ATT Block 553 Error On Phplist Emails
Nov 8, 2009
We have several clients who use phplist for their opt-in lists. ATT and a few others are blocking emails. The main reason is because the email from the list (email@client.com) originates from comcast.net. ATT and others appear to block based upon that discrepancy.
Questions for anyone who works with phplist:
1) If the client simply sends from the comcast.net email (and not from email@client.com) and we allow this as a valid sending source in phplist, will this solve our problem?
2) We attempted to send via webmail, which would have trumped all issues, however because the clients are sending email which incorporates graphics in a template, webmail is a poor choice.
3) Is there another workaround that we are not seeing?
View 3 Replies
Apr 14, 2008
I am receiving around 7.000 emails from different sources with the subject “Undelivered Mail Returned to Sender” or similar.
It seems someone is using an alias to my email address to send huge amounts of spam. I have checked the mail queue in WHM and the emails are not there. I have turned on the SMTP Tweak in security center, but that doesn’t seem to work.
I have no idea if this person is using my server to send massive amounts of spam,
What I have noticed is that most emails return to msxf@mydomain.com so is there a way to block this?
View 10 Replies
View Related
Dec 19, 2014
I use a spam protection service. It works as following : -My DNS are configured to point to a server (sever A) which is configured to filter spams. -If an email is not a spam, the first server send it to my mail server (server B).
But some spammers found a way to bypass the protection : They send directly their email to my mail server (server A). So, i want to allow only emails coming from the server A IP.
View 2 Replies
View Related
Nov 28, 2008
I got quite a lot of these e-mails from my mod_security
Quote:
[Thu Nov 27 23:36:44 2008] [error] [client 75.165.229.140] ModSecurity: Access denied with code 406 (phase 2). Pattern match "(ht|f)tps?:/" at ARGS:loc.
[file "/usr/local/apache/conf/modsec2/rules.conf"] [line "155"] [id "300018"] [rev "3"] [msg "Generic PHP code injection protection via ARGS"] [severity "CRITICAL"] [hostname "www.domain"] [uri "/ads/www/delivery/lg.php"] [unique_id "SS@DbEo-wEIAABlHa1YAAAAX"]
View 4 Replies
View Related
Jul 5, 2008
domain1.com has two servers:
#Server PHP - hosts php and handles apache/mysql requests.
#Server 2 - handles mail and dns requests.
Yesterday we moved mail from # server 2 to a new mail server, a cPanel one, all mailboxes are created, users can send and recieve email using webmail, mail clients, etc.
But.. while trying to send mails using PHP authenticated from the #Server PHP/Apache/MySQL , we got this error from the mail servers:
Code:
We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. SMTP -> FROM SERVER: SMTP -> FROM SERVER: SMTP -> ERROR: HELO not accepted from server: SMTP -> get_lines(): $data was "" SMTP -> get_lines(): $str is "220-srv247.serverhost.com
This was working when mails were recieved/sent in Sendmail (an Ensim box), now with Exim 4.x on a cPanel box we got this issue.
Already added IP address from #server php into all Exim whitelists, also added the IP to /etc/alwaysrely, but didn't help.
Im using RHE 5.2 on the mail server and latest Release build.
View 3 Replies
View Related
Sep 4, 2007
Since Jan 07, one of our servers has been sending thousands of emails to ne.jp hosts.
Eg from logs:
Code:
Sep 4 19:11:11 debian sm-mta[25383]: l84FY9ME016602: to=, ctladdr= (2001/2001), delay=01:37:02, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYB7d016734: to=, ctladdr= (2001/2001), delay=01:37:00, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FY9A4016629: to=, ctladdr= (2001/2001), delay=01:37:02, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FY9la016616: to=, ctladdr= (2001/2001), delay=01:37:02, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYCkO016807: to=, ctladdr= (2001/2001), delay=01:36:58, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYB7B016730: to=, ctladdr= (2001/2001), delay=01:37:00, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYCO0016757: to=, ctladdr= (2001/2001), delay=01:36:59, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYDjq016819: to=, ctladdr= (2001/2001), delay=01:36:58, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYBhL016751: to=, ctladdr= (2001/2001), delay=01:37:00, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
Sep 4 19:11:11 debian sm-mta[25383]: l84FYDPw016811: to=, ctladdr= (2001/2001), delay=01:36:58, xdelay=00:00:00, mailer=esmtp, pri=930403, relay=lsean.ezweb.ne.jp., dsn=4.0.0, stat=Deferred: Connection timed out with lsean.ezweb.ne.jp.
We're absolutely unable to track or find out who is sending it or how to stop this.
So I'm wondering if it is possible to prevent sendmail from sending to:
lsean.ezweb.ne.jp, OR
docomo.ne.jp, OR
softbank.ne.jp
/var/mail/vhostswww logs are not showing helpful info at all. Eg:
Code:
--l84GRnX5029819.1188924137/debian--
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=ISO-2022-JP
Mime-Version: 1.0
From: hanako.@docomo.ne.jp
Subject:
To: a_j.n-y_bluespider-tattoo@softbank.ne.jp
Message-Id: <200709041410.l84EA0Fh007971@debian>
Date: Tue, 4 Sep 2007 16:10:00 +0200
Tue, 4 Sep 2007 16:10:00 +0200
by debian (8.13.4/8.13.4/Submit) id l84EA0Fh007971;
Received: (from vhostswww@localhost)
for ; Tue, 4 Sep 2007 16:10:00 +0200
by debian (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l84EA0jk007973
Received: from debian (localhost [127.0.0.1])
Return-Path:
Content-Type: text/rfc822-headers
--l84GRnX5029819.1188924137/debian
Last-Attempt-Date: Tue, 4 Sep 2007 18:42:16 +0200
Diagnostic-Code: SMTP; 550 Invalid recipient:
Remote-MTA: DNS; mx.softbank.ne.jp
Status: 5.1.1
Action: failed
Final-Recipient: RFC822; a_j.n-y_bluespider-tattoo@softbank.ne.jp
Arrival-Date: Tue, 4 Sep 2007 16:10:00 +0200
Reporting-MTA: dns; debian
Content-Type: message/delivery-status
--l84GRnX5029819.1188924137/debian
<<< 503 No recipients specified
550 5.1.1 ... User unknown
<<< 550 Invalid recipient:
>>> DATA
... while talking to mx.softbank.ne.jp.:
----- Transcript of session follows -----
(reason: 550 Invalid recipient: )
----- The following addresses had permanent fatal errors -----
from localhost [127.0.0.1]
The original message was received at Tue, 4 Sep 2007 16:10:00 +0200
--l84GRnX5029819.1188924137/debian
This is a MIME-encapsulated message
Auto-Submitted: auto-generated (failure)
Subject: Returned mail: see transcript for details
boundary="l84GRnX5029819.1188924137/debian"
Content-Type: multipart/report; report-type=delivery-status;
MIME-Version: 1.0
To:
Message-Id: <200709041642.l84GRnX5029819@debian>
From: Mail Delivery Subsystem
Date: Tue, 4 Sep 2007 18:42:17 +0200
Tue, 4 Sep 2007 18:42:17 +0200
by debian (8.13.4/8.13.4/Debian-3sarge3) id l84GRnX5029819;
Received: from localhost (localhost)
Return-Path:
From MAILER-DAEMON Tue Sep 4 18:42:17 2007
--l84GRnX4029819.1188924135/debian--
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=ISO-2022-JP
Mime-Version: 1.0
From: hanako.@docomo.ne.jp
Subject:
To: a_j.n-y_bluespider-tattoo@softbank.ne.jp
Message-Id: <200709041411.l84EB8CS011861@debian>
Date: Tue, 4 Sep 2007 16:11:08 +0200
Tue, 4 Sep 2007 16:11:08 +0200
by debian (8.13.4/8.13.4/Submit) id l84EB8CS011861;
Received: (from vhostswww@localhost)
for ; Tue, 4 Sep 2007 16:11:09 +0200
by debian (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id l84EB8f6011862
Received: from debian (localhost [127.0.0.1])
Return-Path:
Content-Type: text/rfc822-headers
--l84GRnX4029819.1188924135/debian
Last-Attempt-Date: Tue, 4 Sep 2007 18:42:15 +0200
Diagnostic-Code: SMTP; 550 Invalid recipient:
Remote-MTA: DNS; mx.softbank.ne.jp
Status: 5.1.1
Action: failed
Final-Recipient: RFC822; a_j.n-y_bluespider-tattoo@softbank.ne.jp
Arrival-Date: Tue, 4 Sep 2007 16:11:09 +0200
Reporting-MTA: dns; debian
Content-Type: message/delivery-status
--l84GRnX4029819.1188924135/debian
<<< 503 No recipients specified
550 5.1.1 ... User unknown
<<< 550 Invalid recipient:
>>> DATA
... while talking to mx.softbank.ne.jp.:
----- Transcript of session follows -----
(reason: 550 Invalid recipient: )
----- The following addresses had permanent fatal errors -----
from localhost [127.0.0.1]
The original message was received at Tue, 4 Sep 2007 16:11:09 +0200
--l84GRnX4029819.1188924135/debian
This is a MIME-encapsulated message
Auto-Submitted: auto-generated (failure)
Subject: Returned mail: see transcript for details
boundary="l84GRnX4029819.1188924135/debian"
Content-Type: multipart/report; report-type=delivery-status;
MIME-Version: 1.0
To:
Message-Id: <200709041642.l84GRnX4029819@debian>
From: Mail Delivery Subsystem
Date: Tue, 4 Sep 2007 18:42:15 +0200
Tue, 4 Sep 2007 18:42:15 +0200
by debian (8.13.4/8.13.4/Debian-3sarge3) id l84GRnX4029819;
Received: from localhost (localhost)
Return-Path:
From MAILER-DAEMON Tue Sep 4 18:42:15 2007
--l84GRnX3029819.1188924134/debian--
How would I solve this problem as it's making our server load skyhigh 24/7.
Additional info about system:
> Debian Linux, latest kernel
> Sendmail (we've tried postfix, exim, with same results)
> Non cPanel system.
View 6 Replies
View Related
Jul 8, 2009
I am curious, what is the best way to ban certain IP from accessing server? I have software firewall (APF) and there is, of course, /etc/hosts.deny.
Which is the most efficient? I've read that software firewall becomes unstable after so many entries. Does the same apply to /etc/hosts.deny file?
Or is there a better way altogether?
View 7 Replies
View Related
Jun 8, 2009
some Chinese forums hotlinking images from my site and I even delete those images they keep sending me huge amount of http requests to my hosting server and eating 800mb of memory and upto 1GB cause server crash
I tried to block incoming referrer traffic from those sites using htaccess but it didn't work , I still see their http request on my server logs and memory keep goes high , am not sure my code is the right
how can I block these http request from these domains , what is the right htaccess code , I use DirectAdmin panel by the way
View 7 Replies
View Related
Apr 27, 2007
I have DDos Attack right now so I want to block all the IP from all over the world and just allow certain IP range.
How to do it using APF or any other way.
For example I want to block everything but Germany IP
Code:
53.0.0.0/8
62.4.64.0/19
62.8.32.0/19
62.8.128.0/17
62.24.0.0/19
62.26.0.0/15
62.40.0.0/19
62.44.32.0/19
62.48.64.0/19
62.50.32.0/19
62.50.96.0/19
62.50.192.0/18
62.52.0.0/14
62.61.32.0/19
62.68.0.0/19
62.72.0.0/18
62.72.64.0/19
62.75.128.0/17
62.78.64.0/20
62.80.0.0/18
62.80.96.0/19
62.89.160.0/19
62.91.0.0/16
62.93.192.0/18
62.95.128.0/18
62.104.0.0/16
62.109.64.0/18
62.109.128.0/19
62.111.0.0/17
62.112.32.0/19
62.112.64.0/19
62.112.128.0/19
62.116.128.0/18
62.117.0.0/19
62.128.0.0/19
62.128.160.0/19
62.133.0.0/19
62.138.0.0/16
62.141.32.0/19
62.141.160.0/19
62.145.0.0/19
62.143.0.0/16
62.144.0.0/16
62.146.0.0/16
62.152.0.0/19
62.152.160.0/19
62.153.0.0/16
62.154.0.0/15
62.156.0.0/14
62.165.0.0/19
62.168.192.0/19
62.169.0.0/19
62.176.128.0/19
View 2 Replies
View Related
May 5, 2009
Fortigate appliances blocking an IP that is not in RBLs I have a problem with the IP 66.187.108.157 of my VPS it seems to be blocked by Fortigate appliances, as you can see in this error message:
SMTP error from remote mail server after RCPT TO:[url] host mail.am.com.pe [200.62.221.107]: 554 5.7.1 This message has been
blocked because it is from a FortiGuard - AntiSpam black IP address.(connection black ip 66.187.108.157)
However I have searched in this URL [url]and it is clean.
Any ideas on how to have/force Fortigate databases to become updated.
View 1 Replies
View Related
Jun 17, 2008
in one of my servers i have this line in my ConfigServer Security & Firewall:
190.28.118.155 # lfd: 10 (suhosin) login failures from 190.28.118.155 - Mon Jun 16 23:27:50 2008
is this ok? i mean... its an attack of some sort? i know suhosin is meant to increase php security, so its blocking an attack right?
View 0 Replies
View Related
Apr 29, 2008
I have blocked this IP 125.115.144.28
/etc/apf/apf -d 125.115.144.28
But
netstat -anp|grep tcp|awk '{print $5}'| cut -d : -f1 | sort | uniq -c | sort -n
It still showing
202 125.115.144.28
Why?
Is it supposed to blocked right away, or need some time to get blocked.
When I checked /etc/apf/deny_hosts.rules
The IP is in the file.
View 12 Replies
View Related
