This is not an EE question, though the client does have an EE website :). I just tagged it this way to get the smart folks in the community to see my question.
I have a client who used to have their email and website hosted separately. They were setup with Exchange Server service from one host and regular linux webhosting with another. The way they had it set up initially was their domain was pointed at their webhost and the MX record was forwarded to their Exchange host. The company from which they were getting the Exchange service through also offers webhosting, so they decided to consolidate. The website was moved to the new account - no problem. Then we pointed the entire domain, from the registrar level, to the host that had previously hosted only their email. That's where the problems set in.
Now, some emails go through, and some don't - seemingly without any specific pattern. You can send the same email to the same address several times, and some go through and others bouceback. The ones that bounceback offer some clues - they mentioned the mail server as mail.clientdomain.com - which is not right, as with their Exchange hosting, there is a separate dedicated domain for Exchange.
What it seems like is that in turning on the webhosting component of their account, two things happened - first, a setup of mail.clientdomain.com seems to have been undertaken even though it's not needed. And then secondly, internal to the hosting architecture, their DNS server is sometimes routing mail through the Exchange server and sometimes running it through mail.clientdomain.com (which of course doesn't work because there are no users set up there, and results in the bounce back).
The main trouble I'm having is telling the host WHAT to fix. I provide them with the symptoms we're experiencing and what I think may be going on, but I'm not well versed in server setup so I can't provide any more direction than i have. I'm hoping someone out there can give me some guidance on how I can run some tests to see where mail at my client's domain is being routed and therefore provide the host with some specific direction as to where the breakpoint is - because thus far, they have been unable to fix the problem.
Thanks all!
UPDATE: HERE'S WHAT THE RETURNED MESSAGES LOOK LIKE MOST RECENTLY:
Hi. This is the qmail-send program at plesk-vl4.ihost-web.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
--- Below this line is a copy of the message.
Return-Path:
Received: (qmail 1553 invoked from network); 2 Nov 2012 07:26:47 -0400
Received: from smtp137.ord.emailsrvr.com (173.203.6.137)
by webmail.plesk-vl4.ihost-web.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 2 Nov 2012 07:26:47 -0400
Received: from localhost (localhost.localdomain [127.0.0.1])
by smtp10.relay.ord1a.emailsrvr.com (SMTP Server) with ESMTP id 9803F370097;
Fri, 2 Nov 2012 07:29:55 -0400 (EDT)
X-Virus-Scanned: OK
Received: by smtp10.relay.ord1a.emailsrvr.com (Authenticated sender: jean-AT-qbmarketing.com) with ESMTPSA id 4BD76370091;
Fri, 2 Nov 2012 07:29:55 -0400 (EDT)
From: Jean St Amand
Content-Type: multipart/alternative; boundary="Apple-Mail=_25EBC7EF-43BA-46B6-94CE-143CA2B87CC2"
Subject: another test email the morning of Nov 2
Date: Fri, 2 Nov 2012 08:32:20 -0300
Message-Id: <56ED44AF-6B20-4627-A53D-1A27E055C2DE#qbmarketing.com>
To: Steve
Mime-Version: 1.0 (Mac OS X Mail 6.2 (1499))
X-Mailer: Apple Mail (2.1499)
The host has said that the system is setup correctly and that the bounce backs are the result of "auto-complete" in our mail programs. But auto-complete only fills in an email address that's been used in the past, not the routing used to get to that destination, isn't that right? If auto-complete played a role in routing, wouldn't everyone run into trouble every time they change web hosts? I've never had any trouble switching hosts in the past, so I find it a bit hard to believe that it's the sender's mail program that's the problem - especially since sometimes the messages do go through, but most often that don't.
What do the MX records for the domain look like? Is there just the one for "Mail.exchangeserver" or multiples? Generally they have a score, so the one with the lowest number gets tried first, if that is unreachable/busy then the next in the list gets used.
Another thing to check out, is to see if the web server is running some form of Control Panel that could be getting in the way of mail routing. I know in the past I've been bitten by cPanel looking locally for mail, even when a remote MX was set up.
If you can post the MX / DNS records, we may be able to help further.
Related
Setup: We have a mail server running exchange 2010 and a windows server 2011 for active directory. We also have a draytek router. I have access to all these things just not super familiar.
I work for a company as a junior IT tech so I have not set any of this up but need to find a solution. We're getting added to the spamhaus blocklist every other week or so.
What i've tried so far:
I have scanned the 30 computers with about 5 different virus scanners and mostly found minor things with malwarebytes which have been removed but we keep getting listed.
Also tried running netstat on each PC to monitor port 25 connections but none of the PC's checked seemed to be sending out of this port.
I have access to the router and can login to it and have heard about blocking port 25 but whenever I do this no one can send emails out. On the dreytek syslogs I can see an IP address from a virtual server that is 190.2.141.250 connecting to our main server on port 25 (SMPT). I suspect this is the thing that is sending out the spam but I can't find out how to block it.
I am kinda lost so any ideas would be appreciated
we use exim on a VPS. We host multiple domains on WP and Magento.
Recentyl I was reviewing some e-mails when I saw the following in the Received headers: my linux username, servername (not the sending domain name) and the actual version of Exim sending the email.
Received: from **USERNAME** by **VPS_SERVERNAME** with local (**EXIM VERSION**)
(envelope-from <user#domain.com>)
id 1a34DM-0003fW-xx
for recipient#gmail.com; Sun, 29 Nov 2015 16:48:36 +0100
I made a little jump. Why is it necessary to send the username under wich the process runs. And also why is the server name not the sending domain name. And why expose the Exim version or even expose Exim? All seems like quite a security risk by giving TMI
My question: How can I change USERNAME in the Received header to the sending E-MAIL NAME (prefix or whole email) and change the VPS_SERVERNAME to the sending DOMAINNAME. Or at least change the whole to something within all E-mails RFC's a rules ... but a little more anonymous.
Received: from user by domain.com with local (Mailserver)
(envelope-from <user#domain.com>)
Where user is taken from email, just like domein.com.
You can configure the format of the Received: header appended by Exim through the received_header_text key in the Exim configuration. This allows you to remove the user name. The default format string also suggests that Exim uses the primary_hostname variable for your VPS_SERVERNAME field, which defaults to uname() (that is, your host name), but this can also be overridden in the configuration to your FQDN of choice.
As for whether the default format is TMI, Exim's format is not unusual. Received: headers are for diagnostic purposes and they generally reveal a lot about the sending network and MTA software. Details can be hidden if security through obscurity is preferred over diagnostics, but consider that it only makes attacking the network harder and it is not an active security measure.
We have a VPS with CentOS combined with DirectAdmin which we use for a Magento shop. This runs fine, except for sending email.
Problem:
It appears that some specific domains won't receive our emails and we get a bounce. If we use any other email sending systems, the mails arrive without problems.
The bounce mail contains the following error:
SMTP error from remote mail server after HELO Company-Shops:
host mx-cluster-b2.one.com [IP ADRESS]: 504 5.5.2 :
Helo command rejected: need fully-qualified hostname
After googling and trying things for a week now, I am a bit lost. I tried checking postfix in CentOS, but this is not installed and I'm not quite sure if this is needed.
Possible issue?
I believe the hostfile in CentOS is setup incorrectly:
127.0.0.1 localhost localhost.localdomain localhost4 ... etc
OUR IP Company-Shops
'Company-Shops' should probably be a domain name, am I right? The same as the rDNS. But I'm afraid if I change this it will kill my site and whatnot. I'm not sure if this entry correlates with the 'company-Shops' helo label in the bounce error.
Some extra info:
- We use the webmail Roundcube from DirectAdmin
- At the moment we run one shop, but this might grow a bit (multiple sites on 1 IP)
- We don't use subdomains
- We've set up a reverse DNS, with the domain
Is there anyone with similiar experiences or with a bit more knowledge about this subject? I appreciate any advice we can get, as we are stuck..
Many thanks.
Yes, that's right: your mail server should identify itself using a fully-qualified domain name when it connects to send mail via SMTP. You don't say what mail server you're running, but since you're using DA, it's probably Exim. If so, you want to edit /etc/exim.conf and set primary_hostname to the FQDN of your server.
This would also be a good time to double-check that reverse DNS is set up properly for your IP address. Many hosts will also reject email from servers on IPs without a valid rDNS record.
I'm not familiar with Magento, but I can't see any way that changing the Exim configuration in this way could impact that program.
I recently switched from an axoim exchange mail server to microsoft 365 exchange server. Now my email address is still the exact same as it was, and most of the incoming mail comes to my new server and address, but it looks like some incoming mail is still going to the old server. Why is that and what can i do to address it?
I'm assuming that you changed the MX records for your domain, so that they now point to Microsoft 365's mail servers, correct? If so, it may take a day or two for the DNS changes to propagate.
I've recently setup my Ubuntu web server with exim4 so my PHP website applications can send email such as "thank you" and "confirmation" notices.
I've got it setup and working such that I can send email to gmail, Yahoo! and my work address. However, my work email gets caught up in our spam filter. I'm new to setting up mail servers so I'm not sure what I might need to look for in making this mail server more trusted, while keeping is secure.
Here are some details:
Server is NATed behind a firewall.
Firewall has port 25 open for outgoing SMTP traffic (from server to anywhere).
Server is virtual hosting a couple different of our websites
The server is running the following exim4 config:
dc_eximconfig_configtype='internet'
dc_other_hostnames='web-serv.example1.com;example2.com'
dc_local_interfacees='127.0.0.1'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets='' dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
Questions:
Do I need to open port 25 to incoming SMTP mail (anywhere to server)? I wonder if other mail servers need to talk to my mail server to verify itself, in a sort of handshake attempt.
I have not created any MX records primarily because the server has different websites on it the mail server should send mail for all the websites. Do I need to pick/create a domain address and create MX records for it?
One thing of note is that the mail headers look like this:
Return-Path: <www-data#example2.com>
Received: from web-serv.example1.com ([Firewall public IP Address])
Received-SPF: neutral (google.com: [Firewall public IP Address] is neither permitted nor denied by best guess record for domain of www-data#example2.com)
"web-serv" is the host name of the server, such that you get this if you type it into the command line:
$ hostname
web-serv
and "www-data" is the account name for the Apache2 server that Ubuntu gave it as default.
Any other general advice would be appreciated. It's all new to me.
Cheers!
One item of note, since I posted this question time time ago (almost 10 months) is that I found out the biggest issue I had was with setting up the DNS for reverse DNS on our hosting providers side of things.
In other words, our hosting provider (the people who give us our IP address and manage our hardware) had to enter a record to match my server(s) hostname to whatever IP address it used.
There's a specific name for this. I believe it's a "PTR" record but the name escapes me at the moment, but you basically tell them "my server hostname is ..." and they do a quick update to the DNS for reverse DNS purposes.
When I asked this question, we had a different hosting provider who didn't really help explain this to me, and after switching providers, I got to talk to someone who was happy to help me understand that side of the equation.
And as I understand it, this is setup by the people who assign you the IP addresses. But there's probably more to it than that.
Once I got that setup properly, email had no problem getting through the spam filters and Gmail/Yahoo showed SPF as "passed". It was showing neutral before.
Our company email was set to drop any email that would not resolve reverse DNS, which is why I could not even receive the email or find it in the spam filter. Of course, that situation would be dependent on the company and what email policy and software they're using to manage spam. Some might just drop all email that does not reverse DNS and some might dump it in to spam filters instead.
Hope that might help some people with similar issues.
Cheers!