+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: Usage (/forum-34.html)
+--- Thread: incoming email blocked. (/thread-13150.html)
incoming email blocked. - robbo007 - 03-30-2011 05:22 PM
Hello all,
I have ISPCP correctly running on my debian box. I'm using the default SPAM settings than come with it. I have one customer that is complaining some email is not getting through. I have investigated and found the error in the /var/log/mail.log file but I'm not sure why its considering it as SPAM???
Here is a copy of the log where its failing. Can anyone help out? ITs does not appear its listed on a blacklist. Is there any way to create a white list for this email domain?
Mar 28 19:24:26 sosaria postfix/policyd-weight[2769]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_NE_HELO=1.5 RESOLVED_IP_IS_NOT_HELO=1.5 (check from: .eurocasa. - helo: .ecsrv8.pyreurocasa. - helo-domain: .pyreurocasa.) FROM_NOT_FAILED_HELO(DOMAIN)=3; <client=88.2.127.72> <helo=ecsrv8.pyreurocasa.local> <from=exposanjuan@problemcustomer.com> <to=gerencia@customer.com>; rate: 1.5
Mar 28 19:24:26 sosaria postfix/policyd-weight[2769]: decided action=550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: ecsrv8.pyreurocasa.local, MTA hostname: 72.red-88-2-127.staticip.rima-tde.net[88.2.127.72] (helo/hostname mismatch); <client=88.2.127.72> <helo=ecsrv8.pyreurocasa.local> <from=exposanjuan@problemcustomer.com> <to=gerencia@customer.com>; delay: 1s
Mar 28 19:24:26 sosaria postfix/smtpd[17180]: NOQUEUE: reject: RCPT from 72.Red-88-2-127.staticIP.rima-tde.net[88.2.127.72]: 550 5.7.1 <gerencia@customer.com>: Recipient address rejected: Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: ecsrv8.pyreurocasa.local, MTA hostname: 72.red-88-2-127.staticip.rima-tde.net[88.2.127.72] (helo/hostname mismatch); from=<exposanjuan@problemcustomer.com> to=<gerencia@customer.com> proto=ESMTP helo=<ECSRV8.pyreurocasa.local>
Mar 28 19:30:33 sosaria postfix/policyd-weight[4081]: decided action=550 temporarily blocked because of previous errors - retrying too fast. penalty: 30 seconds x 0 retries.; <client=88.2.127.72> <helo=ecsrv8.pyreurocasa.local> <from=exposanjuan@problemcustomer.com> <to=ventas@customer.com>; delay: 0s
Mar 28 19:30:33 sosaria postfix/smtpd[17205]: NOQUEUE: reject: RCPT from 72.Red-88-2-127.staticIP.rima-tde.net[88.2.127.72]: 550 5.7.1 <ventas@customer.com>: Recipient address rejected: temporarily blocked because of previous errors - retrying too fast. penalty: 30 seconds x 0 retries.; from=<exposanjuan@problemcustomer.com> to=<ventas@customer.com> proto=ESMTP helo=<ECSRV8.pyreurocasa.local>
Mar 28 19:32:56 sosaria postfix/policyd-weight[2769]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_NE_HELO=1.5 RESOLVED_IP_IS_NOT_HELO=1.5 (check from: .eurocasa. - helo: .ecsrv8.pyreurocasa. - helo-domain: .pyreurocasa.) FROM_NOT_FAILED_HELO(DOMAIN)=3; <client=88.2.127.72> <helo=ecsrv8.pyreurocasa.local> <from=exposanjuan@problemcustomer.com> <to=info@customer.com>; rate: 1.5
Mar 28 19:32:56 sosaria postfix/policyd-weight[2769]: decided action=550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: ecsrv8.pyreurocasa.local, MTA hostname: 72.red-88-2-127.staticip.rima-tde.net[88.2.127.72] (helo/hostname mismatch); <client=88.2.127.72> <helo=ecsrv8.pyreurocasa.local> <from=exposanjuan@problemcustomer.com> <to=info@customer.com>; delay: 1s
Mar 28 19:32:56 sosaria postfix/smtpd[17336]: NOQUEUE: reject: RCPT from 72.Red-88-2-127.staticIP.rima-tde.net[88.2.127.72]: 550 5.7.1 <info@customer.com>: Recipient address rejected: Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: ecsrv8.pyreurocasa.local, MTA hostname: 72.red-88-2-127.staticip.rima-tde.net[88.2.127.72] (helo/hostname mismatch); from=<exposanjuan@problemcustomer.com> to=<info@customer.com> proto=ESMTP helo=<ECSRV8.pyreurocasa.local>
Mar 29 19:49:00 sosaria postfix/policyd-weight[2769]: decided action=550 temporarily blocked because of previous errors - retrying too fast. penalty: 30 seconds x 0 retries.; <client=88.2.127.72> <helo=ecsrv8.pyreurocasa.local> <from=exposanjuan@problemcustomer.com> <to=administracion@customer.com>; delay: 0s
Mar 29 19:49:00 sosaria postfix/smtpd[31875]: NOQUEUE: reject: RCPT from 72.Red-88-2-127.staticIP.rima-tde.net[88.2.127.72]: 550 5.7.1 <administracion@customer.com>: Recipient address rejected: temporarily blocked because of previous errors - retrying too fast. penalty: 30 seconds x 0 retries.; from=<exposanjuan@problemcustomer.com> to=<administracion@customer.com> proto=ESMTP helo=<ECSRV8.pyreurocasa.local>
Mar 29 19:52:29 sosaria postfix/policyd-weight[4081]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_NE_HELO=1.5 RESOLVED_IP_IS_NOT_HELO=1.5 (check from: .eurocasa. - helo: .ecsrv8.pyreurocasa. - helo-domain: .pyreurocasa.) FROM_NOT_FAILED_HELO(DOMAIN)=3; <client=88.2.127.72> <helo=ecsrv8.pyreurocasa.local> <from=exposanjuan@problemcustomer.com> <to=administracion@customer.com>; rate: 1.5
Mar 29 19:52:29 sosaria postfix/policyd-weight[4081]: decided action=550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: ecsrv8.pyreurocasa.local, MTA hostname: 72.red-88-2-127.staticip.rima-tde.net[88.2.127.72] (helo/hostname mismatch); <client=88.2.127.72> <helo=ecsrv8.pyreurocasa.local> <from=exposanjuan@problemcustomer.com> <to=administracion@customer.com>; delay: 2s
Mar 29 19:52:29 sosaria postfix/smtpd[31902]: NOQUEUE: reject: RCPT from 72.Red-88-2-127.staticIP.rima-tde.net[88.2.127.72]: 550 5.7.1 <administracion@customer.com>: Recipient address rejected: Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: ecsrv8.pyreurocasa.local, MTA hostname: 72.red-88-2-127.staticip.rima-tde.net[88.2.127.72] (helo/hostname mismatch); from=<exposanjuan@problemcustomer.com> to=<administracion@customer.com> proto=ESMTP helo=<ECSRV8.p
RE: incoming email blocked. - kilburn - 04-01-2011 05:59 PM
Code:
Mar 28 19:24:26 sosaria postfix/policyd-weight[2769]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_NE_HELO=1.5 RESOLVED_IP_IS_NOT_HELO=1.5 (check from: .eurocasa. - helo: .ecsrv8.pyreurocasa. - helo-domain: .pyreurocasa.) FROM_NOT_FAILED_HELO(DOMAIN)=3; <client=88.2.127.72> <helo=ecsrv8.pyreurocasa.local> <from=exposanjuan@problemcustomer.com>To see the actual error, we have to check the actual name of the client's IP:
Code:
72.127.2.88.in-addr.arpa domain name pointer 72.Red-88-2-127.staticIP.rima-tde.net.So, the problem is threefold:
1) CL_IP_NE_HELO: The client identifies itself as "ecsrv8.pyreurocasa.local", but his IP resolves to another hostname "72.Red-88-2-127.staticIP.rima-tde.net"
2) RESOLVED_IP_IS_NOT_HELO: "csrv8.pyreurocasa.local" obviously doesn't resolve to the client's IP (because it's a .local domain)
3) FROM_NOT_FAILED_HELO(DOMAIN): On top of that, the domain part of the FROM field of the e-mail (problemcustomer.com) does not match the domain given in the helo command (pyreurocasa.local).
Now, the solution is pretty simple: tell your customer to setup his e-mail server so that it identifies himself (HELO) as "72.Red-88-2-127.staticIP.rima-tde.net", and he will get through without any problems.
Make sure to explain to him that this is *good* because he will have less chances of being flagged as spammer by other mail servers too.
RE: incoming email blocked. - robbo007 - 04-02-2011 07:52 PM
Many thanks Kilburn,
Once again outstanding technical support. Most appreciated.
Regards,
Rob
(04-01-2011 05:59 PM)kilburn Wrote:Code:
Mar 28 19:24:26 sosaria postfix/policyd-weight[2769]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_NE_HELO=1.5 RESOLVED_IP_IS_NOT_HELO=1.5 (check from: .eurocasa. - helo: .ecsrv8.pyreurocasa. - helo-domain: .pyreurocasa.) FROM_NOT_FAILED_HELO(DOMAIN)=3; <client=88.2.127.72> <helo=ecsrv8.pyreurocasa.local> <from=exposanjuan@problemcustomer.com>
To see the actual error, we have to check the actual name of the client's IP:
Code:
72.127.2.88.in-addr.arpa domain name pointer 72.Red-88-2-127.staticIP.rima-tde.net.
So, the problem is threefold:
1) CL_IP_NE_HELO: The client identifies itself as "ecsrv8.pyreurocasa.local", but his IP resolves to another hostname "72.Red-88-2-127.staticIP.rima-tde.net"
2) RESOLVED_IP_IS_NOT_HELO: "csrv8.pyreurocasa.local" obviously doesn't resolve to the client's IP (because it's a .local domain)
3) FROM_NOT_FAILED_HELO(DOMAIN): On top of that, the domain part of the FROM field of the e-mail (problemcustomer.com) does not match the domain given in the helo command (pyreurocasa.local).
Now, the solution is pretty simple: tell your customer to setup his e-mail server so that it identifies himself (HELO) as "72.Red-88-2-127.staticIP.rima-tde.net", and he will get through without any problems.
Make sure to explain to him that this is *good* because he will have less chances of being flagged as spammer by other mail servers too.