Banned Word Message


  • We use Exchange 2007 Enterprise edition.  I have a user that receives this message: "This message has been blocked because it contains a banned word".  She has been able to email this user in the past, and it occurs even when there is no subject, and no message in the email body.  It looks as though it is happening on our server.  I cannot see where it leaves our server.
    Wednesday, September 30, 2009 8:54 PM


All replies

  • What Exchange aware AV / anti-spam software are you using?
    Wednesday, September 30, 2009 11:54 PM
  • Symantec Corporate Edition 9
    Thursday, October 01, 2009 1:54 AM
  • Issue description: User got NDR when attempting to send message to external recipient


    Check info:

    1.      Please describe the exchange topology

    2.      Does the issue only happen to single user? Will other users encounter the same symptom when attempting to send message to that external recipient?

    3.      Does the issue only happen when user tries to send message to that specific external recipient? Does the issue reoccur when attempting to send messages to any other external recipients?



    1.      Please disable all the 3rd party on your exchange server, including the anti-virus software, and see if the issue can be reproduced

    2.      Please try to telnet the domain that the external recipient and send a test message, and see if there’s any related error info

    3.      Please use Mail Flow Troubleshooter to check the mail flow

    4.      Please run ExBPA against the exchange server for a health check


    Possible cause:

    Is there a FortiGate firewall device in the network between your user and that external recipient? This is a document from FortiGate, if you open it and look for the error message we get it has the following section in it:


    Banned word "This message has been blocked because it contains a banned word."

    FortiShield URL block

    Friday, October 02, 2009 6:04 AM
  • That isnt Exchange aware is it?
    Can you post the message tracking on this message?
    Friday, October 02, 2009 1:04 PM
  • The user only has the issue when sending to a particular domain.  She was able to send to this domain until last week, when this message began to appear.  If she logs into a different computer she has no issues.  My question is: where is the message generated.  Is it an Exchange message, antivirus message, etc?
    Friday, October 02, 2009 2:04 PM
  • I did as you suggested and used the Microsoft Exhange Troubleshooting Assistant, and the Message Tracking Center.  The results are:

    SMTP: Non-Delivered Report (NDR) Generated - Message Tracking Center
    5.7.1 smtp;554 5.7.1 - from the returned email.

    Am I correct in assuming the issue is with the recipient's email server?  I receive the error message so fast I'm questioning my assumption.

    Friday, October 02, 2009 9:54 PM
  • The receiving server is breaking the SMTP conversation with that 5.7.1 error and your server is reporting it back to the end user. Thats why it happens so fast.
    To confirm for sure, you can do a couple of things:

    From your SMTP gateway, telnet on port 25 to theirs and send a test message as the sender and see what response you get, or enable SMTP Protocol logging on the send connector, send a test message from Outlook and then check the logs.

    Friday, October 02, 2009 10:17 PM
  • I was able to successfully send an email message via telnet to the customer's email server.
    Monday, October 05, 2009 1:11 PM
  • I would enable SMTP logging and then send a test message from that same client. Checking the SMTP logs will tell you which server is generating that message. If there is no information in the SMTP logs, then you'll know that either your server or the client is generating it.
    Monday, October 05, 2009 1:18 PM
  • Any update?
    Thursday, October 08, 2009 12:58 AM
  • It was the reciepient's spam filter.  Thanks for your help.
    • Marked as answer by Alan.Gim Friday, October 09, 2009 1:08 AM
    Thursday, October 08, 2009 4:40 PM