Skip to main content

Rejected relay attempt

Comments

7 comments

  • cPanelMichael
    Hello, Could you let us know the output from /var/log/exim_mainlog for that message ID? EX:
    exigrep 1dQTy1-0008gO-sT /var/log/exim_mainlog
    Thank you.
    0
  • cuzzmunger
    Thanks for the reply Michael, I got no data back from that command. I did find it manually in the log.
    2017-06-29 17:34:21 SMTP connection identification H=pa49-180-135-47.pa.nsw.optusnet.com.au A=49.180.135.47 P=33380 U=trent ID=508 S=trent@domain-name.com.au B=get_recent_authed_mail_ips_entry 2017-06-29 17:34:21 H=pa49-180-135-47.pa.nsw.optusnet.com.au ([10.109.203.224]) [49.180.135.47]:33380 X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no F= rejected RCPT : Rejected relay attempt: '49.180.135.47' From: 'trent@domain-name.com.au' To: 'person@hotmail.com' 2017-06-29 17:34:21 H=pa49-180-135-47.pa.nsw.optusnet.com.au ([10.109.203.224]) [49.180.135.47]:33380 Warning: Sender rate 1.0 / 1h 2017-06-29 17:34:21 SMTP connection from pa49-180-135-47.pa.nsw.optusnet.com.au ([10.109.203.224]) [49.180.135.47]:33380 lost while reading message data
    0
  • cPanelMichael
    -06-29 17:34:21 SMTP connection from pa49-180-135-47.pa.nsw.optusnet.com.au ([10.109.203.224]) [49.180.135.47]:33380 lost while reading message data

    Do you notice any corresponding entries in /var/log/maillog that appear at the same time as the error messages referenced above? Also, do you have Greylisting enabled via "WHM >> Home " Email " Greylisting" on this server? Thank you.
    0
  • cuzzmunger
    Hi Michael, We don't have Greylisting on. Here is the mail log from about the same time. I have placed xxx for other customers and domain-name for the person in question. I hope this helps
    Jun 29 17:33:35 vr4 dovecot: imap(__cpanel__service__auth__imap__h6b5wwyol0adxlqvfmukgbpyh5yxb1lykgjjglnhrlfxm_4l5znyhxrhwkixbyjz): Logged out in=11, out=462, bytes=11/462 Jun 29 17:33:43 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=144.132.209.27, lip=184.168.72.117, mpid=13839, TLS, session= Jun 29 17:33:43 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13841, TLS, session= Jun 29 17:33:43 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13843, TLS, session= Jun 29 17:33:43 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13846, TLS, session=<1o/5URRTXIIxtIcv> Jun 29 17:33:43 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13849, TLS, session= Jun 29 17:33:44 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=13856, secured, session= Jun 29 17:33:44 vr4 dovecot: imap(xxx@xxx.xxx): Logged out in=92, out=1031, bytes=92/1031 Jun 29 17:33:46 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=13860, secured, session= Jun 29 17:33:46 vr4 dovecot: imap(xxx@xxx.xxx): Logged out in=93, out=1022, bytes=93/1022 Jun 29 17:33:50 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13862, TLS, session= Jun 29 17:33:53 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13872, TLS, session= Jun 29 17:33:59 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=144.132.209.27, lip=184.168.74.116, mpid=13883, TLS, session= Jun 29 17:34:09 vr4 dovecot: pop3-login: Login: user=, method=PLAIN, rip=14.200.38.147, lip=184.168.72.117, mpid=13899, TLS, session= Jun 29 17:34:12 vr4 dovecot: pop3(trent@domain-name.com.au): Disconnected: Logged out top=0/0, retr=0/0, del=0/14093, size=5224633864, bytes=24/543263 Jun 29 17:34:24 vr4 dovecot: pop3-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=80.82.77.139, lip=184.168.72.64, session= Jun 29 17:34:45 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=13948, secured, session= Jun 29 17:34:46 vr4 dovecot: imap(xxx@xxx.xxx): Logged out in=92, out=1031, bytes=92/1031 Jun 29 17:34:47 vr4 dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=13953, secured, session=<68LFVRRTLNZ/AAAB> Jun 29 17:34:47 vr4 dovecot: imap(xxx@xxx.xxx): Logged out in=93, out=1030, bytes=93/1030 Jun 29 17:34:57 vr4 dovecot: pop3-login: Login: user=, method=PLAIN, rip=184.168.72.117, lip=184.168.72.117, mpid=13978, secured, session= Jun 29 17:34:57 vr4 dovecot: pop3(xxx@xxx.xxx): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0, bytes=12/43
    0
  • cPanelMichael
    Hello, Could you open a support ticket using the link in my signature so we can take a closer look? Thank you.
    0
  • cuzzmunger
    Thanks Michael, I have submitted a ticket. Thanks again.
    0
  • cPanelMichael
    Hello, To update, it appears the affected user needed to enable "SMTP Authentication" in their email client. Thank you.
    0

Please sign in to leave a comment.