Close

Results 1 to 17 of 17
  1. #1
    DF Super Moderator
    DejaVu's Avatar
    Join Date
    Nov 2005
    Location
    Essex
    Posts
    9,107
    Thanks
    1,836
    Thanked:        4,004
    Karma Level
    953

    Default Undeliverable from some email servers. Think it's our end!

    Can someone shed some light on this.
    I think it's something to do with DNS and Authentication or perhaps even a Self Sign Cert for Exchange.
    Do we need to prove it is us sending the email with confirmation the IP belongs to this exchange server.

    All .gov.uk emails are doing this. On the whole, the rest seem to go through just fine.

    Code:
    From: THEMAN@tendringdc.gov.uk
    Sent: Wednesday, October 4, 2017 2:46 PM
    To: OUR EMAIL
    Subject: Undeliverable: WHAT WE ARE TALKING ABOUT
    
    
    
    
    mail.tendringdc.gov.uk rejected your message to the following e-mail addresses:
    
    
    THE MAN (THEMAN@tendringdc.gov.uk)<mailto:THEMAN@tendringdc.gov.uk>
    
    
    mail.tendringdc.gov.uk gave this error:
    <OUREMAIL@US.COM>... Rejected - TRUSTmanager
    Your message wasn't delivered due to a permission or security issue. It may have been rejected by a moderator, the address may only accept e-mail from certain senders, or another restriction may be preventing delivery.
    
    
    
    
    
    
    
    
    
    
    
    
    Diagnostic information for administrators:
    
    
    Generating server: CSSRV01.cliffords.local
    
    
    THEMAN@tendringdc.gov.uk
    mail.tendringdc.gov.uk #550 5.7.1 <OUREMAIL@US.COM>... Rejected - TRUSTmanager ##
    
    
    Original message headers:
    
    
    Received: from CSSRV01.cliffords.local ([IPv6 IP:2db4]) by
    
    
     CSSRV01.cliffords.local ([IPv6 IP:2db4%10]) with mapi id
    
    
     14.01.0438.000; Wed, 4 Oct 2017 14:45:31 +0100
    
    
    From: OUREMAIL@US.COM>
    
    
    To: <THEMAN@tendringdc.gov.uk>
    
    
    Subject: RE: 
    
    
    Thread-Topic: WHAT WE ARE TALKING ABOUT
    
    
    Thread-Index: AdMNLmul6FPuHD5dQTKq+ZprhBtzIAAAPIRAA438AdADHOZ1MAAEFJLwACiaZVAEthgggAAAhcbwAGulocA=
    
    
    Date: Wed, 4 Oct 2017 13:45:30 +0000
    
    
    Message-ID: <30141C11CFD4C74785766A88E2770C7D0145A603A5@CSSRV01.cliffords.local>
    
    
    References: <D0341BE740848445B623A770D250F0B66F8EDDEA@TDCCTHEXG001.tendringdc.gov.uk>
    
    
     <D0341BE740848445B623A770D250F0B66F8EDE07@TDCCTHEXG001.tendringdc.gov.uk>
    
    
     <D0341BE740848445B623A770D250F0B66F9015F1@TDCCTHEXG001.tendringdc.gov.uk>
    
    
     <D0341BE740848445B623A770D250F0B66F913DCA@TDCCTHEXG001.tendringdc.gov.uk>
    
    
     <30141C11CFD4C74785766A88E2770C7D01459DBAD2@CSSRV01.cliffords.local>
    
    
     <D0341BE740848445B623A770D250F0B66F9140FE@TDCCTHEXG001.tendringdc.gov.uk>
    
    
     <D0341BE740848445B623A770D250F0B66F93C2EF@TDCCTHEXG001.tendringdc.gov.uk>
    
    
     <D0341BE740848445B623A770D250F0B66F93C307@TDCCTHEXG001.tendringdc.gov.uk>
    
    
    In-Reply-To: <D0341BE740848445B623A770D250F0B66F93C307@TDCCTHEXG001.tendringdc.gov.uk>
    
    
    Accept-Language: en-GB, en-US
    
    
    Content-Language: en-US
    
    
    X-MS-Has-Attach: yes
    
    
    X-MS-TNEF-Correlator:
    
    
    x-originating-ip: [192.168.1.105]
    
    
    Content-Type: multipart/related;
    
    
            boundary="_008_30141C11CFD4C74785766A88E2770C7D0145A603A5CSSRV01cliffo_";
    
    
            type="multipart/alternative"
    
    
    MIME-Version: 1.0
    The only obvious thing here is our local domain is being sent via the Email Headers along with the original internal IP Address.

    Would this make it fail because "TrustManager" doesn't like it?
    Is a Self Signed Certificate needed somewhere?
    Do I need to put some sort of 'this IP belongs to this domain/email address' on sending each email?

    Only had this pain in the arse since transferring to Virginmedia's new awesome super dooper Business account that CANNOT offer a fixed IP Address at the moment and we've had to implement Dynamic.
    Fucking one headache after another with this shit! Including requesting the Dynamic IP Address to be lifted from 14 Blacklists!! FFS!

    HELP!
    Last edited by DejaVu; 4th October 2017 at 08:45 PM.


  2. #2
    DF General DogsBody
    Mickey's Avatar
    Join Date
    Nov 2006
    Location
    Digital Forums
    Posts
    16,955
    Thanks
    1,879
    Thanked:        2,077
    Karma Level
    1254

    Default Re: Undeliverable from some email servers. Think it's our end!

    I got masses of shit emails that were sent from me to others with virminmedia. Nothing I did myself but were sent from my ip

    still awaiting a conclusion to it after nearly 2 years with the fuckers.

    they blamed my computer was infested with crap. but I know different

  3. #3
    DF Super Moderator piggzy's Avatar
    Join Date
    Jul 2014
    Location
    UK
    Posts
    3,540
    Thanks
    3,063
    Thanked:        1,553
    Karma Level
    371

    Default Re: Undeliverable from some email servers. Think it's our end!

    I had a similar problem on one of my servers and solved it. It was to do with DNS mx records I believe but cant quite remember.
    Off the top of my head it was advice from Mr EvilSatan on here that helped me resolve my issues so hopefully he will be along soon :-)

  4. #4
    DF Super Moderator
    evilsatan's Avatar
    Join Date
    Jul 2004
    Location
    Essex
    Posts
    20,079
    Thanks
    1,105
    Thanked:        3,241
    Karma Level
    1541

    Default Re: Undeliverable from some email servers. Think it's our end!

    My advice is hosted exchange, Microsoft have made it so cheap now it's a bit of a no brainier and it relieves you of so many headaches!

    Obviously that doesn't help here, can you PM me the domain you are sending mail from? Do you have SPF records in place? Being a gov.uk they may have higher security, perhaps they want to see an SPF record to help validate the email. What version of exchange server are you running? Not sure how easy it is to add DKIM to on premises exchange but I am rolling that out for all my Rackspace and Office 365 users along with DMARC and they already have SPF.

    Thanks to evilsatan

    Over Carl (4th October 2017)  


  5. #5
    DF VIP Member Over Carl's Avatar
    Join Date
    Apr 2006
    Location
    London
    Posts
    13,125
    Thanks
    3,975
    Thanked:        1,690
    Karma Level
    1251

    Default Re: Undeliverable from some email servers. Think it's our end!

    Quote Originally Posted by DejaVu View Post
    Only had this pain in the arse since transferring to Virginmedia's new awesome super dooper Business account that CANNOT offer a fixed IP Address at the moment and we've had to implement Dynamic.
    Fucking one headache after another with this shit! Including requesting the Dynamic IP Address to be lifted from 14 Blacklists!! FFS!
    Sorry I was just skimming through your post but then I got to this bit.

    Do you mean to say you are running a mail server but haven't got a fixed/static public IP address?

    If so that is the first thing you need to fix. Firstly the only way I can imagine the setup works is by using dynamic DNS, but if your router gets a new WAN IP, it can take a while for your DDNS server to update their record, then it can take up to 3 days for the new DNS record to propagate fully round the world wide DNS system meaning the system is unreliable for 3 days after any WAN IP address change.

    Next, the IP address itself. I'm sure you are probably aware there are various DNS blacklists (DNSBL) for different purposes, but there are numerous for mail servers (MX). IIRC, certain address ranges are listed in these DNSBL as domestic/dynamic address so get blacklisted purely on that basis. Also if for example loads of spam has been sent from a particular IP address, that IP could get blacklisted for sending spam. I doubt it's you but it could be possible someone previously abused that IP and you are now left with the mess.

    From the error message you quoted, I can't say this is definitely the reason, but I hope you see why I couldn't imagine running a mail server with a dynamic ip.

    Once you have got a static IP sorted, next thing I would suggest you look into is to check you aren't on any DNSBL's, make sure you have reverse DNS setup and SPF records setup as well.

    Sorry it's been a few years since I was in the game so I'm guessing there may be more to add now as well.

    Edit: was still typing while before evilsatan posted.

    Thanks to Over Carl

    DejaVu (5th October 2017)  


  6. #6
    DF Super Moderator
    evilsatan's Avatar
    Join Date
    Jul 2004
    Location
    Essex
    Posts
    20,079
    Thanks
    1,105
    Thanked:        3,241
    Karma Level
    1541

    Default Re: Undeliverable from some email servers. Think it's our end!

    Oh and I was going to mention blacklists, if your shared IP is on blacklists then this is quite possibly your issue. I had some absolute nightmares with this before, I believe once even on Office 365 as another user had got them on a blacklist. If this is the issue then you really want to get a fixed IP or hosted services asap as these shared ISP IPs are abused to hell, not sure why they can't offer you one straight away!!

    2 Thanks given to evilsatan

    DejaVu (5th October 2017),  Over Carl (4th October 2017)  


  7. #7
    DF VIP Member Over Carl's Avatar
    Join Date
    Apr 2006
    Location
    London
    Posts
    13,125
    Thanks
    3,975
    Thanked:        1,690
    Karma Level
    1251

    Default Re: Undeliverable from some email servers. Think it's our end!

    Quote Originally Posted by Mickey View Post
    I got masses of shit emails that were sent from me to others with virminmedia. Nothing I did myself but were sent from my ip

    still awaiting a conclusion to it after nearly 2 years with the fuckers.

    they blamed my computer was infested with crap. but I know different
    It is possible for your address to send loads of emails without any person at your address sending them and without having a compromised computer.

    However the only technique I know to do this means you must at least be running a mail server.

    Idea is spammer hammers your mailserver with a spoofed email address, so then your server hammers the intended target with loads of non deliverable reports. Doesn't need any human interaction/malice, or any infected computers, but impossible if you are not running a mail server on your network (with port forwarding setup on your router to send mail to your mail server).

    https://en.wikipedia.org/wiki/Backscatter_(email)

    Thanks to Over Carl

    DejaVu (5th October 2017)  


  8. #8
    DF Super Moderator
    evilsatan's Avatar
    Join Date
    Jul 2004
    Location
    Essex
    Posts
    20,079
    Thanks
    1,105
    Thanked:        3,241
    Karma Level
    1541

    Default Re: Undeliverable from some email servers. Think it's our end!

    In case anyone's interested in the security features I mentioned:
    SPF record - added to your domain DNS, this record specifies which mail servers are permitted to send mail on your behalf and what sort of fail there should be if a different mail server attempts to send. On its own not too powerful.
    DKIM - this adds a public key to your domain DNS and a private key to your email headers, if they keys don't pair then the mail can be rejected. The idea being two people may use the same servers (e.g. Office 365) thus nullifying SPF but the private DKIM key shouldn't be able to be spoofed.
    DMARC - this can be used for reporting of the above. When you send mail to a mailserver that supports this a report is sent to the address in this DNS record to show info, you can use a premium DMARC analyser to provide stats to help work out where mail is failing. It can also be set to report only or to bounce messages that fail SPF/DKIM alignment.

    The above all rely on the recipient mailserver checking them, most major providers have adopted them now though and they should become standard practice.i use a free DMARC digest and if this flags up issues I pay for a premium service as the digest doesn't contain enough info to properly figure out issues:
    https://dmarc.postmarkapp.com/

    2 Thanks given to evilsatan

    DejaVu (5th October 2017),  Over Carl (4th October 2017)  


  9. #9
    DF Super Moderator
    DejaVu's Avatar
    Join Date
    Nov 2005
    Location
    Essex
    Posts
    9,107
    Thanks
    1,836
    Thanked:        4,004
    Karma Level
    953

    Default Re: Undeliverable from some email servers. Think it's our end!

    Been through all the blacklists and been cleared of all of them. SPF in place, but may be incorrect. DKIM maybe the thing required here!
    I completely agree that a Hosted Exchange is a lot more desirable, but getting this business to part with cash is a fucking nightmare especially when he thinks he 'has what he needs in place' already.

    Although I realise a fixed IP is preferred, Virginmedia cannot offer one at 200MBps at the moment. As soon as they give a fixed, the speed flys all the way down to 30MBps. Hence DDNS.
    http://community.virginmedia.com/t5/...r/td-p/3045782

    I'm told it CAN change, but is likely to be 'Semi' fixed until they iron out the known issue on their network with these useless Hitron routers.


  10. #10
    DF Super Moderator
    evilsatan's Avatar
    Join Date
    Jul 2004
    Location
    Essex
    Posts
    20,079
    Thanks
    1,105
    Thanked:        3,241
    Karma Level
    1541

    Default Re: Undeliverable from some email servers. Think it's our end!

    I would be surprised if they made DKIM a requirement as it hasn't been widely adopted yet but these may throw up some clues:
    SMTP Banner Check Reverse DNS does not match SMTP Banner
    SMTP TLS Warning - Does not support TLS.
    SMTP Transaction Time 8.560 seconds - Not good! on Transaction Time
    Transaction time won't be it but these are the three warnings on the domain. My money's on SMTP banner check, I'm not sure the ISP can set up a PTR for dynamic IP.
    https://mxtoolbox.com/problem/smtp/smtp-banner-check?

    Assuming you are charging him I'd make it clear that these problems are likely to persist due to virgin and are out of your control so he should value your time and also the improved service of hosted exchange. How many mailboxes are we talking about? Aliases/distro lists are free.

    Thanks to evilsatan

    Over Carl (5th October 2017)  


  11. #11
    DF Moderator EvilBoB's Avatar
    Join Date
    Jan 2001
    Location
    Bedfordshire
    Posts
    6,353
    Thanks
    583
    Thanked:        620
    Karma Level
    606

    Default Re: Undeliverable from some email servers. Think it's our end!

    Make sure your SPF record is setup. A lot of companies are configuring for SPF as a requirement now.
    DF Moderator
    XBox One | Panasonic 4k | MS Surface Pro 3 | 3DSXL | WiiU | RPi3
    XBL : TheSumOfAllEvil

    Thanks to EvilBoB

    Over Carl (6th October 2017)  


  12. #12
    DF Super Moderator
    DejaVu's Avatar
    Join Date
    Nov 2005
    Location
    Essex
    Posts
    9,107
    Thanks
    1,836
    Thanked:        4,004
    Karma Level
    953

    Default Re: Undeliverable from some email servers. Think it's our end!

    Being a Dynamic IP Address through DNSExit, I've forwarded all responsibility to those guys and also included an SPF record, but it's still being rejected by all .gov.uk email addresses.
    The majority of other emails appear to be fine.

    Should the full local domain be in the SPF record? Should ANY local domain be in the SPF record?

    I'm trying to explain why a cloud solution is worth it, but I'm not getting anywhere with these people!
    Last edited by DejaVu; 9th October 2017 at 10:12 PM. Reason: Point taken. Removed, but harder to explain than screenshot!


  13. #13
    DF VIP Member Over Carl's Avatar
    Join Date
    Apr 2006
    Location
    London
    Posts
    13,125
    Thanks
    3,975
    Thanked:        1,690
    Karma Level
    1251

    Default Re: Undeliverable from some email servers. Think it's our end!

    Quote Originally Posted by DejaVu View Post
    I'm trying to explain why a cloud solution is worth it, but I'm not getting anywhere with these people!
    With all due respect, if you don't understand what is wrong, I don't have much faith in you explaining to your client(s) what is wrong.

    EvilSatan has already mentioned SMTP banner check (and I have already mentioned Reverse DNS). It is obvious you haven't bothered looking into these, so more suggestions will not help you (well definitely not at this point yet).

    You say your headers mention (EDITTED)l.......

    Find your WAN IP

    Then use telnet to connect to your mail server on port 25 and confirm this is the hostname in the SMTP banner. (many guides online about how to connect to mail server using telnet).

    Then open a command line,

    Run nslookup
    set type=PTR
    123.456.789.123 <- enter your WAN IP here.

    I bet you anything you want that this will bring up a hostname assigned by Virgin that bears no resemblance to your mailserver hostname.

    These MUST match. I am amazed you haven't had this issue prior, as this is the simplest most basic check utilised to thwart spammers.

    Problem (as I already have mentioned) is you have a dynamic IP, so even if you "bodge" your SMTP banner to match the PTR record, next time your router gets a different WAN IP, this stops working.

    Also as I have previously mentioned, there are various DNSBL's, and organisations will use as little or as many of them as they wish. Some of this will have your IP blacklisted because it is a dynamic IP. There is no way to change that.

    A mail relay service could help, but I will let you do the reading and thinking about why you really want to fix your real problem either by getting a static IP address or using a cloud provider.

    Final note, I would say it's very unprofessional to mention the actual client. Feel free to edit my post and your last post.

    Edit: Serious general suggestion. If you are going to take responsibilities for corporate IT, learn what you are doing BEFORE you implement stuff for clients. Using this as an example, I wouldn't even start off with learning to setup your own mailserver for your business as all sorts of horrible things could go wrong and your clients would think you are ignoring you, instead I would first set one up that serves no real purpose except self teaching and experimentation. Look into the concept of having a test/development environment that is not processing any actual data for production. Then you can put yourself into a much better position to safely try new things.
    Last edited by DejaVu; 9th October 2017 at 10:27 PM.

  14. #14
    DF Super Moderator piggzy's Avatar
    Join Date
    Jul 2014
    Location
    UK
    Posts
    3,540
    Thanks
    3,063
    Thanked:        1,553
    Karma Level
    371

    Default Re: Undeliverable from some email servers. Think it's our end!

    Some good points above.

    I solved most of my mail woes by eventually switching to the free Zoho.com email provider that does all your routing and setup for you.
    I think they limit the FREE aspect to 2 domains or something like that, but I got round it by obviously signing up multiple accounts. It works flawlessly for all my customers with heavy bandwidth and I never get any issues tbh
    Prior to this I was doing it myself but I got bored of things constantly changing. New requirments etc

  15. #15
    DF Super Moderator
    DejaVu's Avatar
    Join Date
    Nov 2005
    Location
    Essex
    Posts
    9,107
    Thanks
    1,836
    Thanked:        4,004
    Karma Level
    953

    Default Re: Undeliverable from some email servers. Think it's our end!

    I never purported to be any type of expert.

    This firm had me recommended to look after their PC systems when something goes wrong a long time ago.
    They've been taking the piss out of my good nature more and more over the years expecting me to do a lot more than I was willing or able to do and it's got to the point now where I've bitten off more than I can chew.

    I'm trying to get them off my back and have been for a long time!
    I've been at work all day since 8:00am, the last thing I need is them hassling me all day and then remoting in of an evening (every night for the passed 2 weeks) trying to resolve an issue I have no clue about.
    I've told them so many times to hire someone new, but they like me and prefer dealing and asking things of me! Stupid I know, but I've been dealing with this firm since 2010.

    Explaining they need someone more advanced than me to deal with it scares them, because they are going to have to be paying them a lot more than they pay me!

    I've never had these such issues until they decided to upgrade from their perfectly working BT Infinity line with dedicated IP to this useless business dynamic IP only drivel from Virginmedia.
    Last edited by DejaVu; 9th October 2017 at 10:33 PM.

    Thanks to DejaVu

    piggzy (9th October 2017)  


  16. #16
    DF Super Moderator piggzy's Avatar
    Join Date
    Jul 2014
    Location
    UK
    Posts
    3,540
    Thanks
    3,063
    Thanked:        1,553
    Karma Level
    371

    Default Re: Undeliverable from some email servers. Think it's our end!

    Quote Originally Posted by DejaVu View Post
    I never purported to be any type of expert.

    This firm had me recommended to look after their PC systems when something goes wrong a long time ago.
    They've been taking the piss out of my good nature more and more over the years expecting me to do a lot more than I was willing or able to do and it's got to the point now where I've bitten off more than I can chew.

    I'm trying to get them off my back and have been for a long time!
    I've been at work all day since 8:00am, the last thing I need is them hassling me all day and then remoting in of an evening (every night for the passed 2 weeks) trying to resolve an issue I have no clue about.
    I've told them so many times to hire someone new, but they like me and prefer dealing and asking things of me! Stupid I know, but I've been dealing with this firm since 2010.

    Explaining they need someone more advanced than me to deal with it scares them, because they are going to have to be paying them a lot more than they pay me!
    Look into Zoho.com then.

    They can pay YOU and deal with YOU and have the experts deal with your bullshit for you.

    Thanks to piggzy

    DejaVu (9th October 2017)  


  17. #17
    DF Super Moderator
    evilsatan's Avatar
    Join Date
    Jul 2004
    Location
    Essex
    Posts
    20,079
    Thanks
    1,105
    Thanked:        3,241
    Karma Level
    1541

    Default Re: Undeliverable from some email servers. Think it's our end!

    Yeah time to give them an ultimatum, either move to a hosted solution which will be more solid and you're "happy" to support, or they'll have to find alternative IT support as you're too busy to support them as well as your other work and personal commitments. Also worth mentioning you have to charge more if you feel they're taking the piss and your undervalued!

    I would recommend office 365 though as it's quickly becoming the standard and their pricing is insane. I prefer Rackspace as their support layer is excellent but sounds like they may be skinflints to look at Exchange Online Plan 1. This resolves this issue, prevents others issues cropping up and takes load off their server and bandwidth. The only possible reason for not switching is if they have an insane amount of mailboxes thus the monthly cost would be high but even then it's quality of service over price.

    What version exchange server are they on? If it's getting on then giving them a quote of upgrading that may help move them to hosted.


Similar Threads

  1. LBP servers
    By jamie_h88 in forum Sony Consoles
    Replies: 3
    Last Post: 7th November 2008, 10:40 AM
  2. New to Servers
    By joe 90 in forum Internet Connections & VPNs
    Replies: 0
    Last Post: 5th November 2008, 03:31 PM
  3. EA servers
    By TAR in forum Microsoft Consoles
    Replies: 2
    Last Post: 11th July 2008, 10:37 PM
  4. GTA IV servers
    By wR_sixtee6 in forum Sony Consoles
    Replies: 3
    Last Post: 2nd May 2008, 11:43 AM

Social Networking Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •