Puzzling problem sending emails from one server to another.
Sending from Server-01 pr#example.camp TO Server-02 eman#example.edu.au
Server 02 bounces with sender verify fail for <pr#example.camp>: Unrouteable address
On Server-02 running dig MX example.camp resolves fine with:
;; ANSWER SECTION:
mus.camp. 2869 IN MX 10 server01-aus.emanwebdesign.com.
mus.camp. 2869 IN MX 0 server01-aus.emanwebdesign.com.
;; AUTHORITY SECTION:
mus.camp. 2869 IN NS ns10.domaincontrol.com.
mus.camp. 2869 IN NS ns09.domaincontrol.com.
Also from Server-02 I can telnet into port 25 of mus.camp and verify the existence of the email address (pr#...).
Any clues as to why Exim's sender verify is failing?
Edit
exim -bvs pr#example.camp returns
pr#example.camp failed to verify: Unrouteable address
Worked out the problem was that the mus.camp domain was originally hosted on Server-02 but then moved to Server-01. Server-02 however was still trying to lookup the email address within itself instead of going to Server-01.
To solve the problem I deleted the mail and dns records from Server-02. (using VestaCP).
Related
I use a Centos Server in Windows HyperV. When I was sent a mail over this server, I get an error mail.
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
serefseven#gmail.com
host gmail-smtp-in.l.google.com [66.102.1.26]
SMTP error from remote mail server after end of data:
550-5.7.1 [185.124.86.138] The IP address sending this message does not have a
550-5.7.1 PTR record setup. As a policy, Gmail does not accept messages from
550-5.7.1 IPs with missing PTR records. Please visit
550-5.7.1 https://support.google.com/mail/answer/81126#authentication for more
550 5.7.1 information. y187si26143569wmc.112 - gsmtp
Reporting-MTA: dns; ln1.postoflscell.com
Action: failed
Final-Recipient: rfc822;serefseven#gmail.com
Status: 5.0.0
Remote-MTA: dns; gmail-smtp-in.l.google.com
Diagnostic-Code: smtp; 550-5.7.1 [185.124.86.138] The IP address sending this message does not have a
550-5.7.1 PTR record setup. As a policy, Gmail does not accept messages from
550-5.7.1 IPs with missing PTR records. Please visit
550-5.7.1 https://support.google.com/mail/answer/81126#authentication for more
550 5.7.1 information. y187si26143569wmc.112 - gsmtp
mxtollbox.com smtp test result :
SMTP Reverse DNS Mismatch Reverse DNS does not contain the hostname
SMTP Banner Check Reverse DNS does not match SMTP Banner
SMTP TLS Warning - Does not support TLS.
SMTP Transaction Time 15.485 seconds - Not good! on Transaction Time
SMTP Valid Hostname OK - Reverse DNS is a valid Hostname
SMTP Connection Time 0 seconds - Good on Connection time
SMTP Open Relay OK - Not an open relay.
how to fix this problem?
As the error states, The IP address sending this message does not have a PTR record setup, so you need to set the PTR record for 185.124.86.138 (it is quite usual that receiving mail server requires this). Reverse DNS is controlled by whoever "owns" the IP address, so you should probably contact Bilgehosting to set the record for you)
" Slowly, as time goes on we are getting more messages lost in spam filters that we are sending to clients.
I think it's because our SPF isn't set right."
Trouble shooting and error Reports:
I used the SPF wizard from:
http://www.spfwizard.net/
From kitterman.com:
http://www.kitterman.com/spf/validate.html
ISP used to block some info....
[The TXT records found for your domain are:
"v=spf1 mx a ip4:216.216.123.224.168/24 a:209.My outgoing WAN IP.2 include:cidc.telus.com ~all"
Checking to see if there is a valid SPF record.
No valid SPF record found of either type TXT or type SPF.]
Internally we send outgoing mail to 192.168.1.3, (it's a barracuda) it then sends to our ISP relay (smtp.ISP.net)
Our MX records seem fine. but the MX records are nto the senders of the outbound emails.
If I pull the header from a received email:
[Received: from smtp01.cidc.telus.com (smtp01.cidc.telus.com. [216.123.224.168])
by mx.google.com with ESMTP id rr4si1383765pac.48.2014.10.09.10.18.03
for <**"ME"**#gmail.com>;
Thu, 09 Oct 2014 10:18:04 -0700 (PDT)
Received-SPF: permerror (google.com: domain of **"ME"#"company"**.ca uses a mechanism not recognized by this client. unknown mechanisms: )) client-ip=216.123.224.168;
Authentication-Results: mx.google.com;
spf=permerror (google.com: domain of "ME"#"company".ca uses a mechanism not recognized by this client. unknown mechanisms: )) smtp.mail="ME"#"company".ca
Received: (qmail 25065 invoked from network); 9 Oct 2014 17:18:03 -0000
Received: from host2."WAN IP".209.in-addr.arpa (HELO smtp."company".ca) (209."WAN IP".2)]
Kinda Pulling my hair out on this.... Any ideas?
It appears that your SPF policy contains a syntax error. Such errors result in SPF "permerror", meaning the SPF evaluation fails. This alone should not cause your email to be blacklisted, but you may not receive a higher reputation score that might come with SPF "pass". In this sense, an invalid SPF policy may cause lower deliverability.
In any case, if your policy is anything like the one you posted
v=spf1 mx a ip4:216.216.123.224.168/24 a:<valid-ip> include:cidc.telus.com ~all"
then the issue is likely that the ip4 mechanism argument network-spec is invalid (216.216.123.224.168/24 should be just 216.123.224.168/24).
Also, the a mechanism argument must be a domain expression and not an IPv4 address, because the a mechanism verifies if the IP address being tested is among the IPs for the a mechanism argument domain.
If your actual SPF policy is different, please update your question with the current policy string and possibly the domain name to see how it is represented in DNS.
I recently installed Postfix, Dovecot to setup a mail server on my own VPS ( using this tutorial: Email with Postfix, Dovecot, Mysql)
Imaps server uses port 993 for Authentication, and Postfix uses port 25 to send mails.
In this tutorial, users stored in a Database ( so imaps use mysql to authenticate users).
i'm sure every thing works fine with imaps and postfix , because few days ago i installed Kmail client (on my linux) and receive mails from my server. sending mails also works fine, i sent a mail to Gmail and google received it without a problem (in my "Gmail inbox" not spam folder)
So to get to my Emails from a web mail client, i installed Roundcube on /var/www/mail directory.
I configured Roundcube many times. but each time it gives me this Error:
IMAP Error: Login failed for [me#mydomain] from X.x.X.x . Empty
startup greeting (localhost:993) in
/var/www/mm/program/lib/Roundcube/rcube_imap.php on line 184 (POST
/mm/?_task=login?_task=login&_action=login)
When i do log in from roundcube, imap server says ( in /var/log/mail.log ):
May 20 07:05:16 my-server dovecot: imap-login: Disconnected (no auth
attempts): rip=::1, lip=::1, TLS handshaking: Disconnected
Here is my roundcube config file :
$config['db_dsnw'] = 'mysql://roundcubeuser:myPassword#localhost/roundcubemail';
// ----------------------------------
// IMAP
// ----------------------------------
$config['debug_level'] = 13;
$config['default_host'] = 'ssl://127.0.0.1';
$config['default_port'] = 993;
// ----------------------------------
// SMTP
// ----------------------------------
$config['smtp_server'] = 'ssl://localhost';
What's the problem? i really have no idea what is happening !
Thank you.
I'm using postfix + dovecot + roundcube a few months now and it's working for me. In my configuration, postfix rejects plaintext sessions, so roundcube has to connect with ssl - and it's working.
This is from my main.inc.php. I don't remember editing anything here, it's just the initial config created during the installation.
Now that I'm looking at it, default_port doesn't make any sense, I think it's just ignored.
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// Supported replacement variables:
// %n - http hostname ($_SERVER['SERVER_NAME'])
// %d - domain (http hostname without the first part)
// %s - domain name after the '#' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %d = domain.tld
// TCP port used for IMAP connections
$rcmail_config['default_port'] = 143;
$rcmail_config['default_host'] = array("ssl://localhost:993");
// TCP port used for IMAP connections
$rcmail_config['default_port'] = 143;
In case the other answer does not work, this is what worked for me. My config.inc.php now contains:
$config['default_host'] = 'ssl://localhost';
$config['default_port'] = 993;
NOTE: using tls://localhost did not work for me. I had to specify ssl:// as the URI scheme.
Via PhpMyAdmin, I also ran this SQL command (all my user accounts are on the same machine that runs RoundCube):
UPDATE `rc_users` SET `mail_host`='ssl://localhost'
I got the port number 993 from running sudo netstat -tulnp in order to determine the port on which Dovecot was listening.
I have had a small issue with my EC2 email capabilities. While I am able to send emails from ec2 to my Yahoo Mail account, Gmail stopped receiving my EC2 emails as of 23 hours ago (ie, 23 hours ago, I could do the following and it would work.
mail("jetmail250#gmail.com", $subject, $message, $headers).
The code I use to send mail from my EC2 server is shown below. I checked all my spam box, filters, etc. in Gmail and have not seen any mail sent to my Gmail. In order to isolate the problem, I sent redirected all the messages sent from my EC2 from my Gmail to my Yahoo. And EC2 does successfully send emails to my Yahoo Mail account, with the modified code hilighted in orange below
I use this email feature on my website (www.JethroChan.com/contact.php) to allow people to use my form to send me emails directly from my website. My Gmail is the sole reciever of these emails from my Website's contact form.
<?php
//send email
$subject = $_REQUEST['subject'] ;
$headers = $_REQUEST['headers'] ;
$message = $_REQUEST['message'] ;
mail("jetmail250#yahoo.com (this was #gmail.com to a Valid Gmail account earlier)", $subject, $message, $headers);
//echo "Email Sent!";
?>
Please help me see why only Yahoo, and Not Google is capable of receiving my EC2 emails as of today :D
Generally speaking, its not recommended that you sent email directly from an ec2 instance. They have been used and and abused by spammers since day one, and many many email ISPs have taken the drastic step of blacklisting the entire range IP's used by EC2 from receiving email, just assuming it is all spam.
Much better to use amazon SES, which will cost next to nothing and is very simple drop-in replacement for your SMTP. It needs to be setup/verified, but after that it is pretty seamless. For what you are doing, it will probably cost you less than 10 cents a month.
http://aws.amazon.com/ses/
In order to maintain the quality of EC2 addresses for sending email, we enforce default limits on the amount of email that can be sent from EC2 accounts. If you wish to send larger amounts of email from EC2, you can apply to have these limits removed from your account by filling out this form
You can test mail connectivity with a simple telnet application :
find the address of the GMAIL mail relay
```
$ dig gmail.com
; <<>> DiG 9.8.3-P1 <<>> gmail.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16340
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;gmail.com. IN A
;; ANSWER SECTION:
gmail.com. 300 IN A 173.194.65.83
gmail.com. 300 IN A 173.194.65.17
gmail.com. 300 IN A 173.194.65.18
gmail.com. 300 IN A 173.194.65.19
;; AUTHORITY SECTION:
gmail.com. 108850 IN NS ns1.google.com.
gmail.com. 108850 IN NS ns2.google.com.
gmail.com. 108850 IN NS ns4.google.com.
gmail.com. 108850 IN NS ns3.google.com.
;; ADDITIONAL SECTION:
ns1.google.com. 24566 IN A 216.239.32.10
ns2.google.com. 173323 IN A 216.239.34.10
ns3.google.com. 173323 IN A 216.239.36.10
ns4.google.com. 173323 IN A 216.239.38.10
;; Query time: 46 msec
;; SERVER: 77.241.230.245#53(77.241.230.245)
;; WHEN: Sat Mar 29 08:18:46 2014
;; MSG SIZE rcvd: 234
telnet on port 25 and issue the following sequence :
```
$ telnet 173.194.65.83 25
Trying 173.194.65.83...
Connected to ee-in-f83.1e100.net.
Escape character is '^]'.
220 waldorf.attingo.nl ESMTP Exim 4.74 (Debian) Sat, 29 Mar 2014 08:21:56 +0100
helo sst
250 waldorf.attingo.nl Hello sst [77.241.230.246]
mail from:<seb#example.com>
250 OK
rcpt to:<seb#myaddress.com>
250 Accepted
data
354 Enter message, ending with "." on a line by itself
From:Seb
To:Seb
Subject:Test
Hello SMTP
.
250 OK id=1WTnb2-0003N9-2g
quit
221 waldorf.attingo.nl closing connection
Connection closed by foreign host.
(be sure to substitute the Mail From and RcptTo: with valid email addresses)
I've got a problem with Gmail.
It started after one of our trojan infected PCs sent spam for one day from our IP address.
We've fixed the problem, but we got into 3 black lists. We've fixed that, too. But still every time we send an email to Gmail the message is rejected:
So I've checked Google Bulk Sender's guide once again and found an error in our SPF record and fixed it. Google says everything should become fine after some time, but this doesn't happen. 3 weeks already passed but we still can't send emails to Gmail.
Our mail setup is a bit complex, but not too much. We have a domain name delo-company.com, it has it's own mail #delo-company.com (this one is fine, but the problems are with sub-domain name corp.delo-company.com).
Delo-company.com domain has several DNS records fro its subdomain:
corp A 82.209.198.147
corp MX 20 corp.delo-company.com
corp.delo-company.com TXT "v=spf1 ip4:82.209.198.147 ~all"
(I set ~all for testing purposes only, it was -all before that)
These records are for our corporate Exchange 2003 server at 82.209.198.147. Its LAN name is s2.corp.delo-company.com so its HELO/EHLO greetings are also s2.corp.delo-company.com.
To pass EHLO check we've also created some records in delo-company.com's DNS:
s2.corp A 82.209.198.147
s2.corp.delo-company.com TXT "v=spf1 ip4:82.209.198.147 ~all"
As I understand SPF verifications should be passed in this way:
Out server s2 connects to MX of the recepient (Rcp.MX): EHLO s2.corp.delo-company.com
Rcp.MX says Ok, and makes SPF check of HELO/EHLO. It does NSlookup for s2.corp.delo-company.com and gets the above DNS-records. TXT records says that s2.corp.delo-company.com should be only from IP 82.209.198.147. So it should be passed.
Then our s2 server says RCPT FROM: <supruniuk-p#corp.delo-company.com>
Rcp.MX` server checks it, too. The values are the same so they should also be positive.
Maybe there is also a rDNS check, but I'm not sure what is checked HELO or RCPT FROM.
Our PTR record for 82.209.198.147 is:
147.198.209.82.in-addr.arpa. 86400 IN PTR s2.corp.delo-company.com.
To me everything looks fine, but anyway all emails are rejected by Gmail.
So, I've checked MXtoolbox.com - it says everything is fine, I passed http://www.kitterman.com/spf/validate.html Python check, I did 25port.com email test. It's fine, too:
Return-Path: <supruniuk-p#corp.delo-company.com>
Received: from s2.corp.delo-company.com (82.209.198.147) by verifier.port25.com id ha45na11u9cs for <check-auth#verifier.port25.com>; Fri, 2 Mar 2012 13:03:21 -0500 (envelope-from <supruniuk-p#corp.delo-company.com>)
Authentication-Results: verifier.port25.com; spf=pass smtp.mailfrom=supruniuk-p#corp.delo-company.com
Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) header.From=supruniuk-p#corp.delo-company.com
Authentication-Results: verifier.port25.com; dkim=neutral (message not signed)
Authentication-Results: verifier.port25.com; sender-id=pass header.From=supruniuk-p#corp.delo-company.com
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01CCF89E.BE02A069"
Subject: test
Date: Fri, 2 Mar 2012 21:03:15 +0300
X-MimeOLE: Produced By Microsoft Exchange V6.5
Message-ID: <4C9EB1DB67831A428B2E14052F4A418707E1FF#s2.corp.delo-company.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: test
Thread-Index: Acz4jS34oznvbyFQR4S5rXsNQFvTdg==
From: =?koi8-r?B?89XQ0tXOwMsg8MHXxcw=?= <supruniuk-p#corp.delo-company.com>
To: <check-auth#verifier.port25.com>
I also checked with spf-test#openspf.net, but it FAILs all the time, no matter which SPF records I make:
<s2.corp.delo-company.com #5.7.1 smtp;550 5.7.1 <spf-test#openspf.net>: Recipient address rejected: SPF Tests: Mail-From Result="softfail": Mail From="supruniuk-p#corp.delo-company.com" HELO name="s2.corp.delo-company.com" HELO Result="softfail" Remote IP="82.209.198.147">
I've filled Gmail form twice, but nothing happens.
We do not send spam, only emails for our clients. 2 or 3 times we did mass emails (like New Year Greetings and sales promos) from corp.delo-company.com addresses, but they where all complying to Gmail Bulk Sender's Guide (I mean SPF, Open Relays, Precedence: Bulk and Unsubscribe tags). So, this should be not a problem.
Please, help me. What am I doing wrong?
I've been having serious problems with gmail rejecting legitimate mail. Somewhere I read a suggestion to delete URLs from your signature file. To my amazement, this worked. (My mail client is Eudora, which some of you may dimly remember.)
Hope it helps.
Gmail have now a postmaster tool you can check your domain/ip reputation, spam rate and in the "Authentication" area you can check DKIM/SPF/DMARC works correctly.
https://gmail.com/postmaster/
I recommend to use the CNAME record for authentication, if you are using the default TXT record also on SPF query this entry return.