Mailing List Archive: exim: users

Other IP checking than SPF

Index | Next | Previous | View Threaded

a.smith at ukgrid

May 12, 2008, 9:05 AM

Post #1 of 8 (306 views)
Permalink

Other IP checking than SPF

Hi list,

appologies that this isnt specifically Exim related, however Im having the following problem from a customer attempting to relay email via our Exim servers:

We are getting an

SMTP error from remote mail server after MAIL FROM:<hello[at]yellowcom.com>
SIZE=1892:
host mail.itcuk.net [195.226.40.68]: 550 Sorry, <hello[at]yellowcom.com> is
not allowed access from your location

So it seems the remote host is doing some check that we are genuinely sending for the domain, however there is no SPF record for the domain. Does anyone know what other methods of checking the senders IP address could be causing the issue?

thanks for any clues! Andy.
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

renaud at llorien

May 12, 2008, 9:12 AM

Post #2 of 8 (290 views)
Permalink

Re: Other IP checking than SPF [In reply to]

Andy Smith wrote:
>
> SMTP error from remote mail server after MAIL FROM:<hello[at]yellowcom.com>
> SIZE=1892:
> host mail.itcuk.net [195.226.40.68]: 550 Sorry, <hello[at]yellowcom.com> is
> not allowed access from your location
>
> So it seems the remote host is doing some check that we are genuinely sending for the domain, however there is no SPF record for the domain. Does anyone know what other methods of checking the senders IP address could be causing the issue?
>

country based blacklists?

Attachments:

smime.p7s (3.21 KB)

wbh at conducive

May 12, 2008, 9:37 AM

Post #3 of 8 (291 views)
Permalink

Re: Other IP checking than SPF [In reply to]

Andy Smith wrote:
> Hi list,
>
> appologies that this isnt specifically Exim related, however Im
> having the following problem from a customer attempting to relay
> email via our Exim servers:
>
> We are getting an
>
>
> SMTP error from remote mail server after MAIL
> FROM:<hello[at]yellowcom.com> SIZE=1892: host mail.itcuk.net
> [195.226.40.68]: 550 Sorry, <hello[at]yellowcom.com> is not allowed
> access from your location
>
> So it seems the remote host is doing some check that we are genuinely
> sending for the domain, however there is no SPF record for the
> domain. Does anyone know what other methods of checking the senders
> IP address could be causing the issue?
>
>
> thanks for any clues! Andy.

More helpful if we knew both sending and receiving MTA info...

But form what we have been shown, it probably is not the sender's IP
that is causing the rejection.

The entry indicates your are in smtp_mail_from, ergo:

- smtp_connect, where the IP is the only thing you are sure of.

and

- smtp_helo where you *should* have seen a FQDN, but do not always get
such,

... have already passed, and shoudl not hve thrown a flag as:

host -v on the IP or <domain>.<tld> you posted shows what appears to be
proper MX and PTR RR, further reducing the probability that it is
IP-related.

Could it be a domain and/or user[at]domain specific local blacklist?

We use these extensively. Some kick at mail_from, others await
smtp_rcpt_to to allow matched correspondent (only) whitelisting.

HTH,

Bill

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

a.smith at ukgrid

May 12, 2008, 9:46 AM

Post #4 of 8 (291 views)
Permalink

Re: Other IP checking than SPF [In reply to]

Thanks for the idea! but not in this case I don't believe so, our servers
and the mail servers of the domain in question are hosted in the same
country (UK)....

----- Original Message -----
From: "Renaud Allard" <renaud[at]llorien.org>
To: "Andy Smith" <a.smith[at]ukgrid.net>
Cc: <Exim-users[at]lists.exim.org>
Sent: Monday, May 12, 2008 6:12 PM
Subject: Re: [exim] Other IP checking than SPF

>
>
> Andy Smith wrote:
>>
>> SMTP error from remote mail server after MAIL
>> FROM:<hello[at]yellowcom.com>
>> SIZE=1892:
>> host mail.itcuk.net [195.226.40.68]: 550 Sorry, <hello[at]yellowcom.com>
>> is
>> not allowed access from your location
>>
>> So it seems the remote host is doing some check that we are genuinely
>> sending for the domain, however there is no SPF record for the domain.
>> Does anyone know what other methods of checking the senders IP address
>> could be causing the issue?
>>
>
> country based blacklists?
>

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

a.smith at ukgrid

May 12, 2008, 10:18 AM

Post #5 of 8 (284 views)
Permalink

Re: Other IP checking than SPF [In reply to]

Thanks Bill,

Actually I didnt completely understand what my customer was trying to do,
I was doing a kneejerk "what can cause a 550 error?".
Upon more careful examination the problem arises when they try and relay an
email with a from address of domain X to the servers that actually host
email for domain X. So to be fair not all together surprising they dont like
it much, even tho I have to add this is for ligitimate purposes!! :P
Anyway we will need to contact the service provider hosting the email for
the domain in question to see if they can modifying their systems to allow
us to send mail to them...

thanks for the help! cheers Andy.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

iane at sussex

May 12, 2008, 10:23 AM

Post #6 of 8 (284 views)
Permalink

Re: Other IP checking than SPF [In reply to]

--On 13 May 2008 00:37:04 +0800 W B Hacker <wbh[at]conducive.org> wrote:

>
> Could it be a domain and/or user[at]domain specific local blacklist?
>
> We use these extensively. Some kick at mail_from, others await
> smtp_rcpt_to to allow matched correspondent (only) whitelisting.
>

So, how is the sender supposed to contact postmaster@

--
Ian Eiloart
IT Services, University of Sussex
x3148

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

wbh at conducive

May 12, 2008, 10:35 AM

Post #7 of 8 (283 views)
Permalink

Re: Other IP checking than SPF [In reply to]

Ian Eiloart wrote:
>
>
> --On 13 May 2008 00:37:04 +0800 W B Hacker <wbh[at]conducive.org> wrote:
>
>>
>> Could it be a domain and/or user[at]domain specific local blacklist?
>>
>> We use these extensively. Some kick at mail_from, others await
>> smtp_rcpt_to to allow matched correspondent (only) whitelisting.
>>
>
> So, how is the sender supposed to contact postmaster@
>

How does any blacklisted miscreant contact a reluctant victim?

WHOIS and a postage stamp, I suppose....

Though I've not yet seen a Win-Zombie reach out and use either..

;-)

Bill

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

wbh at conducive

May 12, 2008, 10:47 AM

Post #8 of 8 (287 views)
Permalink

Re: Other IP checking than SPF [In reply to]

Ian Eiloart wrote:
>
> --On 13 May 2008 00:37:04 +0800 W B Hacker <wbh[at]conducive.org> wrote:
>
>> Could it be a domain and/or user[at]domain specific local blacklist?
>>
>> We use these extensively. Some kick at mail_from, others await
>> smtp_rcpt_to to allow matched correspondent (only) whitelisting.
>>
>
> So, how is the sender supposed to contact postmaster@
>

" others await smtp_rcpt_to to allow matched correspondent (only)
whitelisting. "

postmaster@, hostmaster@, abuse@ where '@' may be followed with either:

- one of the hosted <domain>.<tld>

or

- one of the server's IP's as a literal

.... get just that sort of special treatment. Along with other tests to
insure they are not garbage of another kind...

Exim can do amazingly fine-grained assessment with a 2,000+ line
configure file...

;-)

Bill

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com