Author Topic: [SOLVED] how to enable outgoing to use only port 587  (Read 22487 times)

B_Khuwera

  • Zen Monk
  • **
  • Posts: 51
  • Karma: +0/-1
    • View Profile
[SOLVED] how to enable outgoing to use only port 587
« on: April 22, 2012, 07:01:54 pm »
hello,

i've been using zentyal 2.0 for mailserver since last year and working fine, activate TLS and authentication option for smtp in mail GUI,
allow relay only from local LAN, and only authenticated user from outside LAN. I check for open relay using mailradar.com as
i don't want the server to be open relay.
but due to ISP policy to block all outgoing from port 25, the server begin this issues. FYI we have static IP public.
they said they just block port 25, and they also open a mail relay on their port 587.
so i figured to use the smarthost and enter their relay address with :587 also using our account to login.
i work for some times,
but too bad their server seems cannot handle all email from their customer, so sometimes our mails is deferred,
and even bounced back. I already try to complaint about this but seems its not going to be resolve soon.

my question is, it is possible to use the port 587 for outgoing but not using smarthost?
because when I use the smarthost setting, i could see in mail.log that our server is sending mail using port 587,
but when I empty the smarthost, it got back to sending mail using port 25.

1. I enable the option submission inet n - - - - smtpd on master.cf.mas,
i can send only to our local user, when sending email outside, on log I see mailserver still using port 25.
i can receive email from outside, but cannot send email to outside.

below is some log when i use no 1 setting, and send email to outside.

Apr 22 23:42:48 WELLDONE2 postfix/smtpd[15113]: connect from unknown[111.94.127.137]
Apr 22 23:42:49 WELLDONE2 postfix/smtpd[15113]: setting up TLS connection from unknown[111.94.127.137]
Apr 22 23:42:50 WELLDONE2 postfix/smtpd[15113]: Anonymous TLS connection established from unknown[111.94.127.137]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Apr 22 23:42:51 WELLDONE2 postfix/smtpd[15113]: B256510046C0B: client=unknown[111.94.127.137], sasl_method=PLAIN, sasl_username=admin@welldone-communications.com
Apr 22 23:42:52 WELLDONE2 postfix/cleanup[14747]: B256510046C0B: message-id=<4F94335D.9000704@welldone-communications.com>
Apr 22 23:42:52 WELLDONE2 postfix/qmgr[14543]: B256510046C0B: from=<admin@welldone-communications.com>, size=898, nrcpt=1 (queue active)
Apr 22 23:42:52 WELLDONE2 amavis[3780]: (03780-02) ESMTP::10024 /var/lib/amavis/amavis-20120422T231704-03780: <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc> SIZE=898 Received: from mail.welldone-communications.com ([127.0.0.1]) by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <bouvy@padepokan-suralaya.co.cc>; Sun, 22 Apr 2012 23:42:52 +0700 (WIT)
Apr 22 23:42:52 WELLDONE2 amavis[3780]: (03780-02) Checking: 3PMNyum3dRAS [111.94.127.137] <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>
Apr 22 23:42:52 WELLDONE2 amavis[3780]: (03780-02) Open relay? Nonlocal recips but not originating: bouvy@padepokan-suralaya.co.cc
Apr 22 23:42:52 WELLDONE2 postfix/smtpd[15113]: disconnect from unknown[111.94.127.137]
Apr 22 23:42:53 WELLDONE2 postfix/smtpd[14812]: connect from localhost[127.0.0.1]
Apr 22 23:42:53 WELLDONE2 postfix/smtpd[14812]: 6C25810046C0C: client=localhost[127.0.0.1]
Apr 22 23:42:53 WELLDONE2 postfix/cleanup[14747]: 6C25810046C0C: message-id=<4F94335D.9000704@welldone-communications.com>
Apr 22 23:42:53 WELLDONE2 postfix/qmgr[14543]: 6C25810046C0C: from=<admin@welldone-communications.com>, size=1400, nrcpt=1 (queue active)
Apr 22 23:42:53 WELLDONE2 postfix/smtpd[14812]: disconnect from localhost[127.0.0.1]
Apr 22 23:42:53 WELLDONE2 amavis[3780]: (03780-02) FWD via SMTP: <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>,BODY=7BIT 250 2.0.0 Ok, id=03780-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6C25810046C0C
Apr 22 23:42:53 WELLDONE2 amavis[3780]: (03780-02) Passed, <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>, quarantine 3PMNyum3dRAS, Message-ID: <4F94335D.9000704@welldone-communications.com>,
Apr 22 23:42:53 WELLDONE2 amavis[3780]: (03780-02) Hits: -0.199
Apr 22 23:42:53 WELLDONE2 amavis[3780]: (03780-02) Passed CLEAN, <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>, Hits: -0.199, tag=0, tag2=5, kill=5, queued_as: 6C25810046C0C, 0/Y/0/0
Apr 22 23:42:53 WELLDONE2 postfix/smtp[14779]: B256510046C0B: to=<bouvy@padepokan-suralaya.co.cc>, relay=127.0.0.1[127.0.0.1]:10024, delay=2, delays=0.63/0/0/1.4, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=03780-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6C25810046C0C)
Apr 22 23:42:53 WELLDONE2 postfix/qmgr[14543]: B256510046C0B: removed
Apr 22 23:43:14 WELLDONE2 postfix/smtp[14548]: connect to aspmx.l.google.com[209.85.225.27]:25: Connection timed out
Apr 22 23:43:26 WELLDONE2 dovecot: pop3-login: Login: user=<admin@welldone-communications.com>, method=PLAIN, rip=111.94.127.137, lip=192.168.10.9, TLS
Apr 22 23:43:29 WELLDONE2 dovecot: POP3(admin@welldone-communications.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/1399, size=60612792
Apr 22 23:43:35 WELLDONE2 postfix/smtp[14548]: connect to alt2.aspmx.l.google.com[74.125.45.27]:25: Connection timed out
Apr 22 23:43:56 WELLDONE2 postfix/smtp[14548]: connect to alt1.aspmx.l.google.com[209.85.225.27]:25: Connection timed out
Apr 22 23:44:17 WELLDONE2 postfix/smtp[14548]: connect to aspmx5.googlemail.com[74.125.157.27]:25: Connection timed out
Apr 22 23:44:38 WELLDONE2 postfix/smtp[14548]: connect to aspmx2.googlemail.com[74.125.43.27]:25: Connection timed out
Apr 22 23:44:38 WELLDONE2 postfix/smtp[14548]: 6C25810046C0C: to=<bouvy@padepokan-suralaya.co.cc>, relay=none, delay=105, delays=0.03/0/105/0, dsn=4.4.1, status=deferred (connect to aspmx2.googlemail.com[74.125.43.27]:25: Connection timed out)

2. I disable the #smtp inet n - - - - smtpd on master.cf.mas, change into 587 inet n - - - - smtpd,
i can send only to our local user, when sending email outside, on log I see mailserver still using port 25.
i cannot receive or send email from outside.

below is some log when i use no 2 setting, and send email to outside.

Apr 22 23:30:03 WELLDONE2 postfix/smtp[12018]: connect to alt2.gmail-smtp-in.l.google.com[173.194.73.26]:25: Connection timed out
Apr 22 23:30:24 WELLDONE2 postfix/smtp[12018]: connect to alt3.gmail-smtp-in.l.google.com[173.194.66.26]:25: Connection timed out
Apr 22 23:30:45 WELLDONE2 postfix/smtp[12018]: connect to alt4.gmail-smtp-in.l.google.com[173.194.65.26]:25: Connection timed out
Apr 22 23:30:45 WELLDONE2 postfix/smtp[12018]: B9D2B10046BE7: to=<cyrila06production@gmail.com>, relay=none, delay=191707, delays=191601/0.02/105/0, dsn=4.4.1, status=deferred (connect to alt4.gmail-smtp-in.l.google.com[173.194.65.26]:25: Connection timed out)
Apr 22 23:30:45 WELLDONE2 postfix/smtp[12018]: B9D2B10046BE7: to=<indralestarya@gmail.com>, relay=none, delay=191707, delays=191601/0.02/105/0, dsn=4.4.1, status=deferred (connect to alt4.gmail-smtp-in.l.google.com[173.194.65.26]:25: Connection timed out)

both setting is not using smarthost from our ISP.

Thanks.
« Last Edit: May 24, 2012, 12:09:27 am by B_Khuwera »

christian

  • Guest
Re: how to enable outgoing to use only port 587
« Reply #1 on: April 22, 2012, 10:16:02 pm »
I'm not sure to understand the very detail but feel you are confused with "outgoing" network port.
What decides about port to be used is not client but server.
Supposing you could lock this client-side (here your Postfix MTA), then you will be able to communicate only with MTA listening on this port.
Not all servers implement ESMTP and TLS.

Second point: in case your ISP is not able to handle the load due to too many clients sending mail, your MTA should keep non delivered mail in queue and retry except if you have tuned too much aggressive MTA.

B_Khuwera

  • Zen Monk
  • **
  • Posts: 51
  • Karma: +0/-1
    • View Profile
Re: how to enable outgoing to use only port 587
« Reply #2 on: April 23, 2012, 06:22:51 am »
Hello Christian,

yes i confused with the "outgoing mail" port on zentyal postfix, and yes its decide by the server.
on client side, its fine using 25 or 465 or 587 and STARTTLS option for sending mail.
client can send only to local account/user created on zentyal mailserver,
client can receive all incoming mail.

but client cannot send email to outside LAN, our zentyal mailserver send outgoing emails using port 25 only,
cannot send using other port except it mention on smarthost option.
if i empty the smarthost option, it send mail using port 25 again, not port 587 as i expected.

i attacth the master.cf.mas and main.cf.mas, please see and kindly show me what am i do wrong.
right now mailserver is use ISP smarthost on 587, where can i see if our mail is agresive MTA ?

Thanks






christian

  • Guest
Re: how to enable outgoing to use only port 587
« Reply #3 on: April 23, 2012, 07:05:52 am »
Default settings should be ok.
More detail about this tuning here

My understanding is that you have no choice: you do have to use smarthost provided by your ISP because outgoing port 25 is, otherwise, blocked. The only problem is that you have to figure out why some mails are not delivered.

Rather than main and master files, could you post error messages describing mail non-delivery?

B_Khuwera

  • Zen Monk
  • **
  • Posts: 51
  • Karma: +0/-1
    • View Profile
Re: how to enable outgoing to use only port 587
« Reply #4 on: April 23, 2012, 08:04:33 am »
I try to send mail to mail private account on google and got this from log


Apr 23 12:44:38 WELLDONE2 postfix/smtpd[1857]: connect from unknown[111.94.127.137]
Apr 23 12:44:39 WELLDONE2 postfix/smtpd[1857]: setting up TLS connection from unknown[111.94.127.137]
Apr 23 12:44:40 WELLDONE2 postfix/smtpd[1857]: Anonymous TLS connection established from unknown[111.94.127.137]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Apr 23 12:44:42 WELLDONE2 postfix/smtpd[1857]: 9758E1003F5A9: client=unknown[111.94.127.137], sasl_method=PLAIN, sasl_username=admin@welldone-communications.com
Apr 23 12:44:43 WELLDONE2 postfix/cleanup[1747]: 9758E1003F5A9: message-id=<4F94EA92.5080001@welldone-communications.com>
Apr 23 12:44:43 WELLDONE2 postfix/qmgr[31683]: 9758E1003F5A9: from=<admin@welldone-communications.com>, size=755, nrcpt=1 (queue active)
Apr 23 12:44:43 WELLDONE2 amavis[713]: (00713-07) ESMTP::10024 /var/lib/amavis/amavis-20120423T122516-00713: <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc> SIZE=755 Received: from mail.welldone-communications.com ([127.0.0.1]) by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <bouvy@padepokan-suralaya.co.cc>; Mon, 23 Apr 2012 12:44:43 +0700 (WIT)
Apr 23 12:44:43 WELLDONE2 amavis[713]: (00713-07) Checking: X400rGo+I5Yt [111.94.127.137] <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>
Apr 23 12:44:43 WELLDONE2 amavis[713]: (00713-07) Open relay? Nonlocal recips but not originating: bouvy@padepokan-suralaya.co.cc
Apr 23 12:44:43 WELLDONE2 postfix/smtpd[1868]: connect from localhost[127.0.0.1]
Apr 23 12:44:43 WELLDONE2 postfix/smtpd[1868]: 832701003FD31: client=localhost[127.0.0.1]
Apr 23 12:44:43 WELLDONE2 postfix/cleanup[1747]: 832701003FD31: message-id=<4F94EA92.5080001@welldone-communications.com>
Apr 23 12:44:43 WELLDONE2 postfix/qmgr[31683]: 832701003FD31: from=<admin@welldone-communications.com>, size=1257, nrcpt=1 (queue active)
Apr 23 12:44:43 WELLDONE2 postfix/smtpd[1868]: disconnect from localhost[127.0.0.1]
Apr 23 12:44:43 WELLDONE2 amavis[713]: (00713-07) FWD via SMTP: <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>,BODY=7BIT 250 2.0.0 Ok, id=00713-07, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 832701003FD31
Apr 23 12:44:43 WELLDONE2 amavis[713]: (00713-07) Passed, <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>, quarantine X400rGo+I5Yt, Message-ID: <4F94EA92.5080001@welldone-communications.com>,
Apr 23 12:44:43 WELLDONE2 amavis[713]: (00713-07) Hits: -0.199
Apr 23 12:44:43 WELLDONE2 amavis[713]: (00713-07) Passed CLEAN, <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>, Hits: -0.199, tag=0, tag2=5, kill=5, queued_as: 832701003FD31, 0/Y/0/0
Apr 23 12:44:43 WELLDONE2 postfix/smtp[1859]: 9758E1003F5A9: to=<bouvy@padepokan-suralaya.co.cc>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.3, delays=1.2/0/0/0.12, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=00713-07, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 832701003FD31)
Apr 23 12:44:43 WELLDONE2 postfix/qmgr[31683]: 9758E1003F5A9: removed
Apr 23 12:44:43 WELLDONE2 postfix/smtpd[1857]: disconnect from unknown[111.94.127.137]

Apr 23 12:44:46 WELLDONE2 postfix/smtp[1872]: certificate verification failed for smtp.telkom.net[222.124.18.79]:587: untrusted issuer /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com

Apr 23 12:44:56 WELLDONE2 postfix/smtp[1872]: 832701003FD31: to=<bouvy@padepokan-suralaya.co.cc>, relay=smtp.telkom.net[222.124.18.79]:587, delay=13, delays=0/0/4.5/8, dsn=5.7.1, status=bounced (host smtp.telkom.net[222.124.18.79] said: 554 5.7.1 Message refused by DeepHeader check. This email has been rejected. The email message was detected as spam. (in reply to end of DATA command))


Apr 23 12:44:56 WELLDONE2 postfix/cleanup[1747]: 17CA01003F5A9: message-id=<20120423054456.17CA01003F5A9@WELLDONE2>
Apr 23 12:44:56 WELLDONE2 postfix/bounce[1925]: 832701003FD31: sender non-delivery notification: 17CA01003F5A9
Apr 23 12:44:56 WELLDONE2 postfix/qmgr[31683]: 17CA01003F5A9: from=<>, size=3455, nrcpt=1 (queue active)
Apr 23 12:44:56 WELLDONE2 postfix/qmgr[31683]: 832701003FD31: removed
Apr 23 12:44:56 WELLDONE2 dovecot: deliver(admin@welldone-communications.com): msgid=<20120423054456.17CA01003F5A9@WELLDONE2>: saved mail to INBOX
Apr 23 12:44:56 WELLDONE2 postfix/pipe[1870]: 17CA01003F5A9: to=<admin@welldone-communications.com>, relay=dovecot, delay=0.01, delays=0/0/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)
Apr 23 12:44:56 WELLDONE2 postfix/qmgr[31683]: 17CA01003F5A9: removed
Apr 23 12:45:08 WELLDONE2 dovecot: pop3-login: Login: user=<admin@welldone-communications.com>, method=PLAIN, rip=111.94.127.137, lip=192.168.10.9, TLS
Apr 23 12:45:12 WELLDONE2 dovecot: POP3(admin@welldone-communications.com): Disconnected: Logged out top=0/0, retr=1/3551, del=0/1407, size=60652207
Apr 23 12:45:17 WELLDONE2 postfix/smtpd[1127]: lost connection after DATA (5489381 bytes) from mail-pb0-f45.google.com[209.85.160.45]
Apr 23 12:45:17 WELLDONE2 postfix/smtpd[1127]: disconnect from mail-pb0-f45.google.com[209.85.160.45]


what is the blue means? certificate false and our mail is in blacklist? now i got this in my INBOX

This is the mail system at host WELLDONE2.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<bouvy@padepokan-suralaya.co.cc>: host smtp.telkom.net[222.124.18.79] said: 554
    5.7.1 Message refused by DeepHeader check. This email has been rejected.
    The email message was detected as spam. (in reply to end of DATA command)

christian

  • Guest
Re: how to enable outgoing to use only port 587
« Reply #5 on: April 23, 2012, 08:31:58 am »
I'm a bit confused  :-[

Reason why you mail is rejected is because of spam tag. You should look at this first.
Then looking at log you attached:
- you connect from an IP (111.94.127.137) that is "unknown", meaning it looks like there is some DNS issue around (reverse DNS?)
- when I look at MX for welldone-communication.com, I get something different especially in term of IP address (look at attached pic)
- IP shown using MXtoolbox is also reported as "spammer"  :-[ reason why your email can be rejected.

So basically, you try to send mail from unknown MTA using domain name registered (referring to known MX for this domain) as spammer.  :-\
« Last Edit: April 23, 2012, 08:35:07 am by christian »

B_Khuwera

  • Zen Monk
  • **
  • Posts: 51
  • Karma: +0/-1
    • View Profile
Re: how to enable outgoing to use only port 587
« Reply #6 on: April 23, 2012, 09:33:21 pm »
Dear Christian,

- 111.94.127.137 is the IP when i try to send the email trough thunderbird client outside, i was out of the office that time. The real IP for mail.welldone-communications.com is 118.96.95.99,

- i will check about this spammer issues. I have this issue before right after installation, and already got it solve by asking new IP to ISP, but seems the new one 118.96.95.99 is also having problem now. My bad i did not regulary check the spamlist.

- but as for the outside IP, 111.94.137.137, or other IP that unfortunately listed on spamlist, when it send mail trough authentication 465 or 587 STARTTLS in our zentyal mail, 118.96.95.99, is still got bounced ?
i was at public place that time, so it is the public IP,  i notice and take a note about the IP before sending it, but what about our client connections connecting from outside the office?
i will test sending when i got in the office tomorrow.

so it doesńt have any relation with certificate i supposed?

i will inform the result regarding the spam...

regards

B_Khuwera

  • Zen Monk
  • **
  • Posts: 51
  • Karma: +0/-1
    • View Profile
Re: how to enable outgoing to use only port 587
« Reply #7 on: April 23, 2012, 11:17:00 pm »
Dear Christian,

do you know how to set reverse DNS to match smtp banner?
is it setting on postfix for the smtp banner?

Regards

christian

  • Guest
Re: how to enable outgoing to use only port 587
« Reply #8 on: April 24, 2012, 06:32:59 am »
none, this is done at DNS level, ensuring there is a PTR record (reverse DNS) matching your banner.
Idea here is to ensure, as much as possible, that MTA sending mail is what it claims to be in order to limit spam.
Although technically not mandatory, this is implemented by more and more MTA, so better to align it.

B_Khuwera

  • Zen Monk
  • **
  • Posts: 51
  • Karma: +0/-1
    • View Profile
Re: how to enable outgoing to use only port 587
« Reply #9 on: April 24, 2012, 03:54:29 pm »
Dear Christian,

Thanks for the help, i have call and fight on the phone with the ISP, now they ask me to wait as they said they would setup the reverse DNS for us.
This afternoon the mails start to flow, i still see the error for certificate but all mails got trough, i check the reverse DNS is not yet setup, even the blacklist is still there because the requirement is to have the reverse DNS setup properly. I do not know how, but for the time being mail is working again .. i will follow ISP for the reverse DNS.
after it setup, i will try to figure it to macth the smtp banner, i will update on this ..

Thanks n Regards


B_Khuwera

  • Zen Monk
  • **
  • Posts: 51
  • Karma: +0/-1
    • View Profile
Re: how to enable outgoing to use only port 587
« Reply #10 on: April 25, 2012, 11:18:06 pm »
Dear Christian,

still ISP do not resolve our issue for reverse DNS, they said to keep on wait for the next 48hours again. :(
i was checkup the mail.log and found out that if i send from inside LAN (at office) it got trough.
but if it is send from WAN (outside office) even using port 587 or 465 is it going to be rejected by ISP.

i cek the message source and see something,
if i send from inside the office, it got trough, the message source is like below
Received: from [192.168.10.100] (unknown [192.168.10.100])
   by WELLDONE2 (Postfix) with ESMTPSA id 8952D100322B2
   for <bouvy@padepokan-suralaya.co.cc>; Tue, 24 Apr 2012 14:56:56 +0700 (WIT)
if i send from ouside the office, it bounced, the message is like below
Received: from [192.168.77.199] (unknown [111.94.127.137])
   by WELLDONE2 (Postfix) with ESMTPSA id 2181110046C02
   for <bouvy@padepokan-suralaya.co.cc>; Wed, 25 Apr 2012 04:19:22 +0700 (WIT)
i think it was cause by the header.
i browse and look around for solution regarding rewriting the header in postfix, using regex, using header_checks option, etc and had no luck to make it work in zentyal.
i just wonder how to change the line "Received: from [192.168.77.199] (unknown [111.94.127.137])"
into something like "Received: from [192.168.10.9] (localhost [127.0.0.1])"
could you help me on this ?

Regards

toolman1967

  • Zen Apprentice
  • *
  • Posts: 25
  • Karma: +1/-0
    • View Profile
Re: how to enable outgoing to use only port 587
« Reply #11 on: April 26, 2012, 12:39:17 am »
Dear Christian,

still ISP do not resolve our issue for reverse DNS, they said to keep on wait for the next 48hours again. :(
i was checkup the mail.log and found out that if i send from inside LAN (at office) it got trough.
but if it is send from WAN (outside office) even using port 587 or 465 is it going to be rejected by ISP.

i cek the message source and see something,
if i send from inside the office, it got trough, the message source is like below
Received: from [192.168.10.100] (unknown [192.168.10.100])
   by WELLDONE2 (Postfix) with ESMTPSA id 8952D100322B2
   for <bouvy@padepokan-suralaya.co.cc>; Tue, 24 Apr 2012 14:56:56 +0700 (WIT)
if i send from ouside the office, it bounced, the message is like below
Received: from [192.168.77.199] (unknown [111.94.127.137])
   by WELLDONE2 (Postfix) with ESMTPSA id 2181110046C02
   for <bouvy@padepokan-suralaya.co.cc>; Wed, 25 Apr 2012 04:19:22 +0700 (WIT)
i think it was cause by the header.
i browse and look around for solution regarding rewriting the header in postfix, using regex, using header_checks option, etc and had no luck to make it work in zentyal.
i just wonder how to change the line "Received: from [192.168.77.199] (unknown [111.94.127.137])"
into something like "Received: from [192.168.10.9] (localhost [127.0.0.1])"
could you help me on this ?

Regards

B_Khuwera,

I run my own mail server use Zentyal and Zarafa,  I did not call my ISP and have them change the PTR and I have not made any change to the how Zarafa or Zenytal receives email.

In the mail server options tab I have setup my mail server to relay thru my iSP'S mail server so I have the smarthost set to outgoing.myisp.com:587 and smarthost authenitcation set to user & password (this is depended on your ISP) I do run in to some places that treats my email like spam but for the most I have no problems. I also have server mail name set to FQDN Hostname

I hope that this helps,

Toolman

christian

  • Guest
Re: how to enable outgoing to use only port 587
« Reply #12 on: April 26, 2012, 01:05:52 am »
Toolman,

This potential issue with PRT only occurs in case you don't want, for some reason, to rely on your provider, which is what we are currently discussing.
If you relay, the such problem doesn't exist  ;)

B_Khuwera

  • Zen Monk
  • **
  • Posts: 51
  • Karma: +0/-1
    • View Profile
Re: how to enable outgoing to use only port 587
« Reply #13 on: April 26, 2012, 10:56:17 pm »
I also done the same with you Toolman, send it to ISP's smarthost:587 using the account from them, but as i said before
unfortunately the ISP smarthost sometimes during work hour were over loaded with heavy mail traffic due to closing of port 25, and our mails cannot got trough them. so some mail got trough :), and some don't. :(,

so as Christian said, I like to consider other options like using just the zentyal and internet connection from ISP using opened port 587, no smarthost, and got stuck with spam issues from spamrat and blackholes.five-ten-sg.com (all with "your IP is on spammer list subnet"), bounce mail and need PTR to resolve that.

I wonder why the spamlister organization just block the whole subnet, and ignore request of removing just one clean IP,
even they cannot prove my IP is sending a spam, just some IP in the ISP subnet doing so, and my IP got busted also.
but there's an option for some cash, they can remove you for sometime, and its only on some spamlister, not paying and got clean on whole spamlister organization. had to pay to each one of them i guess. so a working PTR is a must these days.
Like if you are really a good guy living in a bad neighbourhood, you are treated the same as bad as them, and you can pay the cop to mark you clean for sometime, and only on their jurisdiction. Outside that you have to pay again to some other . :))
PS : no offense mean to the good cop.

our ISP is not yet setup the reverse DNS as i requested, so i think i also have to call them every single day while experiment with the regex header change.

I just try to remove all header not replace, and mailfilter not working haha, i get back to the backup config before more spam coming, and mailfilter working again .. quite a rush watching the mail log. Back to regex reading again .. something i must be missing.. placement of header_checks options ? the regex itself ? perhaps its not in the postfix side, but on mailfilter side?
oh yes, now i close / drop all outgoing using port 25 to internet, just 587 and 465. incoming is not change, still accepting 25, 465, 587, 143 all with STARTTLS.

anyone ever had a success changing the mail header before sending it out in zentyal?

Regards

B_Khuwera

  • Zen Monk
  • **
  • Posts: 51
  • Karma: +0/-1
    • View Profile
Re: how to enable outgoing to use only port 587
« Reply #14 on: May 01, 2012, 11:55:43 pm »
Dear Christian

Finaly ISP have done setup the Reverse DNS, now i have this

gopit@MyRig-Lucid:~$ nslookup mail.welldone-communications.com
Server:      192.168.77.11
Address:   192.168.77.11#53

Non-authoritative answer:
mail.welldone-communications.com   canonical name = welldone-communications.com.
Name:   welldone-communications.com
Address: 118.96.95.99

gopit@MyRig-Lucid:~$ nslookup 118.96.95.99
Server:      192.168.77.11
Address:   192.168.77.11#53

Non-authoritative answer:
99.95.96.118.in-addr.arpa   name = mail.welldone-communications.com.
99.95.96.118.in-addr.arpa   name = 99.static.118-96-95.astinet.telkom.net.id.

Authoritative answers can be found from:
95.96.118.in-addr.arpa   nameserver = dns2.telkom.net.id.
95.96.118.in-addr.arpa   nameserver = dns1.telkom.net.id.

but the problem for sending out mail still the same, only send available from within the local LAN,
if i try to send email from outside the LAN using 587 STARTTLS or 465 STARTTLS, it bounced back saying
<bouvy@padepokan-suralaya.co.cc>: host smtp.telkom.net[222.124.18.79] said: 554
    5.7.1 Message refused by DeepHeader check. This email has been rejected.
    The email message was detected as spam. (in reply to end of DATA command)
but if i send the same email from within Local LAN, it got trough.
i check the mail source, there some different.
1. Send from within LAN to outside
Received: from mail.welldone-communications.com ([127.0.0.1])
   by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024)
   with ESMTP id izO1E6Ipicl6 for <bouvy@padepokan-suralaya.co.cc>;
   Wed,  2 May 2012 04:22:52 +0700 (WIT)
Received: from mail.welldone-communications.com (localhost [127.0.0.1])
   by mail.welldone-communications.com (Postfix) with ESMTP id A63A010046DFB
   for <bouvy@padepokan-suralaya.co.cc>; Wed,  2 May 2012 04:22:52 +0700 (WIT)

2. send from outside LAN to outside
Received: from mail.welldone-communications.com ([127.0.0.1])
   by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024)
   with ESMTP id PK8lOPj13fSk for <bouvy@padepokan-suralaya.co.cc>;
   Wed,  2 May 2012 03:42:27 +0700 (WIT)
Received: from [192.168.77.199] (unknown [111.94.40.87])
   by mail.welldone-communications.com (Postfix) with ESMTPSA id 693691003ECAF
   for <bouvy@padepokan-suralaya.co.cc>; Wed,  2 May 2012 03:42:27 +0700 (WIT)

Both the same if i use the ISP smarthost or not using ISP smarthost.

seems the process of DeepHeader check from ISP is making te problem, and have to use replace mail header using regex
and I still cannot done that.

Is it impossible to change mail header in zentyal? i use some tips from google using postfix but still no luck.

Regards