Exchange using Smarthost email marked as spam
Hi There
We are having some issues with proofpoint spam, they are saying our setup isn't correct -
SETUP
- we have an on premises exchange server
- we have an email mailbox host who [COLOR=rgb(85, 85, 85)]scans it etc and collects email in a mailbox
- popgrabber software gets the email from the mailbox at mailbox host and puts it into the exchange server for users
- exchange sends through a smart host send connector
- we can't send through mailbox host as smart host uses one email user (smartconnector@domainx.com) to authenticate so emails come out for jen@domainx.com as "smartconnector@domainx.com on behalf of jen@domainx.com"
- Due to this we setup a vps running cpanel as a relay
- we create in WHM a new account domainx.com and put in an email address smartconnector@domainx.com
- then we use the IP of the vps as the smart host and the email as authentication
PROBLEMS
- 1) we can send using "basic authentication" through one domain domainY.com fine, but when we use basic authentications on domainX.com it doesn't work and we have to specify a trusted IP for the client and use "none".
both domains have accounts on cpanel and email setup the same, would different versions of exchange do this or do we have to change something our end to enable this on both
- 2) we can send to anyone fine apart from proofpoint clients - we have been in touch and they say
[QUOTE]You are sending large volume of messages from a generic rDNS record, you will need to identify yourselves properly in your rDNS PTR record before Proofpoint can mitigate the issue
is this due to the mail coming in to the mailbox host and going out from the VPS? we have spf records in our domains for the VPS IP and hostname thanks in advance for any help
is this due to the mail coming in to the mailbox host and going out from the VPS? we have spf records in our domains for the VPS IP and hostname thanks in advance for any help
-
Hi @Hmmcrunchy It looks like their complaint is the rDNS record: [QUOTE]You are sending large volume of messages from a generic rDNS record, you will need to identify yourselves properly in your rDNS PTR record before Proofpoint can mitigate the issue
- Do domainx and domainy both have the same IP address? If so do you have rDNS set up on this? You can check this by running something like:host
Where IPAddressHere is the IP of the domain/s0 -
HI Lauren sorry for the delay - crazy week we resolved the proofpoint issue, they were just blocking us then had to admit they had no evidence to do so, so let us through kindly (after 3 weeks) re the authentication both domains come into same shared host ( different package in the shared mailbox host so could be different IPs), then they both send out through the relay server domains are from different on premises exchange servers so different originating IPs but going through same server. I take it this setup isn't too bad with the trusted IPs ideally though (please correct me if im wrong) ive always wanted to have authentication on the outgoing server, to stop rogue machines or clients on the network sending unauthorised spam without the login details, but since we control these networks is that not as much of a problem ? 0 -
Hi @Hmmcrunchy Can you provide a specific example of what you mean? By default cPanel requires authentication for SMTP. Thanks! 0 -
Hi Lauren sure thing, so we bring email down to our shared mailbox host who do all the spam and scanning then grab the emails from it and push them into our exchange server since the exchange send connector sends from one address (eg send@domain.com), we cant send everyones mail through the shared mailbox host or we get "on behalf of" on them all as dave would come out as "send@ on behalf of dave" - part of the policy on the shared mailbox host so we have set up the relay server to send out. ive setup the account on cpanel domain.com then add in send@domain.com email address with password to the account then I set the send connector ( or my own software) to try to send through that email account and it fails, the only way ive found to allow it is to in the exim manager use "Bypass all SMTP sender verification checks (White List)" and add to the "Trusted SMTP IP addresses" to white list our IP to let the mail through ( assuming this then doesn't authenticate as any password will then work ) 0 -
@Hmmcrunchy the only way ive found to allow it is to in the exim manager use "Bypass all SMTP sender verification checks (White List)" and add to the "Trusted SMTP IP addresses" to white list our IP to let the mail through ( assuming this then doesn't authenticate as any password will then work )
Neither of those settings should allow for unauthenticated mail to be sent though. Could you open a ticket using the link in my signature so that we can take a closer look? Once it's opened please update this thread with the ticket ID. Thanks!0 -
Thanks Lauren Will do 0
Please sign in to leave a comment.
Comments
6 comments