Current time: 11-23-2024, 07:31 AM Hello There, Guest! (LoginRegister)


Thread Closed 
incoming email blocked.
Author Message
robbo007 Offline
Junior Member
*

Posts: 136
Joined: Apr 2009
Reputation: 0
Post: #1
incoming email blocked.
Hello all,

I have ISPCP correctly running on my debian box. I'm using the default SPAM settings than come with it. I have one customer that is complaining some email is not getting through. I have investigated and found the error in the /var/log/mail.log file but I'm not sure why its considering it as SPAM???

Here is a copy of the log where its failing. Can anyone help out? ITs does not appear its listed on a blacklist. Is there any way to create a white list for this email domain?

Mar 28 19:24:26 sosaria postfix/policyd-weight[2769]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_NE_HELO=1.5 RESOLVED_IP_IS_NOT_HELO=1.5 (check from: .eurocasa. - helo: .ecsrv8.pyreurocasa. - helo-domain: .pyreurocasa.) FROM_NOT_FAILED_HELO(DOMAIN)=3; <client=88.2.127.72> <helo=ecsrv8.pyreurocasa.local> <from=exposanjuan@problemcustomer.com> <to=gerencia@customer.com>; rate: 1.5
Mar 28 19:24:26 sosaria postfix/policyd-weight[2769]: decided action=550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: ecsrv8.pyreurocasa.local, MTA hostname: 72.red-88-2-127.staticip.rima-tde.net[88.2.127.72] (helo/hostname mismatch); <client=88.2.127.72> <helo=ecsrv8.pyreurocasa.local> <from=exposanjuan@problemcustomer.com> <to=gerencia@customer.com>; delay: 1s
Mar 28 19:24:26 sosaria postfix/smtpd[17180]: NOQUEUE: reject: RCPT from 72.Red-88-2-127.staticIP.rima-tde.net[88.2.127.72]: 550 5.7.1 <gerencia@customer.com>: Recipient address rejected: Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: ecsrv8.pyreurocasa.local, MTA hostname: 72.red-88-2-127.staticip.rima-tde.net[88.2.127.72] (helo/hostname mismatch); from=<exposanjuan@problemcustomer.com> to=<gerencia@customer.com> proto=ESMTP helo=<ECSRV8.pyreurocasa.local>
Mar 28 19:30:33 sosaria postfix/policyd-weight[4081]: decided action=550 temporarily blocked because of previous errors - retrying too fast. penalty: 30 seconds x 0 retries.; <client=88.2.127.72> <helo=ecsrv8.pyreurocasa.local> <from=exposanjuan@problemcustomer.com> <to=ventas@customer.com>; delay: 0s
Mar 28 19:30:33 sosaria postfix/smtpd[17205]: NOQUEUE: reject: RCPT from 72.Red-88-2-127.staticIP.rima-tde.net[88.2.127.72]: 550 5.7.1 <ventas@customer.com>: Recipient address rejected: temporarily blocked because of previous errors - retrying too fast. penalty: 30 seconds x 0 retries.; from=<exposanjuan@problemcustomer.com> to=<ventas@customer.com> proto=ESMTP helo=<ECSRV8.pyreurocasa.local>
Mar 28 19:32:56 sosaria postfix/policyd-weight[2769]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_NE_HELO=1.5 RESOLVED_IP_IS_NOT_HELO=1.5 (check from: .eurocasa. - helo: .ecsrv8.pyreurocasa. - helo-domain: .pyreurocasa.) FROM_NOT_FAILED_HELO(DOMAIN)=3; <client=88.2.127.72> <helo=ecsrv8.pyreurocasa.local> <from=exposanjuan@problemcustomer.com> <to=info@customer.com>; rate: 1.5
Mar 28 19:32:56 sosaria postfix/policyd-weight[2769]: decided action=550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: ecsrv8.pyreurocasa.local, MTA hostname: 72.red-88-2-127.staticip.rima-tde.net[88.2.127.72] (helo/hostname mismatch); <client=88.2.127.72> <helo=ecsrv8.pyreurocasa.local> <from=exposanjuan@problemcustomer.com> <to=info@customer.com>; delay: 1s
Mar 28 19:32:56 sosaria postfix/smtpd[17336]: NOQUEUE: reject: RCPT from 72.Red-88-2-127.staticIP.rima-tde.net[88.2.127.72]: 550 5.7.1 <info@customer.com>: Recipient address rejected: Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: ecsrv8.pyreurocasa.local, MTA hostname: 72.red-88-2-127.staticip.rima-tde.net[88.2.127.72] (helo/hostname mismatch); from=<exposanjuan@problemcustomer.com> to=<info@customer.com> proto=ESMTP helo=<ECSRV8.pyreurocasa.local>
Mar 29 19:49:00 sosaria postfix/policyd-weight[2769]: decided action=550 temporarily blocked because of previous errors - retrying too fast. penalty: 30 seconds x 0 retries.; <client=88.2.127.72> <helo=ecsrv8.pyreurocasa.local> <from=exposanjuan@problemcustomer.com> <to=administracion@customer.com>; delay: 0s
Mar 29 19:49:00 sosaria postfix/smtpd[31875]: NOQUEUE: reject: RCPT from 72.Red-88-2-127.staticIP.rima-tde.net[88.2.127.72]: 550 5.7.1 <administracion@customer.com>: Recipient address rejected: temporarily blocked because of previous errors - retrying too fast. penalty: 30 seconds x 0 retries.; from=<exposanjuan@problemcustomer.com> to=<administracion@customer.com> proto=ESMTP helo=<ECSRV8.pyreurocasa.local>
Mar 29 19:52:29 sosaria postfix/policyd-weight[4081]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_NE_HELO=1.5 RESOLVED_IP_IS_NOT_HELO=1.5 (check from: .eurocasa. - helo: .ecsrv8.pyreurocasa. - helo-domain: .pyreurocasa.) FROM_NOT_FAILED_HELO(DOMAIN)=3; <client=88.2.127.72> <helo=ecsrv8.pyreurocasa.local> <from=exposanjuan@problemcustomer.com> <to=administracion@customer.com>; rate: 1.5
Mar 29 19:52:29 sosaria postfix/policyd-weight[4081]: decided action=550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: ecsrv8.pyreurocasa.local, MTA hostname: 72.red-88-2-127.staticip.rima-tde.net[88.2.127.72] (helo/hostname mismatch); <client=88.2.127.72> <helo=ecsrv8.pyreurocasa.local> <from=exposanjuan@problemcustomer.com> <to=administracion@customer.com>; delay: 2s
Mar 29 19:52:29 sosaria postfix/smtpd[31902]: NOQUEUE: reject: RCPT from 72.Red-88-2-127.staticIP.rima-tde.net[88.2.127.72]: 550 5.7.1 <administracion@customer.com>: Recipient address rejected: Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: ecsrv8.pyreurocasa.local, MTA hostname: 72.red-88-2-127.staticip.rima-tde.net[88.2.127.72] (helo/hostname mismatch); from=<exposanjuan@problemcustomer.com> to=<administracion@customer.com> proto=ESMTP helo=<ECSRV8.p
03-30-2011 05:22 PM
Find all posts by this user
kilburn Offline
Development Team
*****
Dev Team

Posts: 2,182
Joined: Feb 2007
Reputation: 34
Post: #2
RE: incoming email blocked.
Code:
Mar 28 19:24:26 sosaria postfix/policyd-weight[2769]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_NE_HELO=1.5 RESOLVED_IP_IS_NOT_HELO=1.5 (check from: .eurocasa. - helo: .ecsrv8.pyreurocasa. - helo-domain: .pyreurocasa.) FROM_NOT_FAILED_HELO(DOMAIN)=3; <client=88.2.127.72> <helo=ecsrv8.pyreurocasa.local> <from=exposanjuan@problemcustomer.com>

To see the actual error, we have to check the actual name of the client's IP:
Code:
72.127.2.88.in-addr.arpa domain name pointer 72.Red-88-2-127.staticIP.rima-tde.net.

So, the problem is threefold:

1) CL_IP_NE_HELO: The client identifies itself as "ecsrv8.pyreurocasa.local", but his IP resolves to another hostname "72.Red-88-2-127.staticIP.rima-tde.net"

2) RESOLVED_IP_IS_NOT_HELO: "csrv8.pyreurocasa.local" obviously doesn't resolve to the client's IP (because it's a .local domain)

3) FROM_NOT_FAILED_HELO(DOMAIN): On top of that, the domain part of the FROM field of the e-mail (problemcustomer.com) does not match the domain given in the helo command (pyreurocasa.local).

Now, the solution is pretty simple: tell your customer to setup his e-mail server so that it identifies himself (HELO) as "72.Red-88-2-127.staticIP.rima-tde.net", and he will get through without any problems.

Make sure to explain to him that this is *good* because he will have less chances of being flagged as spammer by other mail servers too.
04-01-2011 05:59 PM
Visit this user's website Find all posts by this user
robbo007 Offline
Junior Member
*

Posts: 136
Joined: Apr 2009
Reputation: 0
Post: #3
RE: incoming email blocked.
Many thanks Kilburn,
Once again outstanding technical support. Most appreciated.
Regards,
Rob



(04-01-2011 05:59 PM)kilburn Wrote:  
Code:
Mar 28 19:24:26 sosaria postfix/policyd-weight[2769]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_NE_HELO=1.5 RESOLVED_IP_IS_NOT_HELO=1.5 (check from: .eurocasa. - helo: .ecsrv8.pyreurocasa. - helo-domain: .pyreurocasa.) FROM_NOT_FAILED_HELO(DOMAIN)=3; <client=88.2.127.72> <helo=ecsrv8.pyreurocasa.local> <from=exposanjuan@problemcustomer.com>

To see the actual error, we have to check the actual name of the client's IP:
Code:
72.127.2.88.in-addr.arpa domain name pointer 72.Red-88-2-127.staticIP.rima-tde.net.

So, the problem is threefold:

1) CL_IP_NE_HELO: The client identifies itself as "ecsrv8.pyreurocasa.local", but his IP resolves to another hostname "72.Red-88-2-127.staticIP.rima-tde.net"

2) RESOLVED_IP_IS_NOT_HELO: "csrv8.pyreurocasa.local" obviously doesn't resolve to the client's IP (because it's a .local domain)

3) FROM_NOT_FAILED_HELO(DOMAIN): On top of that, the domain part of the FROM field of the e-mail (problemcustomer.com) does not match the domain given in the helo command (pyreurocasa.local).

Now, the solution is pretty simple: tell your customer to setup his e-mail server so that it identifies himself (HELO) as "72.Red-88-2-127.staticIP.rima-tde.net", and he will get through without any problems.

Make sure to explain to him that this is *good* because he will have less chances of being flagged as spammer by other mail servers too.
(This post was last modified: 04-02-2011 07:53 PM by robbo007.)
04-02-2011 07:52 PM
Find all posts by this user
Thread Closed 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)