SMTP Mail Failures to a certain domain - email

Do the SMTP logs on a server (Windows 2003) only show logs of mail that were sent successfully?
We are getting bounce backs when sending mail to a particular domain:
The connection was dropped by the remote host.
It looks like a problem on the receiving server, but we dont have much information to provide them. We can send to hotmail, gmail, yahoo etc OK.
Any ideas?

Most likely, there is a spam filter in front of the receiving mail server for this domain, and this spam filter thinks your mail server is sending spam, so it's closing the connection from your mail server. One way to test this is to simulate sending a message to this mail server by opening a command prompt on your mail server, and use telnet to connect to the receiving mail server on port 25, and proceed with the process of sending a message just as a mail server would. This way, you'll be able to see how the receiving mail server responds after each step. Follow the instructions in http://support.microsoft.com/kb/153119 to see how this is done.

It turned out the sending server was blacklisted by McAfee, that was running on the receiving servers firewall.
For those that may have the problem in the future you can check if your server is blacklisted with McAfee here:
http://www.mcafee.com/threat-intelligence/ip/spam-senders.aspx
After entering your server IP, you should see a link Threat Feedback. Use this to email McAfee.
I was able to send McAfee an email with an explanation, they then removed our server from the blacklist.

Related

How to setup minimal smtp server on localhost to send messages to other smtp servers

Honestly, I think I have a fundamental gap in understanding how SMTP works. I can't seem to find a good explanation of what is happening behind the scenes and I think this is preventing me from being able to do what I am attempting to do.
To explain, I'm trying to setup an application which sends notifications to users by connecting to an SMTP server. Fair enough. I figure, since I'm using my own domain, I have SPF/DKIM/DMARC configured, I can add an MX record for the host I set the application up on (my SPF record has the mx keyword to authorize any hosts in my MX records to send/receive mails). Then, I can have that same host run a super lightweight SMTP server that can accept mails from the application, and send them on to recipients.
Almost crucially, I want this server to basically just run on localhost so that only this application can connect and send mails through it, but so that it can't really "receive" mails sent to my domain (I have set the MX priority very low (well, a high number) for this app server). I figure since I'm running my own SMTP server, that I don't really need to authenticate against it (it's running on localhost), just take in any mail and send it on to recipient domains.
When sending on to recipient domains... does the SMTP server need to authenticate to say, the gmail SMTP server as a user in order to send mails over there? That seems weird, since it's not a user logging into gmail to send mails, it's an SMTP server that is authorized within SPF sending mail from my domain (From address from my domain as well) to where ever the app server user's email is based (in this example, the user would be e.g., some_user#gmail.com).
I tried using python's aiosmtpd command-line and telnet to send a mail from test#MY_DOMAIN.TLD to test#MY_DOMAIN.TLD and it didn't seem to deliver the message; I figured aiosmtpd would connect to the preferred MX servers for my domain (my "real" MX's) to transfer the message, which would then put it in my inbox. That didn't seem to be the case, and I'm not sure why.
Exact repro steps, where example.com is my domain, and terminals are running on a box with a hostname listed in my MX records.
Terminal A:
$ aiosmtpd -n
Terminal B:
$ telnet localhost 8025
EHLO <example.com>
MAIL FROM: test#example.com
RCPT TO: test#example.com
DATA
FROM: Application Notifications <test#example.com>
TO: User Name <test#example.com>
SUBJECT: App Notify Test
This is a test!
.
QUIT
How do SMTP servers normally send mail between each other? Do they each get some login to each other's SMTP servers to authenticate with, and since I'm not doing that, this is a problem? Can I run a SMTP server on localhost and have it send mail out of the network without receiving mails (a no-reply service)? Is there something obvious that I'm just missing here that solves all my problems?
Thanks
It sounds like you want to run a mail transfer agent (MTA) that relays email to remote SMTP servers. An MTA will typically act as an SMTP server to receive messages, and then it will act as an SMTP client when it relays the messages to remote hosts.
MTAs generally operate in two different modes: (1) They will relay messages from authenticated users to remote hosts, and (2) they will receive messages from remote hosts to its users and store them somehow. The combination of those two modes - where the MTA will accept messages from remote hosts and relay them to different remote hosts - is called an open relay and is sure to attract spammers and place your server on spam blacklists.
aiosmtpd is not an MTA or an email relay out of the box - it is merely an SMTP server that will receive messages and do whatever with the messages you program it to do. By default it will do nothing - that is, it will receive the messages and throw them away. If you want to implement an email relay in aiosmtpd, then you need to implement the SMTP client portion of the MTA, e.g. by implementing an aiosmtpd handler that instantiates smtplib.SMTP to connect to remote hosts.
However, if all you want is an email relay, then you most likely don't need aiosmtpd at all - postfix is probably a better choice.
aiosmtpd can be a good choice if you need to implement mailing list software or perform some automation tasks based on incoming emails from e.g. cameras or scanners.
If you want to implement an email relay in aiosmtpd, then you need to ensure that both the software and your server are configured in a way that you don't relay unauthenticated messages from the outside internet.
See also: Python aiosmtpd - what is missing for an Mail-Transfer-Agent (MTA)?
So, I actually figured out what was missing here.
I need to run an SMTP server, yes, but I also needed to write code to parse the "to" domain (the recipient domain), perform a DNS request for the MX server(s) of the recipient domain, and then use the smtplib client to then send mail over to the recipient domain. Authentication is not needed to relay that message to the recipient server, authentication is only required for reading from a given inbox or authenticating a sender to send on behalf of a domain (I trust myself and myself only to send mail). I can do all this while also only listening for mail on localhost so that only my local server can use the local SMTP server for relaying messages/emails off to recipient domains.
Additionally, I don't need to have my external IP listed as an MX server since it's not accepting mail for the domain, only sending. I do need an SPF record for it though so that it is an authorized relay/sender for email from my domain.

Cpanel This message could not be delivered

I'm interesting to host my website portal at home, I've got public ip from my isp, got good server, installed cent os, installed cpanel, copied website but seems that email server not working good.
When testing to multiple receivers, few mails are delivered ok but few message are not delivering, example of errors:
error1:
SMTP error from remote mail server after initial connection: 554 n1plibsmtp01-02.prod.ams1.secureserver.net bizsmtp IB106. Connection refused. MYIP is listed on the Policy Block List (PBL).\302\240
error2:
ECDHE-RSA-AES256-SHA384:256 CV=yes: SMTP error from remote mail server after MAIL FROM:MYEMAIL SIZE=1669: 550 DY-001 (COL004-MC2F3) Unfortunately, messages from MYIP weren't sent. Please contact your Internet serv
error3:
ECDHE-RSA-AES256-SHA384:256 CV=yes: SMTP error from remote mail server after MAIL FROM:MYEMAIL SIZE=1669: 550 DY-001 (BLU004-MC1F26) Unfortunately, messages from 213.163.119.60 weren't sent. Please contact your Internet ser
Delivered emails have this message:
Accepted
So since few emails are delivered and few emails are not delivered, seems blocked by hotmail, gmail, yahooo, or marked as spam.. means that problem is to my ISP?
Services like Gmail, Outlook.com and Yahoo! Mail block email to protect from unwanted or malicious email such as phishing, scams and spam. In this case, they are mistaking email that you are sending.
There is something like "whitelisting domain" but I am not too sure on that. I think that can help ??

Outgoing Listing-Mail stucks in Spam-Filter since I moved to a new Server

Following Problem: I have written a mailing-list via PHP, SwiftMailer and Postfix. On my Old server it worked without any problems, but Since I moved to another Server (Exactly same configuration, but other IP) the list-mails stuck in the Spamfilter of the Receivers. (Espacially in Google Mail)
Is there anything I have to do escept rerouting the URL DNS-Records, that Google sees, that "I am that Server" and the mail is no spam?
First, check that your outgoing mail server is identifying itself correctly in the HELO command (or EHLO command) when it connects to a receiving mail server. There should also be an A record for this name that should point to the IP address of the mail server. Also, this IP address should reverse to some name (possibly, but not necessarily, the same name as above), and this name should point to the mail server's IP. If any of this is not right, then most spam filters will not consider your server to be a 'real' mail server, and will most likely flag any message sent from your server as spam. This is how many spam filters block spam that originates from computers that have been taken over as 'zombies'.
Another thing to do is to check that you mail server IP is not on any blacklists. You can use MXToolbox for this: http://mxtoolbox.com/blacklists.aspx
Another thing you can do is use port25's verifier tool. This tool will spot any red flags that might be causing your messages to be flagged as spam. See http://www.port25.com/support/authentication-center/email-verification/ for more info.
Last but not least, you might want to setup an SPF record for the domain that you are sending these messages from, to indicate that the IP of your mail server is authorized to send mail from this domain. This will help a lot. For more info, see: www.openspf.org.

Unknown remote connections to SMTP server

I would like like guidance regarding an issue we are having on our CentOS server.
Just recently we noticed that we cannot send emails to Hotmail.com mailboxes from our domain email. I also discovered that we're getting a lot of mail delivery failure emails in one of the inbox's that we don't use.
I've checked the mail logs and saw some suspicious activity. Unfortunately, I don't know much with regards to mail server and how they behave. Can someone shine some light on this situation and tell me if some is connecting to our SMTP server remotely and sending spam emails to various recipients? What other steps should I take to prevent this?
Here is part of the log:
2013-06-09 05:43:27 SMTP connection from [110.52.1.237]:13088 (TCP/IP connection count = 1)
2013-06-09 05:43:32 no host name found for IP address 110.52.1.237
2013-06-09 05:43:41 SMTP connection from [110.52.1.237]:13461 (TCP/IP connection count = 2)
2013-06-09 05:43:46 no host name found for IP address 110.52.1.237
2013-06-09 05:43:46 unexpected disconnection while reading SMTP command from (iem.net) [110.52.1.237]:13088
2013-06-09 05:43:55 H=(qbnngj.com) [110.52.1.237]:13461 sender verify fail for <wqnsjzyyc#qbnngj.com>: The mail server could not deliver mail to wqnsjzyyc#qbnngj.com. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.
2013-06-09 05:43:55 H=(qbnngj.com) [110.52.1.237]:13461 F=<wqnsjzyyc#qbnngj.com> rejected RCPT <support#greenXXXX.com>: Sender verify failed
2013-06-09 05:43:55 unexpected disconnection while reading SMTP command from (qbnngj.com) [110.52.1.237]:13461
As you can see above, the IP that connected to the SMTP server is from China. I have a dozen of similar connections made in the log.
I am not sure how to resolve this issue.
Any help would be appreciated.
Thank you,
Max
You have two separate problems.
Sending to Hotmail: They have a web page regarding their own private white list, and if you're not on the list, you get blocked.
Receiving delivery status notices for messages not sent: Someone is spoofing your domain in messages they're sending to others. You need to protect your domain with some authentication technology. The two most common are called "sender policy framework" and domainkeys.

SMTP outbound emails stuck in Queue folder : Windows XP SP3, IIS 5.1

I am using a PHP script for sending emails by IIS 5.1 SMTP.
The emails, go to outbound folder. really path is C:\Inetpub\mailroot\Queue.
after a seconds, it start to send emails properly, but after sending 5 or 6 emails, it stops to send the other ones. SMTP service is still start and it seems there is no problem to SMTP service.
but,If i restart the service, it sends 1 or 2 other emails and then, it stops again.
I mean sending emails stop but service is start.
by the way, emails are stucked in Queue folder.
Also i checked Badmail folder. it is empty
Thanks
are all the emails to the same network? I have seen behaviour like this when the recipient server bans you, yahoo's (xtra) used to do it sometimes to our server in particular. You can check the logs in event viewer for something from the smtp server, you'll find a message from the other server saying something to the effect that you have been temporarily banned, possibly with more detail about why. Trying to connect via telnet also gives you the same message.
When this happens windows will try and send them again later. Restarting the server starts to try sending again and if the ban condition has been lifted messages will flow for a while again until you are rebanned.