Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: exim: users

Recipient checking wrong server name?

 

 

exim users RSS feed   Index | Next | Previous | View Threaded


iainhouston at mac

Apr 30, 2012, 2:03 AM

Post #1 of 5 (559 views)
Permalink
Recipient checking wrong server name?

We are getting a percentage of "Not configured to relay" rejections when we send out
our newsletters. I rent a Cloud Server from 1&1 where I run our.nonprofit.com and a couple of others.
Most recipients' MTAs produce no such rejections ... is it an issue with our exim's setup or their MTA's setup?

I'd be very grateful for the benefit of greater experience than mine as I am about to go live
with another nonprofit client's website with a much larger set of newsletter recipients.

Best regards - iain Houston

Some diagnostic data:
==========================================================
Our HELO, Return-path, and Envelope-from values are what I expect, namely "our.nonprofit.com".
But somehow "our.rented.server.com" is coming into the equation
although I don't see this when I do:
swaks -f webmaster [at] our -t rejecting.user [at] rejecting -tls -s localhost
==========================================================

==========================================================
This shows how our server is set up:
$uname -a && hostname -f'
Linux our.server.machine.com 3.0.0-17-server #30-Ubuntu ...
our.server.machine.com
==========================================================

==========================================================
This shows the IP Address and Reverse DNS of the rented machine::
$host 222.222.222.222
222.222.222.222.in-addr.arpa domain name pointer our.rented.server.com.
==========================================================

==========================================================
I have no control over /etc/hosts as 1&1 reconstruct it on boot
$cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
222.222.222.222 our.rented.server.com our
222.222.222.222 another.rented.server.com
==========================================================

==========================================================
This is a typical problem mail rejection message:
rejecting.user [at] rejecting R=dnslookup T=remote_smtp:
SMTP error from remote mail server after RCPT TO:<rejecting.user [at] rejecting>:
host mailgw.rejecting.com [111.111.111.111]: 501 This
system is not configured to relay mail (r) from <newsletter [at] our>
to <rejecting.user [at] rejecting> for our.rented.server.com
==========================================================

==========================================================
This is extracted about the only server-specific parameter from exim -bP
primary_hostname = our.server.machine.com
==========================================================

==========================================================
our.nonprofit.com's DNS has valid SPF and DKIM TXT records:
our.server.machine.com is an SPF-designated server for our.nonprofit.com,
(although our.rented.server is not - but are they raising and SPF error?) hence:
================================================
Summary of Port 25 Results
================================================
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham
================================================
Details:
================================================
HELO hostname: our.server.machine.com
Source IP: 222.222.222.222
mail-from: webmaster [at] our
...
================================================




--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


eximX0902w at linuxwan

Apr 30, 2012, 10:00 PM

Post #2 of 5 (533 views)
Permalink
Re: Recipient checking wrong server name? [In reply to]

On 30/04/12 19:03, Iain Houston wrote:
> We are getting a percentage of "Not configured to relay" rejections
> when we send out our newsletters. I rent a Cloud Server from 1&1
> where I run our.nonprofit.com and a couple of others. Most
> recipients' MTAs produce no such rejections ... is it an issue with
> our exim's setup or their MTA's setup?

You've redacted everything that would be useful to anyone attempting to
actually diagnose your problem with any sort of certainty. As such, here
are some random guesses.

Your server is either being blocked by the target servers in question,
or they do not accept mail for the recipients even though the MX records
say they should. The domains may have expired or the users may have
moved on. The single error message provided seems to come from the
remote end.

SPF is IP based so it just needs to have something resolving to all the
IP addresses you want to send mail from if you're using it. Including
the different hostnames all pointing the same IP address serves to add
nothing.

All of the email addresses must have accepted the confirmation opt-in
email at some point right? You'd have records of when they confirmed.


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


iainhouston at mac

May 1, 2012, 1:51 AM

Post #3 of 5 (541 views)
Permalink
Re: Recipient checking wrong server name? [In reply to]

Thanks for taking the time to look at this, Ted.
No, I didn't frame my question very well.

I think it boils down to this:
whatever host name I tell exim to use, I assume that
a recipient's MTA will always think we
are relaying for s15917281.onlinehome-server.info.
(And whatever I tell my DNS SPF records are allowed hosts.)

Because, even though:
If uname -a gives Linux coombe.villagenet.info 3.2.0-24-generic ...

and hostname -f gives:
coombe.villagenet.info

and I set up my SPF records to allow clients' mail from
coombe.villagenet.info

and I tell exim:
...
primary_hostname = coombe.villagenet.info
...
qualify_domain = villagenet.info
qualify_recipient = villagenet.info
...

I was hoping not to have so much mail rejected.

But, because we rent our server I have to accept that ....

cat /etc/hosts gives
127.0.0.1 localhost.localdomain localhost
82.165.46.221 s15917281.onlinehome-server.info s15917281
82.165.46.221 s391547658.onlinehome.info

and nslookup 82.165.46.221 gives
221.46.165.82.in-addr.arpa name = s15917281.onlinehome-server.info.


Is there anything I can do to have recipients' MTAs verify
coombe.villagenet.info instead?



On 1 May 2012, at 06:00, Ted Cooper wrote:

> On 30/04/12 19:03, Iain Houston wrote:
>> We are getting a percentage of "Not configured to relay" rejections
>> when we send out our newsletters. I rent a Cloud Server from 1&1
>> where I run our.nonprofit.com and a couple of others. Most
>> recipients' MTAs produce no such rejections ... is it an issue with
>> our exim's setup or their MTA's setup?
>
> You've redacted everything that would be useful to anyone attempting to
> actually diagnose your problem with any sort of certainty. As such, here
> are some random guesses.
>
> Your server is either being blocked by the target servers in question,
> or they do not accept mail for the recipients even though the MX records
> say they should. The domains may have expired or the users may have
> moved on. The single error message provided seems to come from the
> remote end.
>
> SPF is IP based so it just needs to have something resolving to all the
> IP addresses you want to send mail from if you're using it. Including
> the different hostnames all pointing the same IP address serves to add
> nothing.
>
> All of the email addresses must have accepted the confirmation opt-in
> email at some point right? You'd have records of when they confirmed.
>
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


eximX0902w at linuxwan

May 1, 2012, 7:19 AM

Post #4 of 5 (531 views)
Permalink
Re: Recipient checking wrong server name? [In reply to]

On 01/05/12 18:51, Iain Houston wrote:
> Is there anything I can do to have recipients' MTAs verify
> coombe.villagenet.info instead?

Everything you're doing looks to be correct. You have a HELO that
matches the source IP address, have SPF records that work (except that
mailforward.lcn.com has no MX records). The only possible change would
be to make sure rDNS matches the HELO/EHLO (or vice versa). This is not
necessarily required, but the more picky servers will take it into
account during the spam scanning (I do but I'm not a gorilla).

Getting your provider to change the rDNS entry for the server,
especially off the generic name, would be more of a help than a
hindrance. It seems that modifying the rDNS is available based on the
other IPs in the netblock.

Beyond that, find a better neighbourhood for the server to live in, or
use an established ESP since they will deal with keeping their nose
clean and it is after all their line of work.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


iainhouston at mac

May 3, 2012, 4:22 AM

Post #5 of 5 (519 views)
Permalink
Re: Recipient checking wrong server name? [In reply to]

Thanks for taking the time guys! I appreciate it very much
you spelling it out so clearly.

exim (and the recipients' MTAs) use these host names from
so many different sources. So i was quite confused before.

As a result I've made several changes that test out well.
I am hopeful (confident even!) that they'll scale up in production.
Big test is when we send out nearly three thousand newsletters
shortly.

What I did:
So now I have primary_hostname = s15917281.onlinehome-server.info
which will match the rDNS of the server; and I have added s15917281...
to the list of SPF designated mail sources on all my clients' TXT records.
Although it would seem (e.g. mta1008.bt.mail.ukl.yahoo.com) uses the
TXT's ipv4: (ip address) rather than any a: value (domain name) supplied.

On 1 May 2012, at 15:19, Ted Cooper wrote:

> The only possible change would
> be to make sure rDNS matches the HELO/EHLO
OK, so I also did
hostname s15917281.onlinehome-server.info
and swaks shows me that exim now sends this as the HELO
whereas before the HELO was coombe.villagenet.info

On 1 May 2012, at 10:33, Bill Hayles wrote:

> Is there an reason, other than maybe vanity, why you want to use coombe.villagenet.info
> as your primary hostname? This is purely a technical matter;
> receipients will still see your mail as coming from
> coombe.villagenet.info
Thanks for confirming this. Good reasons? No ... partly ignorance;
partly vanity; partly I'd attempted to have as few settings as possible
dependent on any particular hosting provider; partly I hadn't included
s15917281.. as a mail source in my submission to Yahoo bulk mail :-(

But I now submit to the realities! ... until I can afford to
"find a better neighbourhood for the server to live in" :-)



--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.