exim and spam check queries

Discussion in 'Linux VPS/Dedicated - cPanel' started by AniG, Aug 28, 2006.

  1. AniG

    AniG New Member

    Hi,

    I was having problems sending mails to a domain. Alex from support explained that it was because "Use callouts to verify the existance of email senders" was checked in my exim config in WHM and that the recipient mail server needed to be fixed.

    After a little searching around I found this was part of a spam check method for exim..

    from ConfigServer.com:
    Now, my question is, how important is this setting? What can happen if I uncheck these, so even badly configured mail servers, such as the one in question here, are able to receive mails from me?
     
  2. KH-Paul

    KH-Paul CTO Staff Member

    Ani,

    These two options may affect possibility to receive incoming mail from remote servers but don't have any effect on outgoing mail. If you uncheck these options you should start seeing more spam coming in as most spammers use fake emails and these two options helps to prevent such messages from being accepted by your mailserver.

    Regards,
    Paul
     
  3. AniG

    AniG New Member

    oh! Hmm.. well what can cause mails to not reach another domain then? For this particular domain (adira.com) the emails I sent were delayed over 72 hours.. and finally I received the mail not delivered notice...

    I haven't seen problems with sending mails to other domains/servers.. except for this one.. Alex, from support said that adira.com mailserver needed to be fixed.. so I am pretty confused now...
     
  4. AniG

    AniG New Member

    these are the kinds of errors I see in the exim_mainlog for the problem domain:

    is this related to the WHM exim config settings? if not, what is the delay being caused by?
     
  5. KH-Paul

    KH-Paul CTO Staff Member

    Ani,

    What is your ticket #? If you don't want to post it here, feel free to email it to me at paul-at-knownhost.com. I would like to take a closer look at your ticket

    Regards,
    Paul
     
  6. AniG

    AniG New Member

    also.. is there a resource online, other than the docs at exim.org, that could shed some more light on how to interpret these cryptic exim errors for exim virgins like me? :)
     
  7. AniG

    AniG New Member

    ticket ID is 5302.. also sent you mail with more details on the ticket..
     
  8. KH-Paul

    KH-Paul CTO Staff Member

    Ani,

    There is a mix of multiple errors related to different things:

    These messages don't mean much. The only information you can get from these lines is that you have 3 different emails directed to yyyyy@adira.com sitting in your mail queue for whatever reason. You should be able to see full history on message processing using, for example, the following command:

    Code:
    grep 1GGGkP-00041m-Dj /var/log/exim_main
    The above command will all log enties for specific email message unless log file was rotated just recently.

    This log entry:

    is a bit different. It was generated due to incoming smtp connection from the 84.96.47.18 server which tried to send you an email from "xxxxx@adira.com". As you have sender verification options enabled your exim configuration it tried to connect to best MX for the adira.com domain and either failed or remote server refused to accept mail for xxxxx@adira.com

    Now, let's take a look at this domain:
    - This domain has single MX record pointing to mail.adira.com:
    Code:
    # host -t mx adira.com
    adira.com mail is handled by 5 mail.adira.com.
    - mail.adira.com resolves to 83.141.132.31:
    Code:
    # host mail.adira.com
    mail.adira.com has address 83.141.132.31
    - let's try to stablish SMTP connection to this host:
    Code:
    # telnet 83.141.132.31 smtp
    Trying 83.141.132.31...
    Connected to 83.141.132.31.
    Escape character is '^]'.
    I interrupted this connection attempt after 2-3 minutes of waiting - remote server doesn't display smtp greeting and it is not possible to send email mail to this domain, so I would assume that first 3 log entries you've included in your post has real reason for delivery failure reports as "connection timed out" or something similar and RCPT verification failed to the very same reason - inability to connect to the smtp server which is advertised as best MX for the adira.com domain.

    Regards,
    Paul
     
  9. AniG

    AniG New Member

    Hi Paul,

    Thanks for the detailed explanation.

    I did pretty much the same thing as you. I telnetted into adira.com port 25 as well to see if there was a response. Got the same thing as you. It may seem their mail server is not responding or maybe not configured properly, even though the MX record is there. Strangely enough, I am able to send mail to that domain using my gmail or yahoo accounts. I don't know why mails from my VPS are not reaching them. Even more puzzling is that I did receive an email from an address on adira.com just few hours ago (on one of my VPS account addresses). So mails are coming from them to me, despite that strange RCPT failure from the xxxxx@adira.com address in the log. Here is the relevant part of the header from that mail:
    This behavior seems to have cropped up after I moved to this new VPS. I didn't see such issues on my old server. That leads me to believe that there might still be unresolved configuration issues on my VPS. I just can't seem to figure out where to look. Your explanation and info does help though... but if you do come up with another way to figure out what is causing mails not to reach adira.com please do let me know.
     
  10. KH-Paul

    KH-Paul CTO Staff Member

    Ani,

    If it does work from other places there is a chance that:
    a) they return different MX records based on the source host location / ip network;
    b) they filter some ip addresses / networks for whatever reason;
    c) something is misconfigured somewhere.

    I highly doubt this is related to your VPS configuration as the telnet test I quoted above was executed not from inside your VPS but from my own VPS which is used by me as a playground. It was a brand new CentOS 4.x VPS with no control panel and/or any configuration modification.

    As to why you can receive mail from them with rctp-to verification disabled - please take a look at the IP address of their MX (83.141.132.31) and IP you've received from email from (84.96.47.18). IPs are different and I have no troubles establishing smtp connection with this IP:

    Regards,
    Paul
     
  11. AniG

    AniG New Member

    Thanks for all the info Paul. That did help clearing up the mystery :)
     

Share This Page