Koozali.org: home of the SME Server
Obsolete Releases => SME Server 9.x => Topic started by: mophilly on August 02, 2019, 12:39:54 AM
-
We are running SME 9.2, with updates and contribs. There is one client whose email is not arriving to our server. I cannot find any evidence of a rejection in the logs. They are receiving email from us, and we can receive email from them using a gmail account. We are sending and receiving lots of email to and from others.
On the sender's end, they are getting a bounce message saying the email could not be delivered. Not other information is provided. No rejection header, for example. The sender uses a Windows based email server but I don't know the name of it.
Finally, this began recently, say in the past seven days. We have receiving email from them for years.
What might cause a single domain to be blocked?
-
Mophilly
What might cause a single domain to be blocked?
Is it a domain that is being blocked or only a single email address ?
Try sending from different email addresses at the same domain.
Care to tell us what the domain name is ?
You could check the sme server end by following tips in this thread
https://forums.contribs.org/index.php/topic,54028.0.html
-
There are at least three senders from the domain that report bounce messages. I have checked the domain name and ip addresses at mxtoolbox.com. That services reports that the name and addresses are working and not blacklisted.
I don't mind sharing the domain name privately, but I would rather not post it here just in case the client is sensitive about it.
-
Mophilly
Time to monitor the log entries on sme server while a message is sent from other domain.. See other post for details re tail command.
-
Mophilly
Try this & see what it shows:
For rejection you better start by looking in:
/var/log/qpsmtpd/current
Try:
tail -f /var/log/qpsmtpd/current
Watch a mail come in and then you should see why it is getting blocked.
-
Thank you for the suggestion and the log file path. I have checked a number of logs including qpsmtpd, looking for entries around the time the emails were sent. So far, I cannot find anything out of the ordinary. I sent a note to those involved and asked that they try to connect to my mail via telnet or ssh acting as a telnet agent to smtp.mydomain on port 25 to see if it connects at all.
-
Mophilly
Rather than just reading existing log files, you need to monitor in real time.
At a console (can be an ssh session) run the command
tail -f /var/log/qpsmtpd/current
& continue to monitor the real time output on screen (eg console monitor or ssh session).
Then send an email from the problematic address(es) & watch the log file output on the screen.
If there is an issue with the email processing then you will see the information on screen in real time
eg rejection or whatever.
-
Hi Mophilly,
I have done lots of this type of testing.
Some things that are helpful:
Do you have maillog turned on ? grep or search the maillog for other emails from the suspect domain.
(I often see spelling mistakes) get the bounce back emailed to you.
Have someone from the suspect domain email you on an outside email account yahoo,gmail etc. and look through the full headers for IP address etc. You can then grep /var/log/qpsmtpd/ for that IP.
Even more helpful if you can have the suspect domain email your SME while you tail -f /var/log/qpsmtpd/current .
check Firewall is not blocking that IP including geoip2, Xtables GeoIP.
Sometimes companies use outside services for billing etc. So the suspect email might not even be becoming from the suspect domain's main email server.
-
Thank you, Janet and Catton, I will arrange a cooperative test with my client and employ your suggestions.
-
I would suggest
tail -f
In place of
tailf
The reason is that tailf will fail/bug after a certain amount of data. We experienced that with John
-
The reason is that tailf will fail/bug after a certain amount of data. We experienced that with John
Ahhh yes - I remember now. Bloody thing !!!
-
Do you have the Email whitelist/blacklist contrib installed? I had a similar problem with a client who had blacklisted a domain because of spam coming from it, and later on wondered why emails from said domain weren't getting through.
-
Thanks to everyone. I looked into each and every suggestion.
I did not get a chance to tail the log during a scheduled test because email began arriving from the client yesterday. My contact there wrote, "Not sure what happened our email filter reports show the emails were going out but,not able to connect to your email server. Hopefully this issue is resolved."
So, I am happy the email is flowing again and royally annoyed that I don't have a clue as to what caused and resolved the problem. Ah, well... Onward!
-
I have experienced some ITs using RHBLS as feed for their firewall.
Result no connection at all. No traces.
Ping fails ...
-
I have experienced some ITs using RHBLS as feed for their firewall.
Result no connection at all. No traces.
Ping fails ...
Eerie, in a way, that you mention this as it seems to fit so perfectly. I would love to see the logs from my client’s firewall.
-
My contact there wrote, "...not able to connect to your email server..."
Fail2ban (https://wiki.contribs.org/Fail2ban) on your SME server might cause this. It took me a while to get fail2ban->IgnoreIP set correctly.
You could also search the Firehol blocklist-ipset github repo (https://github.com/firehol/blocklist-ipsets/search?q=%2223.106.64%22&unscoped_q=%2223.106.64%22) for your SME server's WAN IP address to see if you've been listed in any firewall-level blocklists. Search for your full IP, then search for the first 3 octets (then 2, then 1) in case you're listed as part of a netblock. Put quotes around your search string to keep Github from returning every entry containing any of your octets...
-
Thank you for the suggestion. We added the IP addresses used by our client to the fail2ban whitelist. Hopefully that will help.
I looked through the Firehol blacklist, or at least some it. It appears to be quite extensive.