Rejected relay attempt
Hi Everyone, I've been having an issue with a customer relaying through optusnet in Australia.
This has been going on for some time. I originally had spf & dkim running fine for a long time until a few updates ago.
I've turned off SPF now but I had added many of the optusnet ip address's and to no avail.
The error is:
I would really like to work this out. CENTOS 6.9 x86_64 standard cPanel & WHM 64.0 (build 29) How can I allow optusnet to relay through the server? Any help appreciated Thanks Kim.
Delivery Event Details
Event: rejected
Sender User: -remote-
Sender Domain:
Sender: trent@domain-name.com.au
Sent Time: Jun 29, 2017 5:34:17 PM
Sender Host: pa49-180-135-47.pa.nsw.optusnet.com.au
Sender IP: 49.180.135.47
Authentication: unauthorized
Spam Score: 0
Recipient: person@hotmail.com
Delivered To:
Delivery User:
Delivery Domain: hotmail.com
Router: reject
Transport: **rejected**
Out Time: Jun 29, 2017 5:34:17 PM
ID: 1dQTy1-0008gO-sT
Delivery Host: pa49-180-135-47.pa.nsw.optusnet.com.au
Delivery IP: 49.180.135.47
Size: 0 bytes
Result: Rejected relay attempt: '49.180.135.47' From: 'trent@domain-name.com.au' To: 'person@hotmail.com'
I would really like to work this out. CENTOS 6.9 x86_64 standard cPanel & WHM 64.0 (build 29) How can I allow optusnet to relay through the server? Any help appreciated Thanks Kim.
-
Hello, Could you let us know the output from /var/log/exim_mainlog for that message ID? EX: exigrep 1dQTy1-0008gO-sT /var/log/exim_mainlog
Thank you.0 -
Thanks for the reply Michael, I got no data back from that command. I did find it manually in the log. 2017-06-29 17:34:21 SMTP connection identification H=pa49-180-135-47.pa.nsw.optusnet.com.au A=49.180.135.47 P=33380 U=trent ID=508 S=trent@domain-name.com.au B=get_recent_authed_mail_ips_entry 2017-06-29 17:34:21 H=pa49-180-135-47.pa.nsw.optusnet.com.au ([10.109.203.224]) [49.180.135.47]:33380 X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no F= rejected RCPT : Rejected relay attempt: '49.180.135.47' From: 'trent@domain-name.com.au' To: 'person@hotmail.com' 2017-06-29 17:34:21 H=pa49-180-135-47.pa.nsw.optusnet.com.au ([10.109.203.224]) [49.180.135.47]:33380 Warning: Sender rate 1.0 / 1h 2017-06-29 17:34:21 SMTP connection from pa49-180-135-47.pa.nsw.optusnet.com.au ([10.109.203.224]) [49.180.135.47]:33380 lost while reading message data
0 -
-06-29 17:34:21 SMTP connection from pa49-180-135-47.pa.nsw.optusnet.com.au ([10.109.203.224]) [49.180.135.47]:33380 lost while reading message data
Do you notice any corresponding entries in /var/log/maillog that appear at the same time as the error messages referenced above? Also, do you have Greylisting enabled via "WHM >> Home " Email " Greylisting" on this server? Thank you.0 -
Hi Michael, We don't have Greylisting on. Here is the mail log from about the same time. I have placed xxx for other customers and domain-name for the person in question. I hope this helps Jun 29 17:33:35 vr4 dovecot: imap(__cpanel__service__auth__imap__h6b5wwyol0adxlqvfmukgbpyh5yxb1lykgjjglnhrlfxm_4l5znyhxrhwkixbyjz): Logged out in=11, out=462, bytes=11/462 Jun 29 17:33:43 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=144.132.209.27, lip=184.168.72.117, mpid=13839, TLS, session= Jun 29 17:33:43 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13841, TLS, session= Jun 29 17:33:43 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13843, TLS, session= Jun 29 17:33:43 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13846, TLS, session=<1o/5URRTXIIxtIcv> Jun 29 17:33:43 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13849, TLS, session= Jun 29 17:33:44 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=13856, secured, session= Jun 29 17:33:44 vr4 dovecot: imap(xxx@xxx.xxx): Logged out in=92, out=1031, bytes=92/1031 Jun 29 17:33:46 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=13860, secured, session= Jun 29 17:33:46 vr4 dovecot: imap(xxx@xxx.xxx): Logged out in=93, out=1022, bytes=93/1022 Jun 29 17:33:50 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13862, TLS, session= Jun 29 17:33:53 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13872, TLS, session= Jun 29 17:33:59 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=144.132.209.27, lip=184.168.74.116, mpid=13883, TLS, session= Jun 29 17:34:09 vr4 dovecot: pop3-login: Login: user=, method=PLAIN, rip=14.200.38.147, lip=184.168.72.117, mpid=13899, TLS, session= Jun 29 17:34:12 vr4 dovecot: pop3(trent@domain-name.com.au): Disconnected: Logged out top=0/0, retr=0/0, del=0/14093, size=5224633864, bytes=24/543263 Jun 29 17:34:24 vr4 dovecot: pop3-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=80.82.77.139, lip=184.168.72.64, session= Jun 29 17:34:45 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=13948, secured, session= Jun 29 17:34:46 vr4 dovecot: imap(xxx@xxx.xxx): Logged out in=92, out=1031, bytes=92/1031 Jun 29 17:34:47 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=13953, secured, session=<68LFVRRTLNZ/AAAB> Jun 29 17:34:47 vr4 dovecot: imap(xxx@xxx.xxx): Logged out in=93, out=1030, bytes=93/1030 Jun 29 17:34:57 vr4 dovecot: pop3-login: Login: user=, method=PLAIN, rip=184.168.72.117, lip=184.168.72.117, mpid=13978, secured, session= Jun 29 17:34:57 vr4 dovecot: pop3(xxx@xxx.xxx): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0, bytes=12/43
0 -
Hello, Could you open a support ticket using the link in my signature so we can take a closer look? Thank you. 0 -
Thanks Michael, I have submitted a ticket. Thanks again. 0 -
Hello, To update, it appears the affected user needed to enable "SMTP Authentication" in their email client. Thank you. 0
Please sign in to leave a comment.
Comments
7 comments