I'm using XAMPP to a work project. Some months ago I could configure the mail sender with Sendmail using our Gmail account (with corporative domain) and worked very well; however some weeks ago the mail sender don't work and honestly I don't idea what happened if don't change anything.
This is what I have:
php.ini:
[mail function]
SMTP=smtp.gmail.com
smtp_port=587
sendmail_from = mycorporative-id#gmail.com
sendmail_path = "C:\xampp\sendmail\sendmail.exe -t"
;mail.force_extra_parameters =
mail.add_x_header=On
;mail.log =
;mail.log = syslog
sendmail.ini:
[sendmail]
smtp_server=smtp.gmail.com
smtp_port=587
smtp_ssl=auto
;default_domain=mydomain.com
error_logfile=error.log
debug_logfile=debug.log
auth_username=mycorporative-id#gmail.com
auth_password=**********
pop3_server=
pop3_username=
pop3_password=
force_sender=mycorporative-id#gmail.com
force_recipient=
hostname=
And in the Apache log error file, I have this errors:
[Mon Feb 19 00:02:51.017896 2018] [:error] [pid 4144:tid 1776] [client x.x.x.x:56714] ERROR: mail not sent to (usermail#anythinghere.com) because of Language string failed to load: tls<p>SMTP server error: K\x0c, referer: .../main/auth/lostPassword.php
[Mon Feb 19 00:02:51.017896 2018] [:error] [pid 4144:tid 1776] [client x.x.x.x:56714] Connection details :: Protocol: smtp :: Host/Port: smtp.gmail.com:587 :: Authent/Open: Authent :: User/Pass: mycorporative-id#gmail.com:********, referer: .../main/auth/lostPassword.php
Do you have any idea what happen here? As I say you, I don't change anything; if you need more info, please ask me. Thank you for you attention and help.
Related
I have plesk 12.5.30 on my server which is often blacklisted on Symantec Mail Security reputation.
The ip is new (I have purchased the server on 13.02.2017).
Also my ip is blacklisted on BACKSCATTERER.
Seeing the log of postfix I have a lot of entries like
Mar 22 14:51:43 server postfix/smtpd[14204]: connect from 75-143-80-240.dhcp.aubn.al.charter.com[75.143.80.240]
Mar 22 14:51:45 server postfix/smtpd[14204]: lost connection after EHLO from 75-143-80-240.dhcp.aubn.al.charter.com[75.143.80.240]
Mar 22 14:51:45 server postfix/smtpd[14204]: disconnect from 75-143-80-240.dhcp.aubn.al.charter.com[75.143.80.240]
Mar 22 14:51:50 server postfix/smtpd[14204]: connect from 128.128.72.76.cable.dhcp.goeaston.net[76.72.128.128]
Mar 22 14:51:51 server postfix/smtpd[14204]: lost connection after EHLO from 128.128.72.76.cable.dhcp.goeaston.net[76.72.128.128]
Mar 22 14:51:51 server postfix/smtpd[14204]: disconnect from 128.128.72.76.cable.dhcp.goeaston.net[76.72.128.128]
Mar 22 14:52:19 server postfix/smtpd[14204]: connect from mail.dedeckeraccountants.be[91.183.46.186]
Mar 22 14:52:19 server postfix/smtpd[14204]: disconnect from mail.dedeckeraccountants.be[91.183.46.186]
I have
Changed the smtp port to a non standard one (9456)
Installed firewall and fail2ban on plesk and setted as in image
Setted mail settings of plesk as in image
Installed a spamassasin
I have noticed also that some days ago i have lines in log like these
Mar 19 06:47:00 server postfix/smtp[13517]: CCC1C510023D: to=<229e7dc3183452c7d3290d1ba28f073e#www.lablue.de>, relay=none, delay=235637, delays=235636/0.05/0.09/0, dsn=4.4.1, status=deferred (connect to www.lablue.de[217.22.195.26]:25: Connection refused)
Mar 19 06:47:00 server postfix/smtp[13503]: 7EDD55100138: to=<Weber226#brockel.kirche-rotenburg.de>, relay=kirche-rotenburg-verden.de[136.243.213.122]:25, delay=239980, delays=239979/0.01/0.35/0.1, dsn=4.0.0, status=deferred (host kirche-rotenburg-verden.de[136.243.213.122] said: 451 Temporary local problem - please try later (in reply to RCPT TO command))
Mar 19 06:47:00 server postfix/smtp[13504]: 97B055100233: to=<office#angerlehner.at>, relay=none, delay=222922, delays=222922/0.01/0.64/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=angerlehner.at type=MX: Host not found, try again)
Mar 19 06:47:00 server postfix/smtp[13509]: 1E15F510019B: host mx1.leventboru.com.tr[89.19.1.69] said: 450 4.7.1 Recipient address rejected: Requested action not taken: mailbox unavailable or not local (in reply to RCPT TO command)
And i noticed a very long mail queue in plesk settings (i have deleted all mail in queue)
Any advice to block this attack??
Thanks in advance
Edit: I want to share my plesk-postfix settings
[plesk-postfix]
enabled = true
filter = postfix-sasl
action = iptables-multiport[name="plesk-postfix", port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp]
logpath = /var/log/maillog
maxretry = 2
There is somenthing can i improve here?
You might consider to use a Fail2Ban - filter with the following regex - expressions:
failregex = ^%(__prefix_line)slost connection after (AUTH|UNKNOWN|EHLO) from [^\[]*\[<HOST>\]\s*$
If you need further Fail2Ban regex - expressions, pls. consider to ADD the corresponding log - file entries, because some general standart ones may not suit your needs or/and your qmail/postfix/imap-courier/dovecot version, installed on your server. ;-)
Edit:
In order to be more precise, I now add the full suggestion, incl. the regex, that #MattiaDiGiuseppe already used in his comments - it's just a bit better formatted this way.
[Definition]
_daemon = postfix(-\w+)?/(?:submission/|smtps/)?smtp[ds]
failregex = ^%(__prefix_line)swarning: (.*?)does not resolve to address <HOST>: Name or service not known$
^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:[ A-Za-z0-9+/:]*={0,2})?\s*$
^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 .* Relay access denied.*$
^%(__prefix_line)sSSL_accept error from \S+\s*\[<HOST>\]: lost connection$
^%(__prefix_line)sSSL_accept error from \S+\s*\[<HOST>\]: -1$
^%(__prefix_line)slost connection after (AUTH|UNKNOWN|EHLO) from [^\[]*\[<HOST>\]\s*$
ignoreregex = authentication failed: Connection lost to authentication server$
Pls. consider to have a look at all standart filters ( for Fail2Ban 0.10 AND older versions), by visiting:
=> https://github.com/fail2ban/fail2ban/tree/0.10/config/filter.d
If you desire to view the standarts for older versions, just click on the "Branch: 0.10" dropdpwn - button, pls.
i have a problem with sending email from my server to hotmail and gmail. seems the mail is just dropped, no returned bounce email notices etc. the emails just vanish. I have looked around for solutions on the net but nothing seems to help. below are the email headers of one mail which is send correctly to another big provider, without any problem. As i cant make any sense of it as to why hotmail is rejecting these mails, i hope someone can make something of it and give me directions on maybe a solution:
Return-Path: <s----#----.nl>
Delivered-To: <s----#ziggo.nl>
Received: from md2.tb.mail.iss.local ([212.54.34.152])
by mc7.tb.mail.iss.local (Dovecot) with LMTP id lQqGGXGJuFUZJAAAqQNqOQ
for <s----#ziggo.nl>; Wed, 29 Jul 2015 10:10:01 +0200
Received: from mx24.gn.mail.iss.as9143.net ([212.54.34.152])
by md2.tb.mail.iss.local (Dovecot) with LMTP id lPAPLTGvolV/XgAAH7GgQA
; Wed, 29 Jul 2015 10:12:41 +0200
Received: from mail.lastikweb.eu ([185.10.49.172])
by mx24.gn.mail.iss.as9143.net with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
(Exim 4.82)
(envelope-from <s----#----.nl>)
id 1ZKMR6-0001UG-T6
for sleenheer#ziggo.nl; Wed, 29 Jul 2015 10:10:00 +0200
Received: from localhost ([127.0.0.1] helo=aicit.nl)
by mail.lastikweb.eu with esmtpa (Exim 4.76)
(envelope-from <s----#----.nl>)
id 1ZKMR6-0001R8-EW
for s----#ziggo.nl; Wed, 29 Jul 2015 10:10:00 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
format=flowed
Content-Transfer-Encoding: 7bit
Date: Wed, 29 Jul 2015 10:10:00 +0200
From: s----#----.nl
To: s----#ziggo.nl
Subject: mail headers
Message-ID: <8670b9ca857e112fbc307d29ee84ccb2#aicit.nl>
X-Sender: s----#----.nl
User-Agent: Roundcube Webmail/0.9.5
X-Ziggo-spamsetting: Instelling=Gemiddeld Scorelimiet=14
X-Ziggo-spambar: /
X-Ziggo-spamscore: 0.0
X-Ziggo-spamreport: CMAE Analysis: v=2.1 cv=DeLq0aZW c=1 sm=0 tr=0 a=cWpRTkv7rqSFuHP3f9xSTw==:17 a=XVisR3dVAAAA:8 a=cIF5Tx0qAAAA:8 a=drCK43fGrOkA:10 a=IkcTkHD0fZMA:10 a=zOBTXjUuO1YA:10 a=nS36O97Bj3wUElCrIrAA:9 a=QEXdDO2ut3YA:10 xcat=Undefined/Undefined
none
X-Ziggo-Spam-Status: No
X-Spam-Status: No
X-Spam-Flag: No
test
I have dkim installed, tested all settings with mxtoolbox (dns, smtp etc) al seems to be right, but still Hotmail and Gmail is not accepting emails from my server (which holds about 25 domains, all sending through this server).
thanks!
Gmail ending up in spam is related to designated user not being able to send out through main server. case you have server: mail.server.com and you are sending mail with my.domain.com, the spf record needs to hold the ip6 of mail.server.com in spf. Obviously rDNS needs to be correct. For the hotmail problem, this is purely microsoft. you can check up with support from outlook.com, but only thing you get is "we dont block your server, although some emails are filtered. this can be caused by mitigation time, which can take up to 48 hours". Thats it. No messages are returned, simply dropped. Maybe msn.com outlook.com and live.com are experiencing the same problem.
Mail server using sendmail+dovecot ,
I have a problem from returned mail system.
When I changed old_domain to new_domain.com,
smtp server works fine, but returned mail have wrong message:
The original message was received at Wed, 20 Aug 2014 09:24:41 +0800
from old_domain.com [xx.xx.xx.xx]
----- The following addresses had permanent fatal errors -----
<asdddxzx#gmsddf.vcom>
(reason: 550 Host unknown)
----- Transcript of session follows -----
550 5.1.2 <asdddxzx#gmsddf.vcom>... Host unknown (Name server: gmsddf.vcom: host not found)
this is error message in Mail Delivery Subsystem sent back:
Reporting-MTA: dns; new_domain.com
Received-From-MTA: DNS; old_domain.com
Arrival-Date: Wed, 20 Aug 2014 16:28:02 +0800
Final-Recipient: RFC822; asdddd#fma.ckfs
Action: failed
Status: 5.1.2
Remote-MTA: DNS; fma.ckfs
Diagnostic-Code: SMTP; 550 Host unknown
Last-Attempt-Date: Wed, 20 Aug 2014 16:28:05 +0800
I found the answer!
sendmail server uses Hostname setting and host setting
so make sure your setting is correct
/etc/hosts
/etc/sysconfig/network
and it works fine!
We use SugarCRM CE 6.5.16 on Centos 6.5.
I am getting this error :
Wed Apr 9 15:37:10 2014 [10389][1][ERROR] Unable to load custom logic file: include/SugarSearchEngine/SugarSearchEngineQueueManager.php
The real problem is that i dont receive emails from my inbound email.
They are all set up.I added the cron job to the crontab. Well actually I receive some emails, like 3 or 4 from 100. In the schedulers the job status is "running" and last successful run is "Never".
Every other scheduler job has a status "Done" and has last successful run.
I repaired inbound emails , scheduler jobs but with no effect.
The only thing i found is this :
http://suitecrm.com/forum/search?query=SugarSearchEngineQueueManager&searchdate=all&childforums=1
So I commented out this code and i no longer get the error but still I don't receive emails.
I don't know what else to do.
Please help me if you can !Thanks !
EDIT
I found that
"This file is only included in PRO version and it's useless in Community Edition.
Code Fix:
1. Comment code in /custom/Extension/application/Ext/LogicHooks/SugarFTSHooks.php
Do a Fast Rebuild from Administration (index.php?module=Administration&action=repair). This process will rebuild the piece of code that uses the SugarCRM to call inexistent file SugarSearchEngineQueueManager /custom/application/Ext/LogicHooks/logichooks.ext.php"
So I commented out the code and did the rebuild (yeah i did it before but now i know for sure that this file should not be in Sugarcrm CE )
The error doesn't show anymore but my scheduler still stays "running" and nothings happens , except:
When i did this (What Matthew Poer said) , I received 4 emails just like before... so something is causing a problem.
delete from job_queue where scheduler_id = 'THE_SCHEDULER_ID';
update schedulers set last_run = subdate(now(),360) where id = 'THE_SCHEDULER_ID';
EDIT 2:
This is from php error_log
[Sun Apr 13 03:34:27 2014] [notice] Digest: generating secret for digest authentication ...
[Sun Apr 13 03:34:27 2014] [notice] Digest: done
[Sun Apr 13 03:34:33 2014] [notice] Apache/2.2.15 (Unix) DAV/2 mod_nss/2.2.15 NSS/3.14.0.0 Basic ECC PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips mod_wsgi/3.2 Python/2.6.6 mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal operations
[Sun Apr 13 12:22:52 2014] [error] [client 122.155.18.51] File does not exist: /usr/share/phpMyAdmin/translators.html
[Sun Apr 13 13:45:31 2014] [error] [client 122.155.18.51] File does not exist: /usr/share/phpMyAdmin/translators.html
[Sun Apr 13 15:43:39 2014] [error] [client 66.249.66.74] File does not exist: /opt/otrs/var/httpd/htdocs/js/js-cache/ModuleJS_784dc12bf89d72db064caa6e8690168b.js
[Sun Apr 13 15:43:40 2014] [error] [client 66.249.66.74] File does not exist: /opt/otrs/var/httpd/htdocs/skins/Customer/default/css-cache/CommonCSS_b1f924c426a0e1a9f1553197a2ce25a4.css
[Sun Apr 13 15:43:41 2014] [error] [client 66.249.66.74] File does not exist: /opt/otrs/var/httpd/htdocs/js/js-cache/CommonJS_7f98ddff2f339e3b515f7901d82600bb.js
[Mon Apr 14 11:09:04 2014] [error] [client 192.168.10.1] PHP Warning: file_get_contents(): php_network_getaddresses: getaddrinfo failed: Name or service not known in /usr/share/phpMyAdmin/version_check.php on line 16, referer: http://support.expert-m.net/phpmyadmin/main.php?token=d2e60372f8b5d6d53f0c3c80a536be27
[Mon Apr 14 11:09:04 2014] [error] [client 192.168.10.1] PHP Warning: file_get_contents(http://www.phpmyadmin.net/home_page/version.json): failed to open stream: php_network_getaddresses: getaddrinfo failed: Name or service not known in /usr/share/phpMyAdmin/version_check.php on line 16, referer: http://support.expert-m.net/phpmyadmin/main.php?token=d2e60372f8b5d6d53f0c3c80a536be27
[Mon Apr 14 12:45:25 2014] [error] [client 178.235.72.68] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
This is from the logs folder of SugarCRM, error.log
[Mon Apr 14 08:58:59 2014] [error] [client 192.168.10.1] PHP Notice: Undefined index: 8854a79c-6171-036c-e7df-534548e8bc81 in /var/www/sugarcrm/public_html/modules/Emails/EmailUIAjax.php on line 879, referer: http://sugarcrm.support.expert-m.net/index.php?module=Emails&action=index&parentTab=All
[Mon Apr 14 08:58:59 2014] [error] [client 192.168.10.1] PHP Notice: Undefined index: 8854a79c-6171-036c-e7df-534548e8bc81 in /var/www/sugarcrm/public_html/modules/Emails/EmailUIAjax.php on line 880, referer: http://sugarcrm.support.expert-m.net/index.php?module=Emails&action=index&parentTab=All
[Mon Apr 14 11:22:17 2014] [error] [client 192.168.10.1] PHP Notice: Undefined index: 8854a79c-6171-036c-e7df-534548e8bc81 in /var/www/sugarcrm/public_html/modules/Emails/EmailUIAjax.php on line 879, referer: http://sugarcrm.support.expert-m.net/index.php?module=Emails&action=index&parentTab=All
[Mon Apr 14 11:22:17 2014] [error] [client 192.168.10.1] PHP Notice: Undefined index: 8854a79c-6171-036c-e7df-534548e8bc81 in /var/www/sugarcrm/public_html/modules/Emails/EmailUIAjax.php on line 880, referer: http://sugarcrm.support.expert-m.net/index.php?module=Emails&action=index&parentTab=All
[Mon Apr 14 11:24:47 2014] [error] [client 192.168.10.1] File does not exist: /var/www/sugarcrm/public_html/favicon.ico
I didn't paste all the info from the logs. There is more but the errors are repeating.
The file include/SugarSearchEngine/SugarSearchEngineQueueManager.php won't exist in your system because it's a Pro+ feature.
To reset a scheduler entry that got "stuck," delete the scheduler information from the job queue in the database and reset the last_run value. Find the ID of the scheduler from the URL within SugarCRM or by select id,name from schedulers. Once you have the ID of this scheduler, run this two queries:
delete from job_queue where scheduler_id = 'THE_SCHEDULER_ID';
update schedulers set last_run = subdate(now(),360) where id = 'THE_SCHEDULER_ID';
I've been frequently receiving emails with the subject line "failure notice" and I've included one example below.
Should I be concerned about this and what, if any actions do I have available, as it looks like my email address is being used as the return path.
Note I have changed the details sightly to "mydomain.co.uk", the email that is not mine to "removed_not_my_email#yahoo.com" and my email to "my_email#mydomain.co.uk"
Hi. This is the qmail-send program at mydomain.co.uk.
I tried to deliver a bounce message to this address, but the bounce bounced!
<removed_not_my_email#yahoo.com>:
98.136.217.202 failed after I sent the message.
Remote host said: 554 delivery error: dd This user doesn't have a yahoo.com account (removed_not_my_email#yahoo.com) [0] - mta1335.mail.gq1.yahoo.com
--- Below this line is the original bounce.
Return-Path: <>
Received: (qmail 9093 invoked for bounce); 12 Mar 2014 11:08:39 +0100
Date: 12 Mar 2014 11:08:39 +0100
From: MAILER-DAEMON#mydomain.co.uk
To: removed_not_my_email#yahoo.com
Subject: failure notice
Hi. This is the qmail-send program at mydomain.co.uk.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<moggiex#gmail.com>:
173.194.68.26 failed after I sent the message.
Remote host said: 552-5.7.0 This message was blocked because its content presents a potential
552-5.7.0 security issue. Please visit http://support.google.com/mail/bin/answe
552-5.7.0 r.py?answer=6590 to review our message content and attachment content
552 5.7.0 guidelines. s4si12659992qan.75 - gsmtp
--- Below this line is a copy of the message.
Return-Path: <removed_not_my_email#yahoo.com>
Received: (qmail 9089 invoked by uid 110); 12 Mar 2014 11:08:37 +0100
Delivered-To: mydomain.co.uk-my_email#mydomain.co.uk
Received: (qmail 9083 invoked from network); 12 Mar 2014 11:08:37 +0100
Received: from triband-del-59.177.226.218.bol.net.in (59.177.226.218)
by mydomain.co.uk with SMTP; 12 Mar 2014 11:08:32 +0100
Received: from apache by sdsgtchsccutvijfsjftr. with local (Exim 4.63)
(envelope-from <removed_not_my_email#yahoo.com>)
id YMVXBT-G78HLB-XN
for <my_email#mydomain.co.uk>; Wed, 12 Mar 2014 15:38:31 +0530
To: <my_email#mydomain.co.uk>
Subject: Image has been sent my_email
Date: Wed, 12 Mar 2014 15:38:31 +0530
From: "Evernote service" <removed_not_my_email#yahoo.com>
Message-ID: <7CC92FB2B133AA0F3984DE6BA6E33439#sdsgtchsccutvijfsjftr.>
X-Priority: 3
X-Mailer: PHPMailer 5.1 (phpmailer.sourceforge.net)
MIME-Version: 1.0
etc...
There is no verification on the sender in SMTP. Anyone can send email from whatever emailadress they can think of.
Spam & malware is distributed using this fact. Circumventing certain spamfilters because the sender-address/return-path seems legitimate.
The notice that 'content presents a potential 552-5.7.0 security issue' could mean that an executable was attached. Maybe harmless, but probably a virus or malware.
Not nice, but also not much you can do about it.
To avoid your email address being used, in the future, as source of this practice, protect your email address.
Don't post it on webpages in clear.
Use a temporary emailaddress when subscribing to sites and or mailinglists.