Providers suck up IP ranges in huge blocks (remember the good old days when you could just ask for and get/own your own IPs for life, without a "provider"??  looong gone).
3.  The "users" of the individual IP addresses in those blocks come and go (tomorrow I go to another service and they give me 12.12.12.12, and my old provider gives 11.11.11.11 go someone else).
So it takes time for some new entity to build up a good reputation and I will find myself spending a lot of time contacting people who administer mail systems and reputation services tring to convince them that I'm NOT a "bad actor".

Yes, it is a PITA, but things have evolved this way because of spammer tactics when people were more trusting.
Also everyone is much MORE cautions these days, because it's no longer just spammers filling up your inbox with adverts and such, now bad actors are really into using email to distribute ransomware, and other nasty bits.
(The only thing WORSE than that 2am weekend call that the system went belly up, is the call that your enterprise has been hacked and data stolen or erased).
NET:  It "sounds", unless I am mis-reading your post and responses, like you are describing expected behavior.
Original Message:
Sent: Apr 04, 2022 05:51 PM
From: Carlos Espinoza Chandia
Subject: Blocked IP that come from Google

Hello Thomas:

Are you saying that someone with a gmail account is trying to send mail through the SMG and it is getting blocked? 
Yes, but not only gmail, if the domain is managed by google (i.e. arista.com, there many others) occurs the same.

Otherwise, it seems like you are saying "some IPs from Google are legit and some are bad"?
As I see google use many IPs for send they messages and they change (security reasons, I think) and this IPs aren`t clean get, then the connection is refused, after a few days the IP are retired from the Symantec bad senders list.

Regarding having multiple source IPs associated with the same sender, I'm sure it's possible, depending on how the sending MTA processes such things. 
I have proof about this. In the SMG there are messages that comes from various IP for the same message and is the copy of the sender, but to the company arrives from different IPs.

...It could be that you have enabled reverse DNS
Yes I use DNS reverse verification, but the answer that the system send is in spanish, I changed it. In the other side, google has covered that (reverse DNS).

About "cloud migration" is in reference that many companies are change their email system from a local (on premise) to cloud system.

Test a SMTP connection from your home IP (home IP -- IP that your Internet Provider give in your house) is in black list, the SMG close your connection with the same message. Then go to the Message Audit Logs in the SMG and search by your IP, see the verdict.

I don't know what IP use google to send a particular message.

------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.

Original Message:
Sent: Apr 04, 2022 04:57 PM
From: Thomas Anderson
Subject: Blocked IP that come from Google

Trying to understand the issue you are having, but I'm a little confused:
Are you saying that someone with a gmail account is trying to send mail through the SMG and it is getting blocked?

Just because the sender is getting a 554 doesn't mean they are on the ****.  It could be that you have enabled reverse DNS checking
(in the BCC Protocols -> Settings and look at the "DNS Validation" section).
Email will also be rejected if it is in any local **** that you have added.
(Reputation -> Bad Senders and look at any policies you have configured with a "Reject SMTP Connection" action)

Another place to check would be if you are using Quarantine and you have enabled End User Quarantine, check whether you have also enabled end user black/white listing:  some user may have set something up.

Regarding having multiple source IPs associated with the same sender, I'm sure it's possible, depending on how the sending MTA processes such things. (Not efficient, and it is an old spammer's trick from waaaay back, to rotate the IP you are sending from to try and avoid things like tar-pitting because of volume or, if you are lucky, get around IP reputation lists).

Not sure what "cloud migration" means or has to do with it, but (just a guess) that maybe some "extra hop" has been added somewhere or under some conditions that is impacting mail delivery.

Otherwise, it seems like you are saying "some IPs from Google are legit and some are bad"?

When you say "the girl did nothing", what did you tell her and what did you expect her to do?  Did you tell here "IP x.x.x.x is being blocked and it is legit, can you unblock it?"  or something else?
Original Message:
Sent: Apr 04, 2022 03:43 PM
From: Carlos Espinoza Chandia
Subject: Blocked IP that come from Google

Hi all,

From a time ago, our SMG block messages that come from google. According my own investigation the sender receives an email that said:

Message Blocked
(A red light stop sign)
554 5.7.1 You are not allowed to connect

This occurs because the sender has google as his email (this could came from gmail or a company with mail in google cloud) is google. I tested connections with SMG and in once I can knew the origin IP and the IP was in bad list of Symantec.
In the other hand, when a google user send an email with multiples copies, each destination (same domain, many users) means one origin IP for each, so this means, that one user in the organization receives email and other no.
This start one case by month, today with cloud migration, we have many claims form users that do not receives they mails.
I opened a case, but the girl did nothing.

Any know an idea or has the same problem.

regards,
Carlos Espinoza

------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.
------------------------------

I’m trying to understand what is the purpose of this question?


Original Message:
Sent: 4/4/2022 4:57:00 PM
From: Thomas Anderson
Subject: RE: Blocked IP that come from Google

Trying to understand the issue you are having, but I'm a little confused:
Are you saying that someone with a gmail account is trying to send mail through the SMG and it is getting blocked?  

Just because the sender is getting a 554 doesn't mean they are on the ****.  It could be that you have enabled reverse DNS checking
(in the BCC Protocols -> Settings and look at the "DNS Validation" section). 
Email will also be rejected if it is in any local **** that you have added.
(Reputation -> Bad Senders and look at any policies you have configured with a "Reject SMTP Connection" action)

Another place to check would be if you are using Quarantine and you have enabled End User Quarantine, check whether you have also enabled end user black/white listing:  some user may have set something up.

Regarding having multiple source IPs associated with the same sender, I'm sure it's possible, depending on how the sending MTA processes such things. (Not efficient, and it is an old spammer's trick from waaaay back, to rotate the IP you are sending from to try and avoid things like tar-pitting because of volume or, if you are lucky, get around IP reputation lists).

Not sure what "cloud migration" means or has to do with it, but (just a guess) that maybe some "extra hop" has been added somewhere or under some conditions that is impacting mail delivery.

Otherwise, it seems like you are saying "some IPs from Google are legit and some are bad"?

When you say "the girl did nothing", what did you tell her and what did you expect her to do?  Did you tell here "IP x.x.x.x is being blocked and it is legit, can you unblock it?"  or something else?
Original Message:
Sent: Apr 04, 2022 03:43 PM
From: Carlos Espinoza Chandia
Subject: Blocked IP that come from Google

Hi all,

From a time ago, our SMG block messages that come from google. According my own investigation the sender receives an email that said:

Message Blocked
(A red light stop sign)
554 5.7.1 You are not allowed to connect

This occurs because the sender has google as his email (this could came from gmail or a company with mail in google cloud) is google. I tested connections with SMG and in once I can knew the origin IP and the IP was in bad list of Symantec.
In the other hand, when a google user send an email with multiples copies, each destination (same domain, many users) means one origin IP for each, so this means, that one user in the organization receives email and other no.
This start one case by month, today with cloud migration, we have many claims form users that do not receives they mails.
I opened a case, but the girl did nothing.

Any know an idea or has the same problem.

regards,
Carlos Espinoza

------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.
------------------------------

I need know if I alone in the world and could be a problem in my configuration or I'm right with my conclusions.

------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.
------------------------------

Original Message:
Sent: Apr 04, 2022 10:41 PM
From: Alexander Sanita
Subject: Blocked IP that come from Google

I'm trying to understand what is the purpose of this question?


Original Message:
Sent: 4/4/2022 4:57:00 PM
From: Thomas Anderson
Subject: RE: Blocked IP that come from Google

Trying to understand the issue you are having, but I'm a little confused:
Are you saying that someone with a gmail account is trying to send mail through the SMG and it is getting blocked?

Just because the sender is getting a 554 doesn't mean they are on the ****.  It could be that you have enabled reverse DNS checking
(in the BCC Protocols -> Settings and look at the "DNS Validation" section).
Email will also be rejected if it is in any local **** that you have added.
(Reputation -> Bad Senders and look at any policies you have configured with a "Reject SMTP Connection" action)

Another place to check would be if you are using Quarantine and you have enabled End User Quarantine, check whether you have also enabled end user black/white listing:  some user may have set something up.

Regarding having multiple source IPs associated with the same sender, I'm sure it's possible, depending on how the sending MTA processes such things. (Not efficient, and it is an old spammer's trick from waaaay back, to rotate the IP you are sending from to try and avoid things like tar-pitting because of volume or, if you are lucky, get around IP reputation lists).

Not sure what "cloud migration" means or has to do with it, but (just a guess) that maybe some "extra hop" has been added somewhere or under some conditions that is impacting mail delivery.

Otherwise, it seems like you are saying "some IPs from Google are legit and some are bad"?

When you say "the girl did nothing", what did you tell her and what did you expect her to do?  Did you tell here "IP x.x.x.x is being blocked and it is legit, can you unblock it?"  or something else?
Original Message:
Sent: Apr 04, 2022 03:43 PM
From: Carlos Espinoza Chandia
Subject: Blocked IP that come from Google

Hi all,

From a time ago, our SMG block messages that come from google. According my own investigation the sender receives an email that said:

Message Blocked
(A red light stop sign)
554 5.7.1 You are not allowed to connect

This occurs because the sender has google as his email (this could came from gmail or a company with mail in google cloud) is google. I tested connections with SMG and in once I can knew the origin IP and the IP was in bad list of Symantec.
In the other hand, when a google user send an email with multiples copies, each destination (same domain, many users) means one origin IP for each, so this means, that one user in the organization receives email and other no.
This start one case by month, today with cloud migration, we have many claims form users that do not receives they mails.
I opened a case, but the girl did nothing.

Any know an idea or has the same problem.

regards,
Carlos Espinoza

------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.
------------------------------

Make a support ticket please


Original Message:
Sent: 4/5/2022 3:13:00 PM
From: CarlosEspinozaCh
Subject: RE: Blocked IP that come from Google

I need know if I alone in the world and could be a problem in my configuration or I'm right with my conclusions.

------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.
------------------------------

Original Message:
Sent: Apr 04, 2022 10:41 PM
From: Alexander Sanita
Subject: Blocked IP that come from Google

I'm trying to understand what is the purpose of this question?


Original Message:
Sent: 4/4/2022 4:57:00 PM
From: Thomas Anderson
Subject: RE: Blocked IP that come from Google

Trying to understand the issue you are having, but I'm a little confused:
Are you saying that someone with a gmail account is trying to send mail through the SMG and it is getting blocked?

Just because the sender is getting a 554 doesn't mean they are on the ****.  It could be that you have enabled reverse DNS checking
(in the BCC Protocols -> Settings and look at the "DNS Validation" section).
Email will also be rejected if it is in any local **** that you have added.
(Reputation -> Bad Senders and look at any policies you have configured with a "Reject SMTP Connection" action)

Another place to check would be if you are using Quarantine and you have enabled End User Quarantine, check whether you have also enabled end user black/white listing:  some user may have set something up.

Regarding having multiple source IPs associated with the same sender, I'm sure it's possible, depending on how the sending MTA processes such things. (Not efficient, and it is an old spammer's trick from waaaay back, to rotate the IP you are sending from to try and avoid things like tar-pitting because of volume or, if you are lucky, get around IP reputation lists).

Not sure what "cloud migration" means or has to do with it, but (just a guess) that maybe some "extra hop" has been added somewhere or under some conditions that is impacting mail delivery.

Otherwise, it seems like you are saying "some IPs from Google are legit and some are bad"?

When you say "the girl did nothing", what did you tell her and what did you expect her to do?  Did you tell here "IP x.x.x.x is being blocked and it is legit, can you unblock it?"  or something else?
Original Message:
Sent: Apr 04, 2022 03:43 PM
From: Carlos Espinoza Chandia
Subject: Blocked IP that come from Google

Hi all,

From a time ago, our SMG block messages that come from google. According my own investigation the sender receives an email that said:

Message Blocked
(A red light stop sign)
554 5.7.1 You are not allowed to connect

This occurs because the sender has google as his email (this could came from gmail or a company with mail in google cloud) is google. I tested connections with SMG and in once I can knew the origin IP and the IP was in bad list of Symantec.
In the other hand, when a google user send an email with multiples copies, each destination (same domain, many users) means one origin IP for each, so this means, that one user in the organization receives email and other no.
This start one case by month, today with cloud migration, we have many claims form users that do not receives they mails.
I opened a case, but the girl did nothing.

Any know an idea or has the same problem.

regards,
Carlos Espinoza

------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.
------------------------------

When u say that you are symantec products specialist, what does that mean?

thanks


Original Message:
Sent: 4/4/2022 3:43:00 PM
From: CarlosEspinozaCh
Subject: Blocked IP that come from Google

Hi all,

From a time ago, our SMG block messages that come from google. According my own investigation the sender receives an email that said:

Message Blocked 
(A red light stop sign)
554 5.7.1 You are not allowed to connect

This occurs because the sender has google as his email (this could came from gmail or a company with mail in google cloud) is google. I tested connections with SMG and in once I can knew the origin IP and the IP was in bad list of Symantec. 
In the other hand, when a google user send an email with multiples copies, each destination (same domain, many users) means one origin IP for each, so this means, that one user in the organization receives email and other no.
This start one case by month, today with cloud migration, we have many claims form users that do not receives they mails.
I opened a case, but the girl did nothing.

Any know an idea or has the same problem.

regards,
Carlos Espinoza

------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.
------------------------------

I don't need send you my certifications.

------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.
------------------------------

Original Message:
Sent: Apr 04, 2022 04:16 PM
From: Alexander Sanita
Subject: Blocked IP that come from Google

When u say that you are symantec products specialist, what does that mean?

thanks


Original Message:
Sent: 4/4/2022 3:43:00 PM
From: CarlosEspinozaCh
Subject: Blocked IP that come from Google

Hi all,

From a time ago, our SMG block messages that come from google. According my own investigation the sender receives an email that said:

Message Blocked
(A red light stop sign)
554 5.7.1 You are not allowed to connect

This occurs because the sender has google as his email (this could came from gmail or a company with mail in google cloud) is google. I tested connections with SMG and in once I can knew the origin IP and the IP was in bad list of Symantec.
In the other hand, when a google user send an email with multiples copies, each destination (same domain, many users) means one origin IP for each, so this means, that one user in the organization receives email and other no.
This start one case by month, today with cloud migration, we have many claims form users that do not receives they mails.
I opened a case, but the girl did nothing.

Any know an idea or has the same problem.

regards,
Carlos Espinoza

------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.
------------------------------

Yes u do. Lol


Original Message:
Sent: 4/5/2022 3:14:00 PM
From: CarlosEspinozaCh
Subject: RE: Blocked IP that come from Google

I don't need send you my certifications.

------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.
------------------------------

Original Message:
Sent: Apr 04, 2022 04:16 PM
From: Alexander Sanita
Subject: Blocked IP that come from Google

When u say that you are symantec products specialist, what does that mean?

thanks


Original Message:
Sent: 4/4/2022 3:43:00 PM
From: CarlosEspinozaCh
Subject: Blocked IP that come from Google

Hi all,

From a time ago, our SMG block messages that come from google. According my own investigation the sender receives an email that said:

Message Blocked
(A red light stop sign)
554 5.7.1 You are not allowed to connect

This occurs because the sender has google as his email (this could came from gmail or a company with mail in google cloud) is google. I tested connections with SMG and in once I can knew the origin IP and the IP was in bad list of Symantec.
In the other hand, when a google user send an email with multiples copies, each destination (same domain, many users) means one origin IP for each, so this means, that one user in the organization receives email and other no.
This start one case by month, today with cloud migration, we have many claims form users that do not receives they mails.
I opened a case, but the girl did nothing.

Any know an idea or has the same problem.

regards,
Carlos Espinoza

------------------------------
Carlos Espinoza Ch.
Symantec Products Specialist.
------------------------------