I've installed csf but i want to block local relay , and open mail auth because server sending spam mails above email@example.com and there isn't an email like this probably its a way for local email.
So there are lots of mails in queue on my mail server and firstname.lastname@example.org trying to send spam mail lots of people.
How to block this email sending ? It doesn't needed i can turn of completly localmail sending. Only domains can be send with auth its enough.
So basically it due to the MX change, it looks like it sees any incoming email (addressed to local domain) as relaying.
< gateway4.lastspam.com #5.1.1 SMTP; 550-gateway4.lastspam.com [188.8.131.52]:36995 is currently not permitted to relay>
2007-05-19 09:39:32 H=gateway4.lastspam.com [184.108.40.206]:37074 I=[xxx.xxx.67.88]:25 F=<email@example.com> rejected RCPT <firstname.lastname@example.org>: gateway4.lastspam.com [220.127.116.11]:37074 is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client.
So right now I'm getting lots of emails going out to a bunch of random email address with the message:
"Undelivered Mail Returned to Sender"
I have all accounts set to "Reject" and not send a reply to messages to undeliverables. The other thing is that these emails are being sent from "MAILER-DAEMON@rack.stnhost.com (Mail Delivery System)" Which is my server. So how do I stop this and why is it doing it.
I had this issue some minutes ago, i was trying to send a large email list using outlook, the email client didn't show any errors and delivered everything ok.. but mails never go out of the box... so I decided to search the logs and found this:
Code: 2007-08-15 14:07:41 H=xx.xx.xx.xx.dynamicip.rima-tde.net (email@example.com) [xx.xx.xx.xx] F=<firstname.lastname@example.org> rejected RCPT <email@example.com>: xx.xx.xx.xx.dynamicip.rima-tde.net (firstname.lastname@example.org) [xx.xx.xx.xx] is currently not permitted to relay through this server. Perhaps you have not logged into the pop/imap server in the last 30 minutes or do not have SMTP Authentication turned on in your email client. 2007-08-15 14:07:42 unexpected disconnection while reading SMTP command from xx.xx.xx.xx.dynamicip.rima-tde.net (email@example.com) [xx.xx.xx.xx] Authentication required was active at the email account configuration, everything was well configured.. it was a server wide error.
Searching over the net i found this solution: ran /scripts/mailperm and after that I added "127.0.0.1" to /etc/relayhosts list, restarted Exim and the problem was resolved, all mails were delivered OK.
My question is, what is the function of /etc/relayhosts, /scripts/mailperm (fixing mailbox permissions?) and /etc/localdomains ? Is it OK to have 127.0.0.1 in /etc/relayhosts list?
Our mail server seems to have been compromised. We had only 100 email relays on Godaddy for a day. So when the spammer maxed it out we could not send or receive email. We have done scans and also Godaddy researched and found no files compromised. But after blocking the IP address the problem remains. The account password was changed and also all email address passwords have been changed. They are logging in with courier. They said it could be a key capture program on a user's computer since this happened after passwords were changed. Is there anything else I can check? All computers have been scanned that check email for this account.
We are having issues on our server sending mail to certain people, we will get the below error message. However if i send the same address an email from my gmail they get it no problem.
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
****@****.in retry time not reached for any host after a long failure period
------ This is a copy of the message, including all the headers. ------
Return-path: <****@****.com> Received: from gw.****.com ([89.****.****.****]:16359 helo=[127.0.0.1]) by alpha.****.com with esmtpsa (TLSv1HE-RSA-AES128-SHA:128) (Exim 4.82) (envelope-from <stephen.****@****.com>) id 1X2dc8-00020k-3r
Since many days i have been facing issues with the emails, ie whenever mails are sent / forwarded from my server ( in case a email account has forwarder set to @gmail) , gmail always rejects message and i get something like :
"SMTP error from remote mail server after end of data: host gmail-smtp-in.l.google.com [18.104.22.168]: 550-5.7.1 [My server ip] Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam..."
I have the following setup :-
1) Server host is set as :- serverone.xxxx.co.uk (domain removed) My domain mail is hosted on google apps for domain and the server's main contact email (WHM/Cpanel) also belongs to this domain.
2) I have Set DKIM signatures and SP records too.
3) however when i run dig -x 22.214.171.124
I get 240.12.228.109.in-addr.arpa. 21599 IN PTR server109-228-12-240.live-servers.net.
4) While diagnosing the failed email i have found that many email that gets rejected have
We would like to use our EXIM mail server at ourdomain.net to send messages from email addresses at ourdomain.com. I have tried to send messages through the .net mailserver but I received SMTP Auth errors, I guess because the sending server is expecting messages to originate at .net and not .com.
How to configure EXIM to allow delivery of emails based on ourdomain.com?
I have one user who is getting hacked a lot and the account is sending out spam emails. I want to disable just his account from being able to send mail at all until he can get his script updated or changed. Any way to do this?
I have a Server with Linux/Cpanel, which is hosted about 55 clients (sites, e-mails, etc…), because vulnerability of these clients, some people are sending SPAM without using any e-mail account from the mail server, by the way our mail server is Exim. I would like to know how could I block this type of send e-mail in the server?
If you would like to send out all mail from your cPanel Server via a remote smtp relay this can be accomplished by going to the exim configuration editor and making a few simple changes. Many ISPs block port 25 outbound so this can come in pretty handy when needing to send mail from the server. Depending on the SMTP relay provider it should send the emails out directly as the user that sends them in, such as cPanel/WHM notifications, webmail or their scripts. However there are some providers for instance like gmail which force the from user as the smtp authenticator. So you will have to determine which provider to use. Some ISPs allowing using their systems for smtp authentication and will send the email as the user it was sent from and not your ISP email address.
To setup a remote smtp relay with authentication login to WHM and then proceed to the following location Home »Service Configuration »Exim Configuration Manager and click the Advanced Editor tab.
On this page look for each of the sections below and enter the information below that section into the corresponding boxes in the configuration editor. Make sure to update this information with your smtp server, username and password.
Once you have finished adding the above to all the appropriate sections, simply scroll to the bottom of the page and click save. It will automatically apply the settings and restart exim. Now anytime you send mail out it will be routed out through the remote smtp relay.
CPanel with Exim, mostly default configuration. Tested on two servers, both with current CPanel, CloudLinux and LiteSpeed. One 'light' dedicated server (quad core, 8GB RAM); the other a very beefy dedicated server (Octa core, 32GB RAM).
Interspire starts sending but stops at +/- 200 emails. This happens both using PHP mail and using SMTP with Amazon SES.
And doing a chmod results in an operation not permitted. To add also, this server was reported to be attacking other sites using WP exactly on the same date on exim's last logs. I'm not sure if the two are related. How can I get my exim up and running again?
I'm running Apache 2.4.7 on a RHEL 6.4 server. I'm using the Oracle WebLogic Proxy Plugin ver 12.c to connect to a back end server.What's happening is that Apache answers URL.. and proxies the request via the WebLogic Proxy Plugin to internal.blah.com. Unfortunately, the downstream system encounters a problem and issues an http 302 redirect to internal.blah.com/whathappened. I would like to have Apache intercept this http 302 and redirect the client to URL...
Of course, you need to past your own real values here. Then you need to launch this script every minute since the server restarted and follow the logs of what is happening there.
2) As we see you are using Microsoft FTP Service. The most probable reason for this is the issue with windows mail function - either the service itself is not reliable or it is just set incorrectly. Our administrator says that the issue with mail sending on this server happens quite often. So you can try to google the problem with the queue of windows mail function, for sure there must be some more advice as to how to resolve this.
It is possible that there is set a restriction on the order of the sending mail so when the queue is full, the mail stops sending.
Anyway that's all that we can advise you on this case because if the notification is sent at all then it means this function is working in our shopping cart and the issue is with something else.
i have problem in my server from 2 weeks ago server stop sending mail to yahoo and hotmail but to gmail send good without any problem i make SPF and add it for all domains after that mail worked Good in 1 day after that the problem come again
I know how to do this by analysing the headers, but we have a customers who doesn't believe what we are telling them.
Is there some kind of 3rd party service or script that we can point them to? So they can send an email to the service (or paste headers, or whatever) and it tells them who is the sending mail server hostname/ip?
(The problem is that this customer doesn't understand that all email sent from the server uses the same SMTP server hostname/ip. They are convinced that if they connect to "mail.their domain.com" then this is what is reported as the sending mail server/IP.)