I have had a small issue with my EC2 email capabilities. While I am able to send emails from ec2 to my Yahoo Mail account, Gmail stopped receiving my EC2 emails as of 23 hours ago (ie, 23 hours ago, I could do the following and it would work.
mail("jetmail250#gmail.com", $subject, $message, $headers).
The code I use to send mail from my EC2 server is shown below. I checked all my spam box, filters, etc. in Gmail and have not seen any mail sent to my Gmail. In order to isolate the problem, I sent redirected all the messages sent from my EC2 from my Gmail to my Yahoo. And EC2 does successfully send emails to my Yahoo Mail account, with the modified code hilighted in orange below
I use this email feature on my website (www.JethroChan.com/contact.php) to allow people to use my form to send me emails directly from my website. My Gmail is the sole reciever of these emails from my Website's contact form.
<?php
//send email
$subject = $_REQUEST['subject'] ;
$headers = $_REQUEST['headers'] ;
$message = $_REQUEST['message'] ;
mail("jetmail250#yahoo.com (this was #gmail.com to a Valid Gmail account earlier)", $subject, $message, $headers);
//echo "Email Sent!";
?>
Please help me see why only Yahoo, and Not Google is capable of receiving my EC2 emails as of today :D
Generally speaking, its not recommended that you sent email directly from an ec2 instance. They have been used and and abused by spammers since day one, and many many email ISPs have taken the drastic step of blacklisting the entire range IP's used by EC2 from receiving email, just assuming it is all spam.
Much better to use amazon SES, which will cost next to nothing and is very simple drop-in replacement for your SMTP. It needs to be setup/verified, but after that it is pretty seamless. For what you are doing, it will probably cost you less than 10 cents a month.
http://aws.amazon.com/ses/
In order to maintain the quality of EC2 addresses for sending email, we enforce default limits on the amount of email that can be sent from EC2 accounts. If you wish to send larger amounts of email from EC2, you can apply to have these limits removed from your account by filling out this form
You can test mail connectivity with a simple telnet application :
find the address of the GMAIL mail relay
```
$ dig gmail.com
; <<>> DiG 9.8.3-P1 <<>> gmail.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16340
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;gmail.com. IN A
;; ANSWER SECTION:
gmail.com. 300 IN A 173.194.65.83
gmail.com. 300 IN A 173.194.65.17
gmail.com. 300 IN A 173.194.65.18
gmail.com. 300 IN A 173.194.65.19
;; AUTHORITY SECTION:
gmail.com. 108850 IN NS ns1.google.com.
gmail.com. 108850 IN NS ns2.google.com.
gmail.com. 108850 IN NS ns4.google.com.
gmail.com. 108850 IN NS ns3.google.com.
;; ADDITIONAL SECTION:
ns1.google.com. 24566 IN A 216.239.32.10
ns2.google.com. 173323 IN A 216.239.34.10
ns3.google.com. 173323 IN A 216.239.36.10
ns4.google.com. 173323 IN A 216.239.38.10
;; Query time: 46 msec
;; SERVER: 77.241.230.245#53(77.241.230.245)
;; WHEN: Sat Mar 29 08:18:46 2014
;; MSG SIZE rcvd: 234
telnet on port 25 and issue the following sequence :
```
$ telnet 173.194.65.83 25
Trying 173.194.65.83...
Connected to ee-in-f83.1e100.net.
Escape character is '^]'.
220 waldorf.attingo.nl ESMTP Exim 4.74 (Debian) Sat, 29 Mar 2014 08:21:56 +0100
helo sst
250 waldorf.attingo.nl Hello sst [77.241.230.246]
mail from:<seb#example.com>
250 OK
rcpt to:<seb#myaddress.com>
250 Accepted
data
354 Enter message, ending with "." on a line by itself
From:Seb
To:Seb
Subject:Test
Hello SMTP
.
250 OK id=1WTnb2-0003N9-2g
quit
221 waldorf.attingo.nl closing connection
Connection closed by foreign host.
(be sure to substitute the Mail From and RcptTo: with valid email addresses)
Related
I'm attempting to utilize SendGrid's inbound parse feature which parses any email sent to a specific subdomain and posts the data to an endpoint you provide.
This requires setting an MX record for your subdomain and pointing it at the SendGrid server.
I added the record in my DNS management and when I run dig mx it successfully shows the record
~ dig mx email.2x4game.com
; <<>> DiG 9.10.6 <<>> mx email.2x4game.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31172
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;email.2x4game.com. IN MX
;; ANSWER SECTION:
email.2x4game.com. 3600 IN MX 10 mx.sendgrid.net.
However, when I try to send an email to an address at the subdomain via Gmail, the email bounces and the error says
DNS Error: DNS type 'mx' lookup of email.2x4game.com responded with code NXDOMAIN Domain name not found: email.2x4game.com
Is there some additional step that I'm missing to be able to send emails to this subdomain?
The solution was to wait some time. After waiting 24+ hours, I am able to send emails to the subdomain and SendGrid is detecting them accordingly.
Puzzling problem sending emails from one server to another.
Sending from Server-01 pr#example.camp TO Server-02 eman#example.edu.au
Server 02 bounces with sender verify fail for <pr#example.camp>: Unrouteable address
On Server-02 running dig MX example.camp resolves fine with:
;; ANSWER SECTION:
mus.camp. 2869 IN MX 10 server01-aus.emanwebdesign.com.
mus.camp. 2869 IN MX 0 server01-aus.emanwebdesign.com.
;; AUTHORITY SECTION:
mus.camp. 2869 IN NS ns10.domaincontrol.com.
mus.camp. 2869 IN NS ns09.domaincontrol.com.
Also from Server-02 I can telnet into port 25 of mus.camp and verify the existence of the email address (pr#...).
Any clues as to why Exim's sender verify is failing?
Edit
exim -bvs pr#example.camp returns
pr#example.camp failed to verify: Unrouteable address
Worked out the problem was that the mus.camp domain was originally hosted on Server-02 but then moved to Server-01. Server-02 however was still trying to lookup the email address within itself instead of going to Server-01.
To solve the problem I deleted the mail and dns records from Server-02. (using VestaCP).
I want to use telnet to send an e-mail with SMTP. It seemed that I had connect to the mail service successfully. And the message had been put in the queue too. But why did the SMTP service failed to send the message to the received address?
When I searched the solution by the internet, someone had said that firewall should paid it. But I have no idea about the relationship between the firewall or antivirus software and telnet.
This is my command:
220 smtp-5-124.smtpsmail.fmail.xd.sinanode.com ESMTP
helo a
250 smtp-5-124.smtpsmail.fmail.xd.sinanode.com
auth login
334 VXNlcd5hbWU6
a25vd215aGV2341241fasYS5jbg==
334 UGFzczdvcmQ6
UmF5V2adfa23adsfZzgyNA==
235 OK Authenticated
mail from: <knowmyheart#sina.cn>
502 unimplemented (#5.5.1)
mail from:<knowmyheart#sina.cn>
553 Envolope sender mismatch with login user..
mail from:<knowmyheart#sina.cn>
250 ok
rcpt to:<517447201#qq.com>
250 ok
data
354 End data with <CR><LF>.<CR><LF>
subject: test
to:<517447201#qq.com>
from:<knowmyheart#sina.cn>
Testttttttttttttt!
.
250 ok queue id 6744281442287
451 Timeout.
By the way, I tried it both on Windows 10 and Ubuntu-15.10. And both of them failed with the same question.
Finally, I found where I was wrong.
In my previous case,I failed to send a e-mail with the above code.I had succeeded in connecting with the SMTP server, and everything worked except the "Timeout" response. Actually, the "Timeout" didn't mean I failed to send a e-mail but lose the TCP connection. Hours Later, I login my e-mail, which was used for sending, finding that I receive a mail. The mail told me the e-mail I sent hours before with telnet was given back, failing to post. So it meant that the reason was hardly because of my telnet client, but in server or something else.
Finally, I found that it was because of my mail format. In my previous code, after I sending keyword -- "data", I immediately send the content.
data
354 End data with <CR><LF>.<CR><LF>
subject: test
to:<517447201#qq.com>
from:<knowmyheart#sina.cn>
Testttttttttttttt!
.
250 ok queue id 6744281442287
When I changed it to this, it worked.
data
354 End data with <CR><LF>.<CR><LF>
subject: test
to:<517447201#qq.com>
from:<knowmyheart#sina.cn>
Testttttttttttttt!
.
250 ok queue id 6744281442287
Notice that the difference between the codes is the empty line before the content in this mail. "subject", "to" and "from" are the headers. Between the header and the content, there must be an empty line.
Similarly, the headers in mail can be ignored. The code is like this:
data
354 End data with <CR><LF>.<CR><LF>
Testttttttttttttt!
.
250 ok queue id 6744281442287
451 Timeout.
Even if there is a "Timeout", it affect nothing but break the tcp connection between localhost and smtp server.
Long time user and first time poster on stack-overflow but I'm a bit stumped.
A few months ago I bought and set up a virtual machine running CentOS 6 so that I could host a few websites and a mail server for myself and a few clients. I set the entire thing up myself from the Unix knowledge I already had, including the mail server - which was at the time something I had never done before.
The mail server is working as intended, dovecot enforces IMAP logins and everything was running smoothly, until recently when I noticed one of the domains has been sending mail from un-registered users.
To give you an extract from the log at /var/log/maillog
s18646572 postfix/qmgr[3763]: 45A9520F2DF8A: from=<daisy_gibson#friendsdomain.uk>, size=1321, nrcpt=1 (queue active)
s18646572 postfix/qmgr[3763]: A98FC20F2D350: from=<regina_reeves#friendsdomain.uk>, size=1420, nrcpt=1 (queue active)
s18646572 postfix/qmgr[3763]: E45E820F2DD3A: from=<robyn_holland#friendsdomain.uk>, size=1334, nrcpt=1 (queue active)
s18646572 postfix/qmgr[3763]: AD06220F28246: from=<lorraine_murphy#friendsdomain.uk>, size=1393, nrcpt=1 (queue active)
s18646572 postfix/qmgr[3763]: DC00D1849D7CC: from=<kristine_gardner#friendsdomain.uk>, size=1401, nrcpt=1 (queue active)
s18646572 postfix/qmgr[3763]: 890EE20F28F2A: from=<mae_shaw#friendsdomain.uk>, size=1418, nrcpt=1 (queue active)
So from what I can gather somebody is using his domain "friendsdomain.uk" but also piggybacking on our SMTP server to send the mail, given that it's being deposited into our queue.
I found a tool online to help test SMTP relay and managed to configure some rules to prevent SMTP relays - at least through this tools. Users now need to be SASL authenticated in order to send mail.
However, the mail is still going out - postfix doesn't seem to be stopping the spam at all which leads me to believe that whoever is using the server is already authenticated. I've changed the passwords of all users but that doesn't seem to have halted the problem - and the logs don't indicate which user is being used to send the mail.
Extract of my postfix config below:
### SMTP Setup ###
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination
broken_sasl_auth_clients = yes
smtpd_sender_login_maps = hash:/etc/postfix/sender_login_maps
smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = permit_sasl_authenticated, reject_sender_login_mismatch, reject_unauthenticated_sender_login_mismatch, reject_unlisted_sender
I added the SMTP_sender restrictions following some other answers I found on the site - which seemingly prevented the relaying at least.
I paused the SMTP server and inspected a few of the mail items in the queue, extract below.
Subject: 1 New SnapF#ck AlertN=X-PHP-Originating-Script: 48:plugin.php(1959) : eval()'d codeN$
Date: Wed, 9 Dec 2015 22:02:26 +0000N5From: Kelly Fleming <kelly_fleming#friendsdomain.uk>N#Message-ID: <64b6713d232e7a4f88e85344aac5cc9c#friendsdomain.uk>N
X-Priority: 3w
0NCX-Mailer: PHPMailer 5.2.9 (https://github.com/PHPMailer/PHPMailer/)N
The headers indicate that whoever is doing this is using a PHP mailer
SO the problem still remains, people are sending spam using my SMTP server - I need a way to either user logins for the User logins, unless an account has been compromised in which case I need a way to find out which. I can't simply suspend the accounts as the genuine users still need access to their email - however now we're receiving so many hits that the TCP sockets are preventing other services from running.
Any advice would be greatly appreciated.
Thanks.
Solved the mystery (somewhat)
The mail was coming internally from one of our hosted sites. Either the site has been configured to use the SMTP with authentication or was not required to authenticate because it was on localhost.
The clue was in the sending error logs
Dec 10 11:35:15 s18646572 postfix/pickup[6439]: 9A7BA20F29112: uid=48 from=<sally_weaver#friendomain.uk>
The user id of the sender UID=48 indicated that it was a local user, and after checking the passwd file this was confirmed to be the apache user.
It is now evident that some part of the website hosted on frienddomain.uk is being exploited to send spam, and after suspending the website and restarting services the mail ceased.
The problem now is finding and removing the exploit, however if you wish you can disable the mail() function in your php.ini file.
I've got a problem with Gmail.
It started after one of our trojan infected PCs sent spam for one day from our IP address.
We've fixed the problem, but we got into 3 black lists. We've fixed that, too. But still every time we send an email to Gmail the message is rejected:
So I've checked Google Bulk Sender's guide once again and found an error in our SPF record and fixed it. Google says everything should become fine after some time, but this doesn't happen. 3 weeks already passed but we still can't send emails to Gmail.
Our mail setup is a bit complex, but not too much. We have a domain name delo-company.com, it has it's own mail #delo-company.com (this one is fine, but the problems are with sub-domain name corp.delo-company.com).
Delo-company.com domain has several DNS records fro its subdomain:
corp A 82.209.198.147
corp MX 20 corp.delo-company.com
corp.delo-company.com TXT "v=spf1 ip4:82.209.198.147 ~all"
(I set ~all for testing purposes only, it was -all before that)
These records are for our corporate Exchange 2003 server at 82.209.198.147. Its LAN name is s2.corp.delo-company.com so its HELO/EHLO greetings are also s2.corp.delo-company.com.
To pass EHLO check we've also created some records in delo-company.com's DNS:
s2.corp A 82.209.198.147
s2.corp.delo-company.com TXT "v=spf1 ip4:82.209.198.147 ~all"
As I understand SPF verifications should be passed in this way:
Out server s2 connects to MX of the recepient (Rcp.MX): EHLO s2.corp.delo-company.com
Rcp.MX says Ok, and makes SPF check of HELO/EHLO. It does NSlookup for s2.corp.delo-company.com and gets the above DNS-records. TXT records says that s2.corp.delo-company.com should be only from IP 82.209.198.147. So it should be passed.
Then our s2 server says RCPT FROM: <supruniuk-p#corp.delo-company.com>
Rcp.MX` server checks it, too. The values are the same so they should also be positive.
Maybe there is also a rDNS check, but I'm not sure what is checked HELO or RCPT FROM.
Our PTR record for 82.209.198.147 is:
147.198.209.82.in-addr.arpa. 86400 IN PTR s2.corp.delo-company.com.
To me everything looks fine, but anyway all emails are rejected by Gmail.
So, I've checked MXtoolbox.com - it says everything is fine, I passed http://www.kitterman.com/spf/validate.html Python check, I did 25port.com email test. It's fine, too:
Return-Path: <supruniuk-p#corp.delo-company.com>
Received: from s2.corp.delo-company.com (82.209.198.147) by verifier.port25.com id ha45na11u9cs for <check-auth#verifier.port25.com>; Fri, 2 Mar 2012 13:03:21 -0500 (envelope-from <supruniuk-p#corp.delo-company.com>)
Authentication-Results: verifier.port25.com; spf=pass smtp.mailfrom=supruniuk-p#corp.delo-company.com
Authentication-Results: verifier.port25.com; domainkeys=neutral (message not signed) header.From=supruniuk-p#corp.delo-company.com
Authentication-Results: verifier.port25.com; dkim=neutral (message not signed)
Authentication-Results: verifier.port25.com; sender-id=pass header.From=supruniuk-p#corp.delo-company.com
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01CCF89E.BE02A069"
Subject: test
Date: Fri, 2 Mar 2012 21:03:15 +0300
X-MimeOLE: Produced By Microsoft Exchange V6.5
Message-ID: <4C9EB1DB67831A428B2E14052F4A418707E1FF#s2.corp.delo-company.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: test
Thread-Index: Acz4jS34oznvbyFQR4S5rXsNQFvTdg==
From: =?koi8-r?B?89XQ0tXOwMsg8MHXxcw=?= <supruniuk-p#corp.delo-company.com>
To: <check-auth#verifier.port25.com>
I also checked with spf-test#openspf.net, but it FAILs all the time, no matter which SPF records I make:
<s2.corp.delo-company.com #5.7.1 smtp;550 5.7.1 <spf-test#openspf.net>: Recipient address rejected: SPF Tests: Mail-From Result="softfail": Mail From="supruniuk-p#corp.delo-company.com" HELO name="s2.corp.delo-company.com" HELO Result="softfail" Remote IP="82.209.198.147">
I've filled Gmail form twice, but nothing happens.
We do not send spam, only emails for our clients. 2 or 3 times we did mass emails (like New Year Greetings and sales promos) from corp.delo-company.com addresses, but they where all complying to Gmail Bulk Sender's Guide (I mean SPF, Open Relays, Precedence: Bulk and Unsubscribe tags). So, this should be not a problem.
Please, help me. What am I doing wrong?
I've been having serious problems with gmail rejecting legitimate mail. Somewhere I read a suggestion to delete URLs from your signature file. To my amazement, this worked. (My mail client is Eudora, which some of you may dimly remember.)
Hope it helps.
Gmail have now a postmaster tool you can check your domain/ip reputation, spam rate and in the "Authentication" area you can check DKIM/SPF/DMARC works correctly.
https://gmail.com/postmaster/
I recommend to use the CNAME record for authentication, if you are using the default TXT record also on SPF query this entry return.