I would like like guidance regarding an issue we are having on our CentOS server.
Just recently we noticed that we cannot send emails to Hotmail.com mailboxes from our domain email. I also discovered that we're getting a lot of mail delivery failure emails in one of the inbox's that we don't use.
I've checked the mail logs and saw some suspicious activity. Unfortunately, I don't know much with regards to mail server and how they behave. Can someone shine some light on this situation and tell me if some is connecting to our SMTP server remotely and sending spam emails to various recipients? What other steps should I take to prevent this?
Here is part of the log:
2013-06-09 05:43:27 SMTP connection from [110.52.1.237]:13088 (TCP/IP connection count = 1)
2013-06-09 05:43:32 no host name found for IP address 110.52.1.237
2013-06-09 05:43:41 SMTP connection from [110.52.1.237]:13461 (TCP/IP connection count = 2)
2013-06-09 05:43:46 no host name found for IP address 110.52.1.237
2013-06-09 05:43:46 unexpected disconnection while reading SMTP command from (iem.net) [110.52.1.237]:13088
2013-06-09 05:43:55 H=(qbnngj.com) [110.52.1.237]:13461 sender verify fail for <wqnsjzyyc#qbnngj.com>: The mail server could not deliver mail to wqnsjzyyc#qbnngj.com. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.
2013-06-09 05:43:55 H=(qbnngj.com) [110.52.1.237]:13461 F=<wqnsjzyyc#qbnngj.com> rejected RCPT <support#greenXXXX.com>: Sender verify failed
2013-06-09 05:43:55 unexpected disconnection while reading SMTP command from (qbnngj.com) [110.52.1.237]:13461
As you can see above, the IP that connected to the SMTP server is from China. I have a dozen of similar connections made in the log.
I am not sure how to resolve this issue.
Any help would be appreciated.
Thank you,
Max
You have two separate problems.
Sending to Hotmail: They have a web page regarding their own private white list, and if you're not on the list, you get blocked.
Receiving delivery status notices for messages not sent: Someone is spoofing your domain in messages they're sending to others. You need to protect your domain with some authentication technology. The two most common are called "sender policy framework" and domainkeys.
Related
I am having issues with SMTP from one of my web servers. I've verified firewall connectivity over port25 to the SMTP relay and the exchange servers is good to go. I can hit the SMTP relays and exchange server from my web server via telnet. Whenever I drop a mail in Pickup it sits in the queue.
In Event Viewer I get:
Message delivery to the host 'IPADDDRESS' failed while delivering to the remote domain 'MYDOMAIN' for the following reason: The connection was dropped by the remote host.
I checked SMTPDiag and it comes back:
Error: Expecting "220". Server is not accepting connections.
Failed to submit mail to "server.domain.com"
I checked and my connection control is set to allow and the domains are listed in SMTP.. I am losing my mind trying to figure out why mail is failing at this point..
Are you hitting a rate limit or is your outbound ip on a blacklist? Try the blacklist search here: https://mxtoolbox.com/supertoolmobile.aspx
I have a Coldfusion page (CF10) that creates a report and sends it via cfmail to a list of recipients. The ones in our internal domain are receiving, but the external addresses are not.
I found a couple threads where people were having the exact same problem, and the solution was to add the CF server's IP address to the Exchange server. So our IT guys did just that - they added the IP addresses of all of our production servers to the receive connector on the Exchange server. However, the mails are still not being relayed, and I'm continuing to get the same message in the mail log:
javax.mail.SendFailedException: Invalid Addresses; nested exception is: com.sun.mail.smtp.SMTPAddressFailedException: 550 5.7.1 Unable to relay
I'm not familiar with everything that needs to happen to make the Exchange Server relay email to external addresses. Adding the IP addresses to the receive connector obviously isn't enough. Are there other steps that need to be performed?
Coordinate with your IT guys. Write a ColdFusion page that they can run that sends mail to an external address they can access. Then tell them to do what they have to do to receive mail at that address.
Solution was simple - we originally specified the mail server in the cfadmin mail settings, but included no username/password. That worked fine, until we wanted to start sending cfmails to addresses outside of our own domain. So IT created a dedicated "Noreply" account for this purpose, and I entered the username/password in the cfadmin mail settings.
I've been trying to install a Postfix server for handling mail for my domain. I found some nice tutorial and I was able to create email address and server responds correctly with telnet (imap and pop3 included, I also charge the config in Gmail and works correctly).
To handle POP3 and IMAP I have installed Courier
The problem comes when I try to send e-mails to myself (with external email address), I receive the following error code:
Action: failed
Status: 5.4.6
Diagnostic-Code: X-Postfix; mail for (servername) loops back to
myself
I reviewed my postfix mail.conf config, as in many webs they said that it could be because mydestination was not corectly configured. I have included the domain configuration and I still get the same error. (/etc/postfix/main.cf)
mydestination = mail.mydomain.com, domain.com, localhost
This is in a VPS, so the hostname is different to the domain name, I'm not sure if this can have any influence on the handling mail error.
Could someone help me to find where can the error be?
Thanks for your attention and your answers
You're probably sending mail to a recipient, with an email address in a zone which has an MX record, with its value a hostname, which resolves to the ip address of your mailserver, while this your server hasn't been told in its main.cf config file (behind mydestination), that it is referring to itself.
Therefore, your server is wondering why an attempt to send mail to - as it believes - another server results in finding that the ip address of that another server is its own ip address.
Update mydestination accordingly.
It helps to use the same hostname for MX record, for all zones your mailserver handles incoming mail for, as that keeps your mydestination manageable.
Do the SMTP logs on a server (Windows 2003) only show logs of mail that were sent successfully?
We are getting bounce backs when sending mail to a particular domain:
The connection was dropped by the remote host.
It looks like a problem on the receiving server, but we dont have much information to provide them. We can send to hotmail, gmail, yahoo etc OK.
Any ideas?
Most likely, there is a spam filter in front of the receiving mail server for this domain, and this spam filter thinks your mail server is sending spam, so it's closing the connection from your mail server. One way to test this is to simulate sending a message to this mail server by opening a command prompt on your mail server, and use telnet to connect to the receiving mail server on port 25, and proceed with the process of sending a message just as a mail server would. This way, you'll be able to see how the receiving mail server responds after each step. Follow the instructions in http://support.microsoft.com/kb/153119 to see how this is done.
It turned out the sending server was blacklisted by McAfee, that was running on the receiving servers firewall.
For those that may have the problem in the future you can check if your server is blacklisted with McAfee here:
http://www.mcafee.com/threat-intelligence/ip/spam-senders.aspx
After entering your server IP, you should see a link Threat Feedback. Use this to email McAfee.
I was able to send McAfee an email with an explanation, they then removed our server from the blacklist.
Following Problem: I have written a mailing-list via PHP, SwiftMailer and Postfix. On my Old server it worked without any problems, but Since I moved to another Server (Exactly same configuration, but other IP) the list-mails stuck in the Spamfilter of the Receivers. (Espacially in Google Mail)
Is there anything I have to do escept rerouting the URL DNS-Records, that Google sees, that "I am that Server" and the mail is no spam?
First, check that your outgoing mail server is identifying itself correctly in the HELO command (or EHLO command) when it connects to a receiving mail server. There should also be an A record for this name that should point to the IP address of the mail server. Also, this IP address should reverse to some name (possibly, but not necessarily, the same name as above), and this name should point to the mail server's IP. If any of this is not right, then most spam filters will not consider your server to be a 'real' mail server, and will most likely flag any message sent from your server as spam. This is how many spam filters block spam that originates from computers that have been taken over as 'zombies'.
Another thing to do is to check that you mail server IP is not on any blacklists. You can use MXToolbox for this: http://mxtoolbox.com/blacklists.aspx
Another thing you can do is use port25's verifier tool. This tool will spot any red flags that might be causing your messages to be flagged as spam. See http://www.port25.com/support/authentication-center/email-verification/ for more info.
Last but not least, you might want to setup an SPF record for the domain that you are sending these messages from, to indicate that the IP of your mail server is authorized to send mail from this domain. This will help a lot. For more info, see: www.openspf.org.