sisimai 4.25.15 → 5.0.0

data/lib/sisimai/rhost/{googleapps.rb → google.rb}

@@ -1,11 +1,40 @@
 module Sisimai
   module Rhost
-    # Sisimai::Rhost detects the bounce reason from the content of Sisimai::Data
-    # object as an argument of get() method when the value of "rhost" of the object
-    # is "aspmx.l.google.com". This class is called only Sisimai::Data class.
-    module GoogleApps
+    # Sisimai::Rhost detects the bounce reason from the content of Sisimai::Fact object as an argument
+    # of get() method when the value of "rhost" of the object is "aspmx.l.google.com". This class is
+    # called only Sisimai::Fact class.
+    module Google
       class << self
         MessagesOf = {
+          'authfailure' => [
+            # - 550 5.7.26 Unauthenticated email from domain-name is not accepted due to domain's
+            #   DMARC policy. Please contact the administrator of domain-name domain. If this was
+            #   a legitimate mail please visit [Control unauthenticated mail from your domain] to
+            #   learn about the DMARC initiative. If the messages are valid and aren't spam, con-
+            #   tact the administrator of the receiving mail server to determine why your outgoing
+            #   messages don't pass authentication checks.
+            ['550', '5.7.26', "is not accepted due to domain's dmarc policy"],
+
+            # - 550 5.7.26 This message does not have authentication information or fails to pass
+            #   authentication checks (SPF or DKIM). To best protect our users from spam, the mes-
+            #   sage has been blocked. Please visit https://support.google.com/mail/answer/81126
+            #   for more information.
+            ['550', '5.7.1',  'fails to pass authentication checks'],
+            ['550', '5.7.26', 'fails to pass authentication checks'],
+
+            # - 550 5.7.26 This message fails to pass SPF checks for an SPF record with a hard fail
+            #   policy (-all). To best protect our users from spam and phishing, the message has
+            #   been blocked. Please visit https://support.google.com/mail/answer/81126 for more
+            #   information.
+            ['550', '5.7.26', 'this message fails to pass spf checks for an spf record with a hard fail'],
+          ],
+          'badreputation' => [
+            # - 550 5.7.1 Our system has detected that this message is likely suspicious due to the
+            #   very low reputation of the sending IP address. To best protect our users from spam,
+            #   the message has been blocked. 
+            #   Please visit https://support.google.com/mail/answer/188131 for more information.
+            ['550', '5.7.1', 'this message is likely suspicious due to the very low reputation of the sending ip address'],
+          ],
           'blocked' => [
             ['421', '4.7.0', 'ip not in whitelist for rcpt domain, closing connection.'],
 
@@ -32,37 +61,6 @@ module Sisimai
             #   to our servers. Please use the SMTP relay at your service provider instead. For
             #   more information, visit https://support.google.com/mail/answer/10336
             ['550', '5.7.1', "the ip you're using to send mail is not authorized to send email directly to our servers"],
-
-            # - 550 5.7.25 The IP address sending this message does not have a PTR record setup, or
-            #   the corresponding forward DNS entry does not point to the sending IP. As a policy,
-            #   Gmail does not accept messages from IPs with missing PTR records.
-            ['550', '5.7.25', 'the ip address sending this message does not have a ptr record setup'],
-
-            # - 550 5.7.26 Unauthenticated email from domain-name is not accepted due to domain's
-            #   DMARC policy. Please contact the administrator of domain-name domain. If this was
-            #   a legitimate mail please visit [Control unauthenticated mail from your domain] to
-            #   learn about the DMARC initiative. If the messages are valid and aren't spam, con-
-            #   tact the administrator of the receiving mail server to determine why your outgoing
-            #   messages don't pass authentication checks.
-            ['550', '5.7.26', "is not accepted due to domain's dmarc policy"],
-
-            # - 550 5.7.26 This message does not have authentication information or fails to pass
-            #   authentication checks (SPF or DKIM). To best protect our users from spam, the mes-
-            #   sage has been blocked. Please visit https://support.google.com/mail/answer/81126
-            #   for more information.
-            ['550', '5.7.1',  'fails to pass authentication checks'],
-            ['550', '5.7.26', 'fails to pass authentication checks'],
-
-            # - 550 5.7.26 This message fails to pass SPF checks for an SPF record with a hard fail
-            #   policy (-all). To best protect our users from spam and phishing, the message has
-            #   been blocked. Please visit https://support.google.com/mail/answer/81126 for more
-            #   information.
-            ['550', '5.7.26', 'this message fails to pass spf checks for an spf record with a hard fail'],
-            # - 550 5.7.1 Our system has detected that this message is likely suspicious due to the
-            #   very low reputation of the sending IP address. To best protect our users from spam,
-            #   the message has been blocked. 
-            #   Please visit https://support.google.com/mail/answer/188131 for more information.
-            ['550', '5.7.1', 'this message is likely suspicious due to the very low reputation of the sending ip address'],
           ],
           'contenterror' => [
               ['554', '5.6.0', 'mail message is malformed. Not accepted'],
@@ -88,6 +86,9 @@ module Sisimai
           'norelaying' => [
             ['550', '5.7.0', 'mail relay denied'],
           ],
+          'notcompliantrfc' => [
+            ['550', '5.7.1', 'this message is not rfc 5322 compliant'],
+          ],
           'policyviolation' => [
             ['550', '5.7.1', 'messages with multiple addresses in from: header are not accepted'],
 
@@ -114,6 +115,12 @@ module Sisimai
 
             ['550', '5.7.1', 'unauthenticated email is not accepted from this domain'],
           ],
+          'requireptr' => [
+            # - 550 5.7.25 The IP address sending this message does not have a PTR record setup, or
+            #   the corresponding forward DNS entry does not point to the sending IP. As a policy,
+            #   Gmail does not accept messages from IPs with missing PTR records.
+            ['550', '5.7.25', 'the ip address sending this message does not have a ptr record setup'],
+          ],
           'securityerror' => [
             ['421', '4.7.0', 'tls required for rcpt domain, closing connection'],
             ['501', '5.5.2', 'cannot decode response'],   # 2FA related error, maybe.
@@ -142,8 +149,39 @@ module Sisimai
             #   For more information, visit https://support.google.com/mail/answer/188131
             ['550', '5.7.1', 'our system has detected that this message is likely unsolicited mail'],
           ],
+          'speeding' => [
+            # - 450 4.2.1 The user you are trying to contact is receiving mail too quickly. Please
+            #   resend your message at a later time. If the user is able to receive mail at that
+            #   time, your message will be delivered. 
+            #   For more information, visit https://support.google.com/mail/answer/22839
+            ['450', '4.2.1', 'is receiving mail too quickly'],
+
+            # - 450 4.2.1 The user you are trying to contact is receiving mail at a rate that pre-
+            #   vents additional messages from being delivered. Please resend your message at a
+            #   later time. If the user is able to receive mail at that time, your message will be
+            #   delivered. For more information, visit https://support.google.com/mail/answer/6592
+            ['450', '4.2.1', 'is receiving mail at a rate that prevents additional messages from being delivered'],
+            ['550', '5.2.1', 'is receiving mail at a rate that prevents additional messages from being delivered'],
+
+            # - 450 4.2.1 Peak SMTP relay limit exceeded for customer. This is a temporary error.
+            #   For more information on SMTP relay limits, please contact your administrator or
+            #   visit https://support.google.com/a/answer/6140680
+            ['450', '4.2.1', 'peak smtp relay limit exceeded for customer'],
+
+            # - 550 5.4.5 Daily SMTP relay limit exceeded for user. For more information on SMTP
+            #   relay sending limits please contact your administrator or visit SMTP relay service
+            #   error messages.
+            ['550', '5.4.5', 'daily smtp relay limit exceeded for user'],
+            ['550', '5.4.5', 'daily sending quota exceeded'],
+
+            # - 550 5.7.1 Daily SMTP relay limit exceeded for customer. For more information on
+            #   SMTP relay sending limits please contact your administrator or visit
+            #   https://support.google.com/a/answer/6140680
+            ['550', '5.7.1', 'daily smtp relay limit exceeded for customer'],
+          ],
           'suspend' => [
             ['550', '5.2.1', 'the email account that you tried to reach is disabled'],
+            ['550', '5.2.1', 'the email account that you tried to reach is inactive'],
           ],
           'syntaxerror' => [
             ['451', '4.5.0', 'smtp protocol violation, visit rfc 2821'],
@@ -180,35 +218,6 @@ module Sisimai
             # - 452 4.5.3 Your message has too many recipients. For more information regarding
             #   Google's sending limits, visit https://support.google.com/mail/answer/6592
             ['452', '4.5.3', 'your message has too many recipients'],
-
-            # - 450 4.2.1 The user you are trying to contact is receiving mail too quickly. Please
-            #   resend your message at a later time. If the user is able to receive mail at that
-            #   time, your message will be delivered. 
-            #   For more information, visit https://support.google.com/mail/answer/22839
-            ['450', '4.2.1', 'is receiving mail too quickly'],
-
-            # - 450 4.2.1 The user you are trying to contact is receiving mail at a rate that pre-
-            #   vents additional messages from being delivered. Please resend your message at a
-            #   later time. If the user is able to receive mail at that time, your message will be
-            #   delivered. For more information, visit https://support.google.com/mail/answer/6592
-            ['450', '4.2.1', 'is receiving mail at a rate that prevents additional messages from being delivered'],
-            ['550', '5.2.1', 'is receiving mail at a rate that prevents additional messages from being delivered'],
-
-            # - 450 4.2.1 Peak SMTP relay limit exceeded for customer. This is a temporary error.
-            #   For more information on SMTP relay limits, please contact your administrator or
-            #   visit https://support.google.com/a/answer/6140680
-            ['450', '4.2.1', 'peak smtp relay limit exceeded for customer'],
-
-            # - 550 5.4.5 Daily SMTP relay limit exceeded for user. For more information on SMTP
-            #   relay sending limits please contact your administrator or visit SMTP relay service
-            #   error messages.
-            ['550', '5.4.5', 'daily smtp relay limit exceeded for user'],
-            ['550', '5.4.5', 'daily sending quota exceeded'],
-
-            # - 550 5.7.1 Daily SMTP relay limit exceeded for customer. For more information on
-            #   SMTP relay sending limits please contact your administrator or visit
-            #   https://support.google.com/a/answer/6140680
-            ['550', '5.7.1', 'daily smtp relay limit exceeded for customer'],
           ],
           'userunknown' => [
             # - 550 5.1.1 The email account that you tried to reach does not exist. Please try dou-
@@ -228,15 +237,14 @@ module Sisimai
         # @return   [String]                The bounce reason for Google Workspace
         # @see      https://support.google.com/a/answer/3726730?hl=en
         def get(argvs)
-          return argvs.reason unless argvs.reason.empty?
-          return '' if argvs.diagnosticcode.empty?
-          return '' if argvs.replycode.empty?
-          return '' if argvs.deliverystatus.empty?
-          return '' unless argvs.deliverystatus =~ /\A[245][.]\d[.]\d+\z/
+          return argvs['reason'] unless argvs['reason'].empty?
+          return '' if argvs['diagnosticcode'].empty?
+          return '' unless Sisimai::SMTP::Reply.test(argvs['replycode'])
+          return '' unless Sisimai::SMTP::Status.test(argvs['deliverystatus'])
 
-          statuscode = argvs.deliverystatus[2,6]
-          esmtpreply = argvs.replycode[1,2]
-          esmtperror = argvs.diagnosticcode.downcase
+          statuscode = argvs['deliverystatus'][2,6]
+          esmtpreply = argvs['replycode'][1,2]
+          esmtperror = argvs['diagnosticcode'].downcase
           reasontext = ''
 
           MessagesOf.each_key do |e|

data/lib/sisimai/rhost/iua.rb

@@ -1,11 +1,10 @@
 module Sisimai
   module Rhost
-    # Sisimai::Rhost detects the bounce reason from the content of Sisimai::Data
-    # object as an argument of get() method when the value of "rhost" of the object
-    # is "*.email.ua". This class is called only Sisimai::Data class.
+    # Sisimai::Rhost detects the bounce reason from the content of Sisimai::Fact object as an argument
+    # of get() method when the value of "rhost" of the object is "*.email.ua". This class is called
+    # only Sisimai::Fact class.
     module IUA
       class << self
-        # Imported from p5-Sisimail/lib/Sisimai/Rhost/IUA.pm
         ErrorCodes = {
           # http://mail.i.ua/err/$(CODE)
           '1'  => 'norelaying',  # The use of SMTP as mail gate is forbidden.
@@ -21,15 +20,15 @@ module Sisimai
         }.freeze
 
         # Detect bounce reason from https://www.i.ua/
-        # @param    [Sisimai::Data] argvs   Parsed email object
+        # @param    [Sisimai::Fact] argvs   Parsed email object
         # @return   [String]                The bounce reason at https://www.i.ua/
         def get(argvs)
-          return argvs.reason unless argvs.reason.empty?
+          return argvs['reason'] unless argvs['reason'].empty?
+          issuedcode = argvs['diagnosticcode'].downcase
+          codenumber = issuedcode.index('.i.ua/err/') > 0 ? issuedcode[issuedcode.index('/err/') + 5, 2] : 0
+          codenumber = codenumber[0, 1] if codenumber.index('/') == 1
 
-          if cv = argvs.diagnosticcode.downcase.match(%r|[.]i[.]ua/err/(\d+)|)
-            return ErrorCodes[cv[1]] || ''
-          end
-          return ''
+          return ErrorCodes[codenumber] || ''
         end
 
       end

data/lib/sisimai/rhost/kddi.rb

@@ -1,27 +1,25 @@
 module Sisimai
   module Rhost
-    # Sisimai::Rhost detects the bounce reason from the content of Sisimai::Data
-    # object as an argument of get() method when the value of "rhost" of the object
-    # is "lsean.ezweb.ne.jp" or "msmx.au.com".
-    # This class is called only Sisimai::Data class.
+    # Sisimai::Rhost detects the bounce reason from the content of Sisimai::Fact object as an argument
+    # of get() method when the value of "rhost" of the object is "lsean.ezweb.ne.jp" or "msmx.au.com".
+    # This class is called only Sisimai::Fact class.
     module KDDI
       class << self
-        # Imported from p5-Sisimail/lib/Sisimai/Rhost/KDDI.pm
         MessagesOf = {
           'filtered'    => '550 : User unknown',  # The response was: 550 : User unknown
           'userunknown' => '>: User unknown',     # The response was: 550 <...>: User unknown
         }.freeze
 
         # Detect bounce reason from au (KDDI)
-        # @param    [Sisimai::Data] argvs   Parsed email object
+        # @param    [Sisimai::Fact] argvs   Parsed email object
         # @return   [String]                The bounce reason for au.com or ezweb.ne.jp
         def get(argvs)
-          statusmesg = argvs.diagnosticcode
+          statusmesg = argvs['diagnosticcode']
           reasontext = ''
 
           MessagesOf.each_key do |e|
             # Try to match the error message with message patterns defined in $MessagesOf
-            next unless statusmesg.end_with?(MessagesOf[e])
+            next unless statusmesg.include?(MessagesOf[e])
             reasontext = e
             break
           end

data/lib/sisimai/rhost/{exchangeonline.rb → microsoft.rb}

@@ -1,15 +1,70 @@
 module Sisimai
   module Rhost
-    # Sisimai::Rhost detects the bounce reason from the content of Sisimai::Data
-    # object as an argument of get() method when the value of "rhost" of the object
-    # is "*.protection.outlook.com". This class is called only Sisimai::Data class.
-    # 
+    # Sisimai::Rhost detects the bounce reason from the content of Sisimai::Fact object as an argument
+    # of get() method when the value of "rhost" of the object is *.protection.outlook.com. This class
+    # is called only Sisimai::Fact class.
+    #
     # https://technet.microsoft.com/en-us/library/bb232118
     # https://learn.microsoft.com/en-us/Exchange/mail-flow-best-practices/non-delivery-reports-in-exchange-online/non-delivery-reports-in-exchange-online
     # https://learn.microsoft.com/en-us/Exchange/mail-flow/non-delivery-reports-and-bounce-messages/non-delivery-reports-and-bounce-messages
-    module ExchangeOnline
+    module Microsoft
       class << self
         MessagesOf = {
+          'authfailure' => [
+            # - Access denied, a message sent over IPv6 [2a01:111:f200:2004::240] must pass either
+            #   SPF or DKIM validation, this message is not signed
+            # - The sending message sent over IPv6 must pass either SPF or DKIM.
+            ['4.7.26', 0, 0, 'must pass either spf or dkim validation, this message is not signed'],
+
+            # - Records are DNSSEC authentic, but one or multiple of these scenarios occurred:
+            #   - The destination mail server's certificate doesn't match with what is expected per
+            #     the authentic TLSA record.
+            #   - Authentic TLSA record is misconfigured.
+            #   - Destination domain is being attacked.
+            #   - Any other DANE failure.
+            # - This message usually indicates an issue on the destination email server. Check the
+            #   validity of recipient address and determine if the destination server is configured
+            #   correctly to receive messages. 
+            # - For more information about DANE, see: https://datatracker.ietf.org/doc/html/rfc7671
+            ['4.7.323', 0, 0, 'tlsa-invalid: The domain failed dane validation'],
+            ['5.7.323', 0, 0, 'tlsa-invalid: The domain failed dane validation'],
+
+            # - The destination domain indicated it was DNSSEC-authentic, but Exchange Online was 
+            #   not able to verify it as DNSSEC-authentic.
+            ['4.7.324', 0, 0, 'dnssec-invalid: destination domain returned invalid dnssec records'],
+            ['5.7.324', 0, 0, 'dnssec-invalid: destination domain returned invalid dnssec records'],
+
+            # - This happens when the presented certificate identities (CN and SAN) of a destina-
+            #   tion SMTP target host don't match any of the domains or MX host.
+            # - This message usually indicates an issue on the destination email server. Check the
+            #   validity of recipient address and determine if the destination server is configured
+            #   correctly to receive messages. For more information, see How SMTP DNS-based Authen-
+            #   tication of Named Entities (DANE) works to secure email communications.
+            ['4.7.325', 0, 0, 'certificate-host-mismatch: remote certificate must have a common name or subject alternative name matching the hostname (dane)'],
+            ['5.7.325', 0, 0, 'certificate-host-mismatch: remote certificate must have a common name or subject alternative name matching the hostname (dane)'],
+
+            # - The destination email system uses SPF to validate inbound mail, and there's a prob-
+            #   lem with your SPF configuration.
+            ['5.7.23', 0, 0, 'the message was rejected because of sender policy framework violation'],
+
+            # - DNSSEC checks have passed, yet upon establishing the connection the destination
+            #   mail server provides a certificate that is expired.
+            # - A valid X.509 certificate that isn't expired must be presented. X.509 certificates
+            #   must be renewed after their expiration, commonly annually.
+            ['5.7.322', 0, 0, "certificate-expired: destination mail server's certificate is expired"],
+
+            # - Access denied, sending domain [$SenderDomain] does not pass DMARC verification
+            # - The sender's domain in the 5322.From address doesn't pass DMARC.
+            ['5.7.509', 0, 0, 'does not pass dmarc verification'],
+          ],
+          'badreputation' => [
+            # Undocumented error messages ---------------------------------------------------------
+            # - status=deferred (host outlook-com.olc.protection.outlook.com[192.0.2.255] said:
+            #   451 4.7.650 The mail server [192.0.2.5] has been temporarily rate limited due to IP
+            #   reputation. For e-mail delivery information, see https://postmaster.live.com (S775)
+            #   [***.prod.protection.outlook.com] (in reply to MAIL FROM command))
+            ['4.7.650', 0, 0, 'has been temporarily rate limited due to ip reputation'],
+          ],
           'blocked' => [
             # Exchange Server 2019 ----------------------------------------------------------------
             # - Transient network issues or server problems that might eventually correct them-
@@ -87,58 +142,6 @@ module Sisimai
             # - 550 5.7.1 Unfortunately, messages from [10.0.2.5] weren't sent. Please contact your
             #   Internet service provider since part of their network is on our block list (S3150). 
             ['5.7.1', 0, 0, 'part of their network is on our block list (s3150)'],
-
-            # - Access denied, a message sent over IPv6 [2a01:111:f200:2004::240] must pass either
-            #   SPF or DKIM validation, this message is not signed
-            # - The sending message sent over IPv6 must pass either SPF or DKIM.
-            ['4.7.26', 0, 0, 'must pass either spf or dkim validation, this message is not signed'],
-
-            # - Records are DNSSEC authentic, but one or multiple of these scenarios occurred:
-            #   - The destination mail server's certificate doesn't match with what is expected per
-            #     the authentic TLSA record.
-            #   - Authentic TLSA record is misconfigured.
-            #   - Destination domain is being attacked.
-            #   - Any other DANE failure.
-            # - This message usually indicates an issue on the destination email server. Check the
-            #   validity of recipient address and determine if the destination server is configured
-            #   correctly to receive messages. 
-            # - For more information about DANE, see: https://datatracker.ietf.org/doc/html/rfc7671
-            ['4.7.323', 0, 0, 'tlsa-invalid: The domain failed dane validation'],
-            ['5.7.323', 0, 0, 'tlsa-invalid: The domain failed dane validation'],
-
-            # - The destination domain indicated it was DNSSEC-authentic, but Exchange Online was 
-            #   not able to verify it as DNSSEC-authentic.
-            ['4.7.324', 0, 0, 'dnssec-invalid: destination domain returned invalid dnssec records'],
-            ['5.7.324', 0, 0, 'dnssec-invalid: destination domain returned invalid dnssec records'],
-
-            # - This happens when the presented certificate identities (CN and SAN) of a destina-
-            #   tion SMTP target host don't match any of the domains or MX host.
-            # - This message usually indicates an issue on the destination email server. Check the
-            #   validity of recipient address and determine if the destination server is configured
-            #   correctly to receive messages. For more information, see How SMTP DNS-based Authen-
-            #   tication of Named Entities (DANE) works to secure email communications.
-            ['4.7.325', 0, 0, 'certificate-host-mismatch: remote certificate must have a common name or subject alternative name matching the hostname (dane)'],
-            ['5.7.325', 0, 0, 'certificate-host-mismatch: remote certificate must have a common name or subject alternative name matching the hostname (dane)'],
-
-            # - The destination email system uses SPF to validate inbound mail, and there's a prob-
-            #   lem with your SPF configuration.
-            ['5.7.23', 0, 0, 'the message was rejected because of sender policy framework violation'],
-
-            # - DNSSEC checks have passed, yet upon establishing the connection the destination
-            #   mail server provides a certificate that is expired.
-            # - A valid X.509 certificate that isn't expired must be presented. X.509 certificates
-            #   must be renewed after their expiration, commonly annually.
-            ['5.7.322', 0, 0, "certificate-expired: destination mail server's certificate is expired"],
-
-            # - Access denied, sending domain [$SenderDomain] does not pass DMARC verification
-            # - The sender's domain in the 5322.From address doesn't pass DMARC.
-            ['5.7.509', 0, 0, 'does not pass dmarc verification'],
-            # Undocumented error messages ---------------------------------------------------------
-            # - status=deferred (host outlook-com.olc.protection.outlook.com[192.0.2.255] said:
-            #   451 4.7.650 The mail server [192.0.2.5] has been temporarily rate limited due to IP
-            #   reputation. For e-mail delivery information, see https://postmaster.live.com (S775)
-            #   [***.prod.protection.outlook.com] (in reply to MAIL FROM command))
-            ['4.7.650', 0, 0, 'has been temporarily rate limited due to ip reputation'],
           ],
           'contenterror' => [
             # Exchange Server 2019 ----------------------------------------------------------------
@@ -477,6 +480,53 @@ module Sisimai
             ['5.2.1', 0, 0, 'content filter agent quarantined this message'],
           ],
           'speeding' => [
+            # Exchange Online ---------------------------------------------------------------------
+	        # - The recipient mailbox's ability to accept messages is being throttled because it's
+            #   receiving too many messages too quickly. This is done so a single recipient's mail
+            #   processing doesn't unfairly impact other recipients sharing the same mailbox data-
+            #   base.
+            ['4.3.2', 0, 0, 'storedrv.deliver; recipient thread limit exceeded'],
+
+            # - The sender has exceeded the recipient rate limit as described in Sending limits.
+            # - This could indicate the account has been compromised and is being used to send
+            #   spam.
+            ['5.1.90', 0, 0, "your message can't be sent because you've reached your daily limit for message recipients"],
+
+            # - The sender has exceeded the recipient rate limit or the message rate limit as de-
+            #   scribed in Sending limits.
+            # - This could indicate the account has been compromised and is being used to send
+            #   spam.
+            ['5.2.2', 0, 0, 'submission quota exceeded'],
+
+            # - The sender has exceeded the maximum number of messages they're allowed to send per
+            #   hour to a specific recipient in Exchange Online.
+            # - The automated mailer or sender should try again later, and reduce the number of
+            #   messages they send per hour to a specific recipient. This limit helps protect
+            #   Microsoft 365 or Office 365 users from rapidly filling their inboxes with a large
+            #   number of messages from errant automated notification systems or other single-send-
+            #   er mail storms.
+            ['5.2.121', 0, 0, "recipient's per hour message receive limit from specific sender exceeded"],
+
+            # - The Microsoft 365 or Office 365 recipient has exceeded the number of messages they
+            #   can receive per hour from all senders.
+            # - The automated mailer or sender should try again later, and reduce the number of
+            #   messages they send per hour to a specific recipient. This limit helps protect
+            #   Microsoft 365 and Office 365 users from rapidly filling their inboxes with a large
+            #   number of messages from errant automated notification systems or other mail storms.
+            ['5.2.122', 0, 0, "recipient's per hour message receive limit exceeded"],
+
+            # - Access denied, [$SenderIPAddress] has exceeded permitted limits within $range range
+            # - The sender's IPv6 range has attempted to send too many messages in too short a time
+            #   period.
+            ['5.7.508', 0, 0, 'has exceeded permitted limits within'],
+
+            # - The majority of traffic from this tenant has been detected as suspicious and has
+            #   resulted in a ban on sending ability for the tenant.
+            # - Ensure that any compromises or open relays have been resolved, and then contact
+            #   support through your regular channel. For more information, see Fix email delivery
+            #   issues for error codes 5.7.700 through 5.7.750 in Exchange Online.
+            ['5.7.', 700, 749, 'access denied, tenant has exceeded threshold'],
+            ['5.7.', 700, 749, 'access denied, traffic not accepted from this ip'],
           ],
           'suspend' => [
             # Exchange Online ---------------------------------------------------------------------
@@ -588,54 +638,6 @@ module Sisimai
 
             # Previous versions of Exchange Server ------------------------------------------------
             ['5.2.122', 0, 0, 'the recipient has exceeded their limit for'],
-
-            # Exchange Online ---------------------------------------------------------------------
-            # - The recipient mailbox's ability to accept messages is being throttled because it's
-            #   receiving too many messages too quickly. This is done so a single recipient's mail
-            #   processing doesn't unfairly impact other recipients sharing the same mailbox data-
-            #   base.
-            ['4.3.2', 0, 0, 'storedrv.deliver; recipient thread limit exceeded'],
-
-            # - The sender has exceeded the recipient rate limit as described in Sending limits.
-            # - This could indicate the account has been compromised and is being used to send
-            #   spam.
-            ['5.1.90', 0, 0, "your message can't be sent because you've reached your daily limit for message recipients"],
-
-            # - The sender has exceeded the recipient rate limit or the message rate limit as de-
-            #   scribed in Sending limits.
-            # - This could indicate the account has been compromised and is being used to send
-            #   spam.
-            ['5.2.2', 0, 0, 'submission quota exceeded'],
-
-            # - The sender has exceeded the maximum number of messages they're allowed to send per
-            #   hour to a specific recipient in Exchange Online.
-            # - The automated mailer or sender should try again later, and reduce the number of
-            #   messages they send per hour to a specific recipient. This limit helps protect
-            #   Microsoft 365 or Office 365 users from rapidly filling their inboxes with a large
-            #   number of messages from errant automated notification systems or other single-send-
-            #   er mail storms.
-            ['5.2.121', 0, 0, "recipient's per hour message receive limit from specific sender exceeded"],
-
-            # - The Microsoft 365 or Office 365 recipient has exceeded the number of messages they
-            #   can receive per hour from all senders.
-            # - The automated mailer or sender should try again later, and reduce the number of
-            #   messages they send per hour to a specific recipient. This limit helps protect
-            #   Microsoft 365 and Office 365 users from rapidly filling their inboxes with a large
-            #   number of messages from errant automated notification systems or other mail storms.
-            ['5.2.122', 0, 0, "recipient's per hour message receive limit exceeded"],
-
-            # - Access denied, [$SenderIPAddress] has exceeded permitted limits within $range range
-            # - The sender's IPv6 range has attempted to send too many messages in too short a time
-            #   period.
-            ['5.7.508', 0, 0, 'has exceeded permitted limits within'],
-
-            # - The majority of traffic from this tenant has been detected as suspicious and has
-            #   resulted in a ban on sending ability for the tenant.
-            # - Ensure that any compromises or open relays have been resolved, and then contact
-            #   support through your regular channel. For more information, see Fix email delivery
-            #   issues for error codes 5.7.700 through 5.7.750 in Exchange Online.
-            ['5.7.', 700, 749, 'access denied, tenant has exceeded threshold'],
-            ['5.7.', 700, 749, 'access denied, traffic not accepted from this ip'],
           ],
           'userunknown' => [
             # Exchange Server 2019 ----------------------------------------------------------------
@@ -700,17 +702,17 @@ module Sisimai
           ],
         }.freeze
 
-        # Detect bounce reason from Exchange Online
-        # @param    [Sisimai::Data] argvs   Parsed email object
+        # Detect bounce reason from Exchange Server 2019 or older and Exchange Online
+        # @param    [Sisimai::Fact] argvs   Parsed email object
         # @return   [String]                The bounce reason for Exchange Online
         def get(argvs)
-          return argvs.reason unless argvs.reason.empty?
-          return '' if argvs.diagnosticcode.empty?
-          return '' if argvs.deliverystatus.empty?
-          return '' unless argvs.deliverystatus =~ /\A[245][.]\d[.]\d+\z/
+          return argvs['reason'] unless argvs['reason'].empty?
+          return '' if argvs['diagnosticcode'].empty?
+          return '' if argvs['deliverystatus'].empty?
+          return '' unless Sisimai::SMTP::Status.test(argvs['deliverystatus'])
 
-          statuscode = argvs.deliverystatus
-          esmtperror = argvs.diagnosticcode.downcase
+          statuscode = argvs['deliverystatus']
+          esmtperror = argvs['diagnosticcode'].downcase
           thirddigit = statuscode.split('.')[-1].to_i
           reasontext = ''
 
@@ -735,7 +737,6 @@ module Sisimai
             break unless reasontext.empty?
           end
 
-
           return reasontext
         end