cPanel rejecting Exchange emails (large number of recipients)
AnsweredGood morning,
I have a client who has emails in our cPanel environment (it is the current MX server for the domain), but also has some mailboxes in Microsoft Exchange (Outlook). He is facing some problems when sending emails to a large number of recipients.
Example:
cPanel Server Accounts (MX of domain-client.com):
email-cpanel01@domain-client.com
email-cpanel02@domain-client.com
email-cpanel03@domain-client.com
...
email-cpanel99@domain-client.com
-----
Exchange Accounts:
email-exchange100@domain-client.com
email-exchange101@domain-client.com
email-exchange102@domain-client.com
...
email-exchange200@domain-client.com
Note: Obviously the accounts and domains above are fictitious for the client's security.
1- When the client sends a message from the email-exchange100@domain-client.com account to a few recipients that are hosted on the cPanel Server (email-cpanel01@domain-client.com and email-cpanel02@domain-client.com) the message is delivered normally. See cPanel logs:
2024-09-17 13:40:04 1sqbFD-00000002PMz-3Ziv H=mail-dm6nam12on2118.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com) [40.107.243.118]:52833 : Message has been scanned: no virus or other harmful content was found
2024-09-17 13:40:05 1sqbFD-00000002PMz-3Ziv H=mail-dm6nam12on2118.outbound.protection.outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com) [40.107.243.118]:52833 Warning: "SpamAssassin as clientaccount detected message as NOT spam (3.1)"
2024-09-17 13:40:05 1sqbFD-00000002PMz-3Ziv <= email-exchange100@domain-client.com H=mail-dm6nam12on2118.outbound.protection .outlook.com (NAM12-DM6-obe.outbound.protection.outlook.com) [40.107.243.118]:52833 P=esmtps id=CPUPR80MB6130DB461FE0C80CA014656EDE612@CPUPR80MB6130.lamprd80.prod.outlook.com T="RES: SUBJECT - SENDING TEST 01" for email-cpanel01@domain-client.com email-cpanel02@domain-client.com
2024-09-17 13:40:05 c wd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1sqbFD-00000002PMz-3Ziv 2024-09-17 13:40:05 1sqbFD-00000002PMz-3Ziv => email-cpanel01 <email-cpanel01@domain-client.com> R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 <email-cpanel01@domain-client.com> gL/+G+Ww6WaTnwgAKM8/rA Saved"
2024-09-17 13:40:05 1sqbFD-00000002PMz-3Ziv -> email-cpanel02 <email-cpanel0 2@domain-client.com> R=virtual_user T=dovecot_virtual_delivery C="250 2.0.0 <email-cpanel01@domain-client.com> gL/+G+Ww6WaTnwgAKM8/rA:R2 Saved"
2024-09-17 13:40:05 1sqbFD-00000002PMz-3Ziv Completed
2- When the client sends an email from the account email-exchange100@domain-client.com to several recipients that are hosted on the cPanel Server (email-cpanel01@domain-client.com, email-cpanel02@domain-client.com, ..., email-cpanel13@domain-client.com) the message is not delivered. See cPanel logs:
2024-09-16 16:07:55 H=mail-bn8nam11lp2174.outbound.protection.outlook.com (NAM11-BN8-obe.outbound.protection.outlook.com) [104.47.58.174]:43305 HA384:256 CV=no F=<email-exchange100@domain-client.com> rejected RCPT <email-cpanel01@domain-client.com>: "Number of failed recipients exceeded. Come back in a few hours."
2024-09-17 12:03:35 1sqZjp-00000001rqY-0TLv <= email-exchange100@domain-client.com H=mail-co1nam11lp2173.outbound.protection.outlook.com (NAM11-CO1-obe.outbound.protection.outlook.com) [104.47.56.173]: 32256 P=esmtps SUBJECT - SENDING TEST 02" for email-cpanel01@domain-client.com email-cpanel02@domain-client.com email-cpanel03@domain-client.com email-cpanel04@domain-client.com email-cpanel05@domain-client.com email-cpanel06@domain-client.com email-cpanel07@domain-client.com email-cpanel08@domain-client.com email-cpanel09@domain-client.com email-cpanel09@domain-client.com email-cpanel10@domain-client.com email-cpanel11@domain-client.com email-cpanel12@domain-client.com email-cpanel13@domain-client.com
There is also this error message in the logs:
Rejected relay attempt: '104.47.58.174' From: 'email-exchange100@domain-client.com' To: 'email-cpanelXX@domain-client.com'
3 - When the client sends from a cPanel account with multiple recipients who are also in cPanel (local relay), the same problem does not occur.
Is this normal behavior?
I looked in the EXIM documentation for a possible limitation on the number of recipients, but I did not find it. The "deny_rcpt_soft_limit (Maximum message recipients (soft limit))" option in the "Exim Configuration Manager" is not enabled.
-
Hey there! Yes, this is expected behavior on the system. In cPanel >> Exim Configuration Manager, we have the following options related to this error you're seeing:
- Dictionary attack protection
- Ratelimit suspicious SMTP servers
- Ratelimit incoming connections with only failed recipients
The best solution would be to ensure that all the email-cpanel01 through email-cpanel100 addresses are all working properly. If the failures quit happening, you'll quit receiving that bounce error.
You can also turn those settings off if you don't think it will cause any issues with your configuration.
0 -
Hello cPRex,
Thank you for your attention to my case. When you say "to ensure that all the email-cpanel01 through email-cpanel100 addresses are all working properly" do you believe it could be something related to Exchange? I'm sure the accounts that are working on the cPanel infrastructure are working correctly, as there were no problems until some boxes were changed from the client to Outlook.
Regarding deactivating the resources you mentioned, I believe it is not the best option, as it is a shared environment and not dedicated to this client.
Can you tell me if using separate email boxes on two providers (one of them being cPanel) is a good practice or the best way to do this? The cPanel's email routing is set to "Local", perhaps this could impact this situation?
0 -
*Something* is telling Exchange that some of those email addresses are failing. I'm not sure which addresses based on the log data here, but cPanel can't deliver to some of the addresses for some reason.
No, I think you have things configured properly. Personally, I probably wouldn't try that type of split delivery and I've put everything on one side or the other, but that's personal preference.
0 -
Hello,
Just an update on my case. After doing some research and testing in my environment, I was able to solve my problem. I believe that due to the high number of senders, a large number of relay attempts were generated over a short period of time from Exchange to cPanel. I believe that Exim interpreted this as a possible attack and blocked the receipt of these messages. I was able to get around the situation by including the Exchange Online IPs in these Exim lists:
Exim Configuration Managar > Access Lists > "Trusted SMTP IP addresses" and "Sender verification bypass IP addresses".
I got the IPs through the link: https://learn.microsoft.com/pt-br/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide
After I made this adjustment, I had no more problems.
0 -
Nice! I'm glad you found a good solution for that issue!
0
Please sign in to leave a comment.
Comments
5 comments