!verify = helo
!verify = reverse_host_lookup
in exim acl and drop message if helo is not passed.
But one issue is this validates for users even having account in the server and trying to send mail using server account to someone else
I want to put validation for only incoming mails "to" this server
What i dont want is to validate the mails that authenticated smtp users send
I seem to be having a problem with domain forwarding in cPanel.
I have 3 cPanel accounts:
1) foobar.com.np with a POP3 account and forwarders for info@foobar.com.np. Works fine.
2) foobar.com with domain forwarding to foobar.com.np. Works fine too when I send an email to info@foobar.com.
3) foo.com.np with domain forwarding to foobar.com.np. Doesn't work! When I send a message to info@foo.com.np I get the following message in my Exim log:
Code:
2007-11-29 04:11:32 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IxgMm-0007DW-0m
2007-11-29 04:11:32 1IxgMm-0007DW-0m ** info@foo.com.np R=lookuphost T=remote_smtp: SMTP error from remote mail server after MAIL FROM:<noreply@********.com> SIZE=2059: host foo.com.np [74.86.*.*]: 554 5.7.1 Helo invalid(forged)
2007-11-29 04:11:32 cwd=/var/spool/exim 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1IxgMm-0007DW-0m
2007-11-29 04:11:32 1IxgMm-0007Da-Bd <= <> R=1IxgMm-0007DW-0m U=mailnull P=local S=2006 T="Mail delivery failed: returning message to sender"
2007-11-29 04:11:32 1IxgMm-0007DW-0m Completed
...
As you can see, this domain forwarder is not functioning like the other one (foobar.com) since the domain forwarder for foobar.com DOES actually work:
Code:
2007-11-29 03:58:21 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IxgA0-0002Gs-Vb
2007-11-29 03:58:21 1IxgA0-0002Gs-Vb => info <info@foobar.com> R=virtual_user T=virtual_userdelivery
2007-11-29 03:58:22 1IxgA0-0002Gs-Vb => *******@gmail.com <info@foobar.com> R=lookuphost T=remote_smtp H=gmail-smtp-in.l.google.com [209.85.133.27]
2007-11-29 03:58:22 1IxgA0-0002Gs-Vb -> *******@gmail.com <info@foobar.com> R=lookuphost T=remote_smtp H=gmail-smtp-in.l.google.com [209.85.133.27]
2007-11-29 03:58:22 1IxgA0-0002Gs-Vb Completed
It looks like Exim doesn't know that emails sent to info@foo.com.np should be a local delivery. I checked the file "/etc/vdomainaliases/foo.com.np" and it says:
Code:
foo.com.np: foobar.com.np
So that should be correct...
We had a non-client (not on our server) that was getting 550 email rejections when he attempted to email us due to having Sender Verify enabled.
In the past I figured Sender Verify was necessary for fighting spam, amongst other things, but have realized that we may be having more rejections than we know because we never hear about them.
Is there a general best practice in terms of enabling Sender Verify or leaving it off? I've never heard about complaints about rejects from legitimate emails senders, so it doesn't seem to be an issue, but then again, you really never know...
in the last few months Ive got a blacklist warning from spamcop over my server sending bounces and now I find out one of my ips is listed at [url]for doing sender verify and bounces.
I think both of which are ridiculous to blacklist for and I really think most of the anti-spam blacklist people are nothing more then money making rackets. But I guess it seems reasonable to disable these things as it would save some resources.
Anyway what I need to do I guess is only do bounces for local users and disable sender verify. What is the best way to do this with exim?
Every server I have to change is cpanel. Ive googled on this the last 2 days and cant find much info, Mailservers isnt my strong point for sure. Any advice Id appreciate.
UPDATE I found how to disable callouts [url]
Just trying to figure out how to disable bounces now
Problem: I am using to my Centos/Exim/Cpanel server to relay emails. The person who receives my email sees a helo that captures my ISP IP address and lastly the mail server for my domain along with its IP.
My ISP (Verizon) IP is constantly being flagged as a spam source by a variety of RBL's.
My domains have never sent spam and I only send a low volume of emails.
How can I remove my ISP helo IP address from being added to my outgoing email so that the only IP is the IP of domain sending the email?
Example Header:
Quote:
Received: from c-99-172-221-252.hlvd.va.verizon.net ([99.172.221.252]:3389 helo=[127.0.0.1]) <-- remove this part
by server.myserver.com with esmtpa (Exim 4.69)
(envelope-from <email@mydomain.com>)
id 1MLoYc-0004Ol-20
for friend@hotmail.com; Tue, 30 Jun 2009 21:24:18 -0400
I am on a VPS and set everything up myself. When I try and email a friend, I get it bounced back with the following message (with his email filtered):
<<< 550-5.7.1 {mx078} Sorry, your helo has been denied. <<< 550 5.7.1 [url] 550 5.1.1 <**********@gmx.co.uk>... User unknown
I'm pretty sure the user isn't unknown, I have checked and it is his email address. Can anyone tell me what is wrong, and if the problem is on my end or his, and if my end how I might go about fixing it?
I'd like to look at what my HELO configuration is but don't know how or where to look.
I am using a dedicated Linux/cPanel server. I'd like to make sure the HELO is configured correctly. My mailing software is EXIM.
I have a dedicated linux/cpanel server running various websites with the shared ip and one website with a dedicated ip.
But when sending mail through sendmail from the dedicated ip website the ip in the helo greeting is not matching the ip of the sender, it is using the main shared ip rather than the dedicated ip which is producing a 550 error from some receiving mail servers. I have racked my brains trying to figure this out and was wondering if anyone else has/had a similar experience and found a solution.
By the way the helo greeting sent in mail from the shared ip websites is fine...
Im trying to troubleshoot the exim install that was included with cpanel. I read that the helo response being localhost instead of a fully qualified domain can lead to mail be directed to the bulk mail folder.
Looking at the mail headers, this is indeed set this way:
Received: from www.mydomain.com ([my_ip_addr] helo=localhost)
How is this response determined and how can I have it be a fully qualified domain name instead?
domain1.com has two servers:
#Server PHP - hosts php and handles apache/mysql requests.
#Server 2 - handles mail and dns requests.
Yesterday we moved mail from # server 2 to a new mail server, a cPanel one, all mailboxes are created, users can send and recieve email using webmail, mail clients, etc.
But.. while trying to send mails using PHP authenticated from the #Server PHP/Apache/MySQL , we got this error from the mail servers:
Code:
We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. SMTP -> FROM SERVER: SMTP -> FROM SERVER: SMTP -> ERROR: HELO not accepted from server: SMTP -> get_lines(): $data was "" SMTP -> get_lines(): $str is "220-srv247.serverhost.com
This was working when mails were recieved/sent in Sendmail (an Ensim box), now with Exim 4.x on a cPanel box we got this issue.
Already added IP address from #server php into all Exim whitelists, also added the IP to /etc/alwaysrely, but didn't help.
Im using RHE 5.2 on the mail server and latest Release build.
I formatted my server and installed CENTOS 7 and PLESK 12. I have problems with cbl.abuseat.org. My ip enters in blacklist. I sent email to the support of abuseat.org and abuseat reply:
Please fix your HELO strings.
I check the my configuration and I think is correct:
- Reverse lookup is ok
- Hostname is ok (server.domain.tld)
But I have the file in /etc/sysconfig/network empty. There is only written: # Created by anaconda
Also, is correct the my etc/hosts file?
127.0.0.1 server.domain.tld server localhost4 localhost4.localdomain4
:: 1 server.domain.tld server localhost6 localhost6.localdomain6
Everytime I send an email from my out look or on the webmail I get the following error, its on my small vps running cpanel.
I have already re installed the mail server, installed a diffrent mail server, and also gone in the config and took this out in whm with no joy.
Code:
550 Access denied - Invalid HELO name (See RFC2821 4.1.1.1)
I've been plagued by CBL listing for quite some time now, on a linux server with Plesk 12.After months of a fierce fight against every possible malware on the about 120 various websites on this server, extensively monitoring clients emails, enabling restrictive policies and finally even hiring a private security firm to investigate the problems further, we were sure that not a single spam message was sent by our server in any way.
So we finally contacted CBL, exposed the issue and got this answer:The CBL attempts to detect compromised machines in a number of ways based upon the email that the CBL's mail servers receive.During this it tries distinguish whether the connections represent real mail servers by ensuring that each connection is claiming a plausible machine name for itself (via SMTP HELO), and not listing any IP that corresponds to a real mail server (or several mail servers if the IP address is a NAT firewall with multiple mail servers behind it). 54.194.XX.XXX was found to be using several different EHLO/HELO names during multiple connections on or about:
2015:01:09 ~16:30 UTC+/- 15 minutes (approximately 3 days, 21 hours, 14 minutes ago).
The names seen included: xxx1.xx, xxx2.xx, xxx3.xx, xxx4.xx, xx.xxx5.xx, veniceberg.com..Note that the above list may include one or more names that are not fully qualified DNS names (FQDNs). Host names (ie: Windows node names) without a dot are not FQDNs.
The final possibility is that 54.194.XX.XXX is not a NAT firewall, and is instead a single box with many domains provisioned on it, some that send email directly, setting the HELO as the sending domain. If this is the case, to prevent a relisting we strongly recommend setting the mail software on the box so that a single identifying name is used in outbound SMTP connections mail software on the box so that a single identifying name is used in outbound SMTP connections. As an alternate workaround, you can configure the mail software to relay its outbound email through an intermediate mail server. Even a co-resident mail server package (such as IIS on Windows) will do fine.​
This pointed me to this Plesk Mail setting (not sure if this selection is the default). Now we are waiting a few days to see if changing to "Send from domain IP addresses" solves the issue. I think this is a kind of issue which deserves attention by Parallels to avoid other users go trough our fatiguing ordeals. If this setting is responsible for getting servers blacklisted, it should be highly discouraged.
Seems this started when upgrading to a version of 12. It was working a few days ago and only seems to affect mailing lists. I found a google Cached thread here where Igor was assisting some folks as late as Aug 4 and referenced this was "reported to development (PPP-10678 for your reference)" it seems the forums on Parallels changed or something because several Google links are not working and resulting in having to used cached results for the two links below.
I am able to disable SPF and the e-mails go through just fine however this was working with SPF enabled before a recent upgrade.
Page 1
[URL] ....
Page 2
[URL] ....
This is the error message displayed in /var/log/maillog
Sep 24 01:38:35 controlpanel postfix/smtpd[3725]: connect from localhost[127.0.0.1]
Sep 24 01:38:35 controlpanel postfix/smtpd[3725]: D565017C013E: client=localhost[127.0.0.1]
Sep 24 01:38:35 controlpanel greylisting filter[3899]: Starting greylisting filter...
[Code] ....
I have a virtuozoo VPS and I want to know whether I actually have the 384 MB RAM I have been promised. how do I verify my guarenteed ram figure?
View 7 Replies View Relatedplease bear w/ me since this is my first time on launching a site online..
My site is being hosted by a free hosting company..
When I tried viewing the source code of my page some of the html tags are not seen like the <html>,<meta>,<head>...
and I can't seem to verify my site on google...
Verification status: NOT VERIFIED
Last attempt Jan 30, 2009: We've detected that your 404 (file not found) error page returns a status of 200 (Success) in the header.
why is this so?
Did the host delete those?
what should i do?
I have a Debian server with RAID 1 via hardware.
Could someone tell me how can i check the RAID status? ( if a hd failed or something like this ).
I had a server admin install a new drive in RAID 1 (mirrored drives). I'm not the best linux guy in the world... but is there a way either through linux, WHM/cPanel, etc. to check and verify that the drives are mirroring correctly? I just want to sleep soundly everynight knowing if a drive failed I'd have another drive up and going.
View 3 Replies View RelatedI have a domain: myname.com
whose nameservers have been already update to the new host's nameservers: ns1.myhost.com and ns2.myhost.com
The new NS for the domain was already propagated over 1 day ago.
However, it seems that myname.com is not yet resolving at myhost.
How can I check whether myname.com is on ns1.myhost.com nameservers?
I have yet no shell access, and it is shared hosting.
I´m seeing that a lot of servers are rejecting my emails showing this error:
451 - could not verify sender (callout)
Reverse DNS is working fine, and I couldnt see any kind of error on dnsstuff.com.
I´m using EXIM/CPANEL. I tried to send from one cpanel server to another cpanel server and I´m still getting error.
My server is using Centos 6.5... I updated from Plesk 11.5 to 12 last week and postfix to 2.8.17.
Since then, all mails sent using the sendmail binary (notifications, mail forwards...) are being rejected with a wrong HELO hostname: localhost.
It seems that sendmail is using locahost as a HELO tag which is not accepted. Here is the following error:
Code:
Jun 23 14:23:20 ns395167 plesk sendmail[29817]: handlers_stderr: SKIP
Jun 23 14:23:20 ns395167 plesk sendmail[29817]: SKIP during call 'check-quota' handler
Jun 23 14:23:20 ns395167 postfix/pickup[29480]: B94BC6AA20A6: uid=0 from=<root@curuba.fr>
Jun 23 14:23:20 ns395167 postfix/cleanup[29507]: B94BC6AA20A6: message-id=<20140623122320.B94BC6AA20A6@ns395167.ip-176-31-117.eu>
[Code] .....
Here is my postconf -n content:
Code:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
[code] .....
My system hostname seems correct:
Code:
hostname -f
ns395167.ip-176-31-117.eu
hostname
ns395167.ip-176-31-117.eu
This is just to recommend verifying your 404 error pages. We have found they have been replaced by junk advertising.
View 14 Replies View Relatedif there was a way of remotely verifying my dedicated server architecture.
The hosting is done through our design company who then use a 3rd party for hosting a number of sites, and as such I don't have direct access to server control panels etc.
Short of just taking their word for the fact that we have the servers we're supposed to, I was wondering if there's any way I can be sure. We're supposed to have dual web servers plus a database server.
in the last couple of days we really have problem accessing web service, while ftp, ssh, work fine. While we getting connection time out, the load on the server is really load around .2 and get numerous e-mail from Cpanel that httpd is failling and try to restart.
How can i do to check and verify that there a DDOS attack?
What step can i do to possibly minimize DDOS attack?
I recently purchased a new Dedi server, and got 100 MBPS Uplink. Now, I'm uploading 16GB size of files into this server, and I have a suspicious feeling that this upload speed is not what they told me. For the very 1st day, I opened a ticket and they said that they upgraded it to 100 mbps. I saw this speed was faster immediately. On 2nd day, it went down to around same slow speed before. Since then, I kept opening a new ticket and they said it was done, or sometimes I am under DDos attack..? What? I don't even have the site up yet! How come there is DDos attack?
Anyway, today I was told that I'm getting billed for this 100 mbps uplink, because it's a new service. What a crazy thing going on here... I am so tired of this ticket game and just don't understand why they don't commit what they told me initially.
Can anyone please tell me how I can verify and prove that I am having this 100 MBPS Uplink speed? The only thing I can tell with my eyes is that I can see those FTP upload progress bar. When it's very fast to upload one file, I assume that I have right speed.
But is there any tool or command that I can execute on the server shell, and tell them what I get as a proof?
If you enable ssl in apache, you can verify a client certificate. If so apache will create a environment variable for you with the name 'SSL_CLIENT_VERIFY' with values 'NONE, SUCCESS, GENEROUS or FAILED:reason'. URL....What is the meaning of this different values?
View 1 Replies View RelatedWe are facing an issue i.e "Can't verify server identity",When we hit the platform 'teampark.sogeti.com' from android mobile application.Whenever we hit teampark.sogeti.com from Mobile Application ( IBM connections android App), our initial request will hit our Reverse Proxy and Validates the user certificate and forward it to the next level.We are using Apache 2.2.9 as our Reverse Proxy.
View 10 Replies View Related