Topic: SME6.5 SMTP error + being hacked?

[samrusso]

Hi all,
I've just started having problems with my imap server on sme6.5. Nothing new- just started out of the blue.
Symptoms:
outgoing mail doesnt work for ***all*** email addresses only some.
e.g if you look at the last 19 lines (see below)  from /var/log/qmail/current you can see a couple of things
1. mail to raymir@tpg.com.au  is  deferred sayiing Sorry,_I_wasn't_able_to_establish_an_SMTP_connection
Infact it didnt work, whereas this email always worked in the past

2. Then I tried one to support@tsn.cc and it works fine

TWO BIG QNS
1. Can anyone help as to why the outgoing mail is selectively not working?

2.  support_refnum_06497@westpac.com.au in the log file is somthing  ***I DID NOT SEND *** . How can that be? Is my mailserver being used to relay outgoing mail to other email accounts? I had a deeper look in the mail logs and find heaps of these type that  I didnt send.

Please help
sam

----------------------------------------------------------------------
-----------  last 19 lines from /var/log/qmail/current ----------
----------------------------------------------------------------------
@4000000043be55641ae5a49c starting delivery 373: msg 15630 to remote raymir@tpg.com.au
@4000000043be55641ae5b43c status: local 0/10 remote 1/20
@4000000043be55641b088a34 delivery 373: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
@4000000043be55641b0899d4 status: local 0/10 remote 0/20
@4000000043be55931accb9b4 starting delivery 374: msg 15689 to remote raymir@tpg.com.au
@4000000043be55931acccd3c status: local 0/10 remote 1/20
@4000000043be55931aefed6c delivery 374: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
@4000000043be55931aeff924 status: local 0/10 remote 0/20
@4000000043be56421a6f5774 starting delivery 375: msg 57307 to remote support_refnum_06497@westpac.com.au
@4000000043be56421a6f6714 status: local 0/10 remote 1/20
@4000000043be56421a96250c delivery 375: deferral: Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
@4000000043be56421a9630c4 status: local 0/10 remote 0/20
@4000000043be56601ec01fac new msg 16358
@4000000043be56601ec02f4c info msg 16358: bytes 553 from <sam@rwb.com.au> qp 3455 uid 401
@4000000043be56601eea0254 starting delivery 376: msg 16358 to remote support@tsn.cc
@4000000043be56601eea11f4 status: local 0/10 remote 1/20
@4000000043be566305c180cc delivery 376: success: 202.22.162.35_accepted_message./Remote_host_said:_250_ok_1136547417_qp_14644/
@4000000043be566305c19454 status: local 0/10 remote 0/20
@4000000043be566305c19c24 end msg 16358

[CharlieBrady]

Hi all,
I've just started having problems with my imap server on sme6.5. Nothing new- just started out of the blue.

That would make it new then, wouldn't it? You are reporting smtp issues, so I don't understand your reference to imap server.

e.g if you look at the last 19 lines (see below)  from /var/log/qmail/current you can see a couple of things
1. mail to raymir@tpg.com.au  is  deferred sayiing Sorry,_I_wasn't_able_to_establish_an_SMTP_connection
Infact it didnt work, whereas this email always worked in the past

So something has changed (possibly outside your network) and the tpg.com.au mail server (or servers) is/are no longer accessible from your system.

2. Then I tried one to support@tsn.cc and it works fine

There's nothing your server can do to ensure that tpg.com.au's mail servers are (always) accessible. They're either reachable or they're not, and your system is telling you that they are not.

So the mail server for tsn.cc *is* accessible from your system.

1. Can anyone help as to why the outgoing mail is selectively not working?

Some hosts are sometimes unreachable on the Internet. There are many individual reasons for that state of affairs.

2.  support_refnum_06497@westpac.com.au in the log file is somthing  ***I DID NOT SEND *** . How can that be?

It could very well be a bounce message. Lots of spam arrives and can't be delivered. The mail system will then try to send them back to where they apparently came from.

[samrusso]

1. Sorry about the imap posting it should have read smtp.

2. I better clarify what I meant by nothing new as it seems to have caused confusion.  There was nothing I did (ie no new installs/updates etc) before this problem started. Often a problem starts after you have just changed something. So NO I did not do anything unusual before the problem started. Hence the "nothing new" bit

2.

So something has changed (possibly outside your network) and the tpg.com.au mail server (or servers) is/are no longer accessible from your system.

No I dont think so: The error is occuring on lots of email addresses where they worked before and moreover if I go across to another mail server (e.g my ISP has given me an email address and I have tried my email address at work) and send mail to these very email addresses that cause the errors in the log files, then they work. ie the smtp server seems to be selective in which ones it doesnt work with (where in fact these email addresses are up and running). It seems to be my sme server. Dont forget some still work some dont and yet I can send to all by not using my sme mail server

3.

It could very well be a bounce message. Lots of spam arrives and can't be delivered. The mail system will then try to send them back to where they apparently came from.

That makes sense. Anyway of confirming this?

thanks
again

[judgej]

Does your ISP provide you with an SMTP mail server to use? You may have more luck if all your mail is delivered via that.

-- JJ

[smeghead]

I recently blocked all tpg.com.au mail servers (courtesy of a router SMTP rule) due to an inordinate amount of spam coming from them; my spam attack level has now dropped by about 80%.

I can do this as no one I know uses TPG.

Might be worth reporting this abuse to TPG tho in my experience they tend to be limited in what they can or will do.

Cheers

[samrusso]

I managed to solve this problem of mine.
My ISP has foced all emails through their SMTP server.
I thought earlier this might have been the case but I only configured my mail client (thunderbird)  to use it. This didnt work. I had to configure the SME server to send via it by going into the server-manager and:
Address of Internet provider's mail server: mail.myisp

and then my mail client points to my sme box (not to my ISP SMTP server)
thanks everyone for their help
 

sam