We're not using any Windows-based NAT service that I'm aware of - we're
just using the NAT capabilities of our humble Linksys BEFSX41 router.
Which is how we had the old server setup (192.168.0.3). And so I just
switched the Port Forwarding to the new server (192.168.0.4) and kept
the rest the same. The old server didn't have the Routing and Remote
Access service running at all (which is the service for setting up
Windows-based NAT, right?) And the new one has that disabled as well.
Seems like there's something really simple that I've completely
forgotten to do and hopefully you guys will clue in on it.
Matt wrote:
Kevin,
I haven't followed this thread much, but it seems fairly obvious what
the the problem is related to.
When your server is connecting to the recipient's server, it fails to
establish a connection with that server. This log line indicates the
likely source of the problem:
10:08 20:18 SMTP-(f300018900000106) [x] using source IP for
Rogersbenefit.com [192.168.0.4]
While you might be doing NAT on your network, it doesn't appear that
this is the case here, and the failure is probably being caused by
your server thinking that it needs to send E-mail for
rogersbenefit.com from a private IP, and it is unable to make a
connection since that IP isn't routable across the Internet, and you
are either not NATing and IMail is misconfigured for this domain, or
your NATing is not set up properly.
You need to check the configuration for this domain and make sure that
it is bound to a public IP or if a virtual domain, that the server's
primary domain is bound to a public IP address...or if you are NATing,
you need to check this configuration in your router. I suppose that
IMail might be screwy, but you should start with those choices.
Note that your first log sample shows that you were properly resolving
the recipient's MX records, and at least in my test from a second ago,
their primary MX server is answering just fine.
Matt
Kevin Rogers wrote:
OK - I turned that off and restarted the SMTP and QManager services.
I then tried to send an email to healthnet.com again (one of about 15
domains that I've noticed this problem with) and it still did not go
through. (By the way, why is it displaying the AUTH three times like
that?)
My SMTP settings are:
Default Mail Host: localhost
Domain Name Server address: 207.47.4.2 207.47.2.178 (these are 2
provided by my connection provider - I am not attempting to use my
local DNS yet)
Enable TLS is checked (nothing else is on the main screen)
Security Tab:
No mail relay
Allow remote mail to local groups & Allow remote view of local groups
& Auto-deny possible hack attempts are all checked - nothing else
Advanced Tab:
Delivery App: d:\imail\Declude.exe
Enable SMTP TO Listen On All IPs is checked. the rest is pretty
standard.
QManager settings:
DNS Cache is now disabled.
I have enabled Failed Domain Skipping (Max entries 500 - skip time 30)
Log snippet
10:08 20:18 SMTPD(f300018900000106) [192.168.0.4] connect
64.121.33.15 port 6609
10:08 20:18 SMTPD(f300018900000106) [64.121.33.15] EHLO [192.168.1.110]
10:08 20:18 SMTPD(f300018900000106) [64.121.33.15] AUTH
10:08 20:18 SMTPD(f300018900000106) [64.121.33.15] AUTH
10:08 20:18 SMTPD(f300018900000106) [64.121.33.15] AUTH
10:08 20:18 SMTPD(f300018900000106) Authenticated
[EMAIL PROTECTED], session treated as local.
10:08 20:18 SMTPD(f300018900000106) [64.121.33.15] MAIL
FROM:<[EMAIL PROTECTED]>
10:08 20:18 SMTPD(f300018900000106) [64.121.33.15] RCPT
TO:<[EMAIL PROTECTED]>
10:08 20:18 SMTPD(f300018900000106) [x] looking up healthnet.com in
HOSTS
10:08 20:18 SMTPD(f300018900000106) [64.121.33.15] DATA
10:08 20:18 SMTPD(f300018900000106) [64.121.33.15]
d:\imail\spool\Df300018900000106.SMD 759
10:08 20:18 SMTP-(f300018900000106) processing
d:\imail\spool\qf300018900000106.smd
10:08 20:18 SMTP-(f300018900000106) [x] looking up healthnet.com in
HOSTS and MX
10:08 20:18 SMTP-(f300018900000106) [Att-Blk] Got Attachment Blocking
Host Info for Rogersbenefit.com
10:08 20:18 SMTP-(f300018900000106) Trying healthnet.com (0)
10:08 20:18 SMTP-(f300018900000106) [x] Connecting socket to service
<SMTP> on host <healthnet.com> using protocol <tcp>
10:08 20:18 SMTP-(f300018900000106) [x] using source IP for
Rogersbenefit.com [192.168.0.4]
10:08 20:18 SMTP-(f300018900000106) Connect healthnet.com
[204.107.47.187:25] (1)
10:08 20:18 SMTP-(f300018900000106) 421 Service not available,
closing transmission channel
10:08 20:18 SMTP-(f300018900000106) SMTP_DELIV_FAILED
10:08 20:18 SMTP-(f300018900000106) >QUIT
10:08 20:18 SMTP-(f300018900000106)
10:08 20:18 SMTP-(f300018900000106) [u] closing socket (u)
10:08 20:18 SMTP-(f300018900000106) requeuing
d:\imail\spool\qf300018900000106.smd R0 T1
10:08 20:18 SMTP-(f300018900000106) finished
d:\imail\spool\qf300018900000106.smd status=3
Thanks for your help.
John T (lists) wrote:
Are you using DNS caching, turn that off. It is on the QueueManger
service
properties.
John T
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Kevin
Rogers
Sent: Monday, October 08, 2007 4:37 PM
To: declude.junkmail@declude.com
Subject: Re: [Declude.JunkMail] SMTP_DELIV_FAILED
I can ping yahoo.com. These errors are happening all the time. They
are occuring only with specific recipient domains - not all domains.
Incoming traffic appears normal even from these domains.
Richard Lyon wrote:
As a test, try ping something on the Internet when you see this
delivery message. Like Yahoo.com.
On Oct 8, 2007, at 6:52 PM, Kevin Rogers wrote:
I've turned on verbose logging and it appears that the "listen on
all
IPs" option did not work. But here is a better log snippet:
10:08 15:32 SMTPD(b01501a7000002f1) [192.168.0.4] connect
64.121.33.15 port 5672
10:08 15:32 SMTPD(b01501a7000002f1) [64.121.33.15] EHLO
[192.168.1.110]
10:08 15:32 SMTPD(b01501a7000002f1) [64.121.33.15] AUTH
10:08 15:32 SMTPD(b01501a7000002f1) [64.121.33.15] AUTH
10:08 15:32 SMTPD(b01501a7000002f1) [64.121.33.15] AUTH
10:08 15:32 SMTPD(b01501a7000002f1) Authenticated
[EMAIL PROTECTED], session treated as local.
10:08 15:32 SMTPD(b01501a7000002f1) [64.121.33.15] MAIL
FROM:<[EMAIL PROTECTED]>
10:08 15:32 SMTPD(b01501a7000002f1) [64.121.33.15] RCPT
TO:<[EMAIL PROTECTED]>
10:08 15:32 SMTPD(b01501a7000002f1) [64.121.33.15] DATA
10:08 15:32 SMTPD(b01501a7000002f1) [64.121.33.15]
d:\imail\spool\Db01501a7000002f1.SMD 558
10:08 15:32 SMTP-(0000000000000000) Info - Adding Queue file
d:\imail\spool\qb01501a7000002f1.smd
10:08 15:32 SMTP-(b01501a7000002f1) processing
d:\imail\spool\qb01501a7000002f1.smd
10:08 15:32 SMTP-(b01501a7000002f1) [x] looking up healthnet.com in
HOSTS and MX
10:08 15:32 SMTP-(b01501a7000002f1) Info - Adding healthnet.com to
DNS cache - TTL = 1724
10:08 15:32 SMTP-(b01501a7000002f1) [Att-Blk] Got Attachment
Blocking
Host Info for Rogersbenefit.com
10:08 15:32 SMTP-(b01501a7000002f1) Trying healthnet.com (0)
10:08 15:32 SMTP-(b01501a7000002f1) [x] Connecting socket to service
<SMTP> on host <healthnet.com> using protocol <tcp>
10:08 15:32 SMTP-(b01501a7000002f1) [x] using source IP for
Rogersbenefit.com [192.168.0.4]
10:08 15:32 SMTP-(b01501a7000002f1) Info - Found healthnet.com in
DNS
Cache
10:08 15:32 SMTP-(b01501a7000002f1) Connect healthnet.com
[204.107.47.187:25] (1)
10:08 15:32 SMTP-(b01501a7000002f1) 421 Service not available,
closing transmission channel
10:08 15:32 SMTP-(b01501a7000002f1) SMTP_DELIV_FAILED
10:08 15:32 SMTP-(b01501a7000002f1) >QUIT
10:08 15:32 SMTP-(b01501a7000002f1)
10:08 15:32 SMTP-(b01501a7000002f1) [u] closing socket (u)
10:08 15:32 SMTP-(b01501a7000002f1) requeuing
d:\imail\spool\qb01501a7000002f1.smd R0 T1
10:08 15:32 SMTP-(b01501a7000002f1) finished
d:\imail\spool\qb01501a7000002f1.smd status=3
Does this help?
Kevin Rogers wrote:
FYI -
I just noticed that on the SMTP Advanced tab of Imail, the
option to
"Enable SMTP to Listen On All IP's" was NOT selected. I'm not sure
if this could've been the problem, but I've now selected that
option
and will watch the logs.
Kevin
Darrell ([EMAIL PROTECTED]) wrote:
Your "A" / "PTR" records look fine.
mail.rogersbenefit.com. 7200 IN A 207.47.22.58
58.22.47.207.in-addr.arpa. 86288 IN PTR
mail.rogersbenefit.com
Your listed in one RBL - "backscatter" so it would seem that it
should not be related to spam.
Can you post a more detailed smtp log for the 6863023f00005c41
transaction. This would help more. You can xxxx out any
addresses
etc to prevent harvesting..
Darrell
----------------------------------
Check out http://www.invariantsystems.com for utilities for
Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue
Monitoring, SURBL/URI integration, MRTG Integration, and Log
Parsers.
Kevin Rogers wrote:
I'm not sure if this is the right place to post this issue, but
here goes:
We recently upgraded our server (to Server2003 - running Imail.
8.21, Declude 4.3) and we're getting a lot of delivery
failures to
specific domains. It looks like the error we used to get before
we had a PTR record setup correctly - certain domains refusing to
connect with us. But I believe our PTR record is setup
correctly. We upgraded our server, and so it has a different
local IP address, but the same external IP, so our PTR record
shouldn't have to change. The domain is rogersbenefit.com
The errors in the imail log look like this:
10:08 13:20 SMTP-(57f5021f00004794) Trying LifeWiseHealth.com (0)
10:08 13:20 SMTP-(5b95020600004c35) Trying healthnet.com (0)
10:08 13:20 SMTP-(66fa00000818097c) Trying healthnet.com (0)
10:08 13:20 SMTP-(5939023700004927) Trying healthnet.com (0)
10:08 13:20 SMTP-(69ac021800005d9b) Trying taylorjohnsongroup.com
(0)
10:08 13:20 SMTP-(64bd009a000057db) Trying heiworld.com (0)
and end like this:
10:08 13:20 SMTP-(6863023f00005c41) 421 Service not available,
closing transmission channel
10:08 13:20 SMTP-(6863023f00005c41) SMTP_DELIV_FAILED
10:08 13:20 SMTP-(6863023f00005c41) >QUIT
I can ping our DNS servers fine.
Any ideas?
Thanks - Kevin
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
[This E-mail scanned for viruses by Declude]
[This E-mail scanned for viruses by Declude]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
