Author Topic: [SOLVED] how to enable outgoing to use only port 587  (Read 22490 times)

christian

  • Guest
Re: how to enable outgoing to use only port 587
« Reply #15 on: May 02, 2012, 07:10:54 am »
ouch!  :o I need to write it again on a paper to figure out which IP is where.
Reading quickly you email, I've the feeling (Am I wrong, that we discuss about PTR for private IP addresses (RFC1918). I definitely need to read again and draw at least a basic schema I can share with you.

Give me some time please and I'll come back to you.

In the meantime, do you confirm that:
- mail client is configure to send mail to Zentyal SMTP, either from the LAN or from outside. From outside, it works thanks to authentication.
- Then Zentyal SMTP can be configured either to send mail directly or to relay via smarthost...

christian

  • Guest
Re: how to enable outgoing to use only port 587
« Reply #16 on: May 02, 2012, 08:52:20 am »
I looked closer at your message. Here is my comment:

Message is not delivered because tagged as spam, this is very clear. and I confirm that welldone-communications.com is still shown as spammer by Spam-rats.
Look at this.

Thus if you do not relay via smarthost, your mail will be rejected (although it looks like you explain the opposite  ::) )

gopit@MyRig-Lucid:~$ nslookup mail.welldone-communications.com
Server:      192.168.77.11
Address:   192.168.77.11#53

Non-authoritative answer:
mail.welldone-communications.com   canonical name = welldone-communications.com.
Name:   welldone-communications.com
Address: 118.96.95.99

gopit@MyRig-Lucid:~$ nslookup 118.96.95.99
Server:      192.168.77.11
Address:   192.168.77.11#53
Non-authoritative answer:
99.95.96.118.in-addr.arpa   name = mail.welldone-communications.com.
99.95.96.118.in-addr.arpa   name = 99.static.118-96-95.astinet.telkom.net.id.
Authoritative answers can be found from:
95.96.118.in-addr.arpa   nameserver = dns2.telkom.net.id.
95.96.118.in-addr.arpa   nameserver = dns1.telkom.net.id.

above shows that DNS, and PTR, record  is now set for 118.96.95.99
However, it sets multiple records for same IP. Wrong idea  :-X

Quote
<bouvy@padepokan-suralaya.co.cc>: host smtp.telkom.net[222.124.18.79] said: 554
    5.7.1 Message refused by DeepHeader check. This email has been rejected.
    The email message was detected as spam. (in reply to end of DATA command)

This is clearly rejected "as spam"

Quote
1. Send from within LAN to outside
Received: from mail.welldone-communications.com ([127.0.0.1])
   by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024)
   with ESMTP id izO1E6Ipicl6 for <bouvy@padepokan-suralaya.co.cc>;
   Wed,  2 May 2012 04:22:52 +0700 (WIT)
Received: from mail.welldone-communications.com (localhost [127.0.0.1])
   by mail.welldone-communications.com (Postfix) with ESMTP id A63A010046DFB
   for <bouvy@padepokan-suralaya.co.cc>; Wed,  2 May 2012 04:22:52 +0700 (WIT)

Quote
2. send from outside LAN to outside
Received: from mail.welldone-communications.com ([127.0.0.1])
   by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024)
   with ESMTP id PK8lOPj13fSk for <bouvy@padepokan-suralaya.co.cc>;
   Wed,  2 May 2012 03:42:27 +0700 (WIT)
Received: from [192.168.77.199] (unknown [111.94.40.87])
   by mail.welldone-communications.com (Postfix) with ESMTPSA id 693691003ECAF
   for <bouvy@padepokan-suralaya.co.cc>; Wed,  2 May 2012 03:42:27 +0700 (WIT)

192.168.77.199 is your IP address, I mean the one from your mail client. it has no impact.
However, why do you relay via 111.94.40.87 that is unknown (meaning no PTR)

Quote
seems the process of DeepHeader check from ISP is making te problem, and have to use replace mail header using regex
and I still cannot done that.

Hopefully, you are not supposed to forge SMTP headers otherwise you will be tagged as spammer  ;D ;D ;D
To me, problems are:
- your MTA IP belonging to range tagged as spammer
- use of MTA without PTR when outside. why not relaying via Zentyal? or do you have multiple IP for this server?

B_Khuwera

  • Zen Monk
  • **
  • Posts: 51
  • Karma: +0/-1
    • View Profile
Re: how to enable outgoing to use only port 587
« Reply #17 on: May 06, 2012, 02:25:16 pm »
Dear Christian
Sorry for late respond, i was out of town due to family loss almost this whole week

reply from your mail at may 2nd 2012,
- yes, its was mutliple records on the same IP, I ask the ISP to change that but seems the procedure gonna take some days as before :(
- sorry if its a long description, please be patient with me.:)

- 192.168.77.199 is your IP address, I mean the one from your mail client. it has no impact.
However, why do you relay via 111.94.40.87 that is unknown (meaning no PTR)
I was at my house and i also use zentyal as gateway for my home network used by my wife, daughter, little brother, sister and some neighbors, in total share internet to 12 user. we do share the internet cost :)
the 111.94.40.87 is the dynamic public IP (ADSL) in external network of my home zentyal network.


-Hopefully, you are not supposed to forge SMTP headers otherwise you will be tagged as spammer - :) Realy, i just want to send legitimate mail to outide world from my thunderbird using the office account like the old days. :)
To me, problems are:
- your MTA IP belonging to range tagged as spammer
too bad :( almost all ISP in my country who release dynamic public IP were within this range.
even welldone communictions.com static IP is used to be in range. i contact many spamlisted organization to remove this, and suddenly out of nowhere, spamrats insist for the PTR .. 

- use of MTA without PTR when outside. why not relaying via Zentyal? or do you have multiple IP for this server?
i am not using my home zentyal as mailserver and i just have this one dynamic IP from ISP. so i use zentyal as gateway, proxy with adblock and content filter, fileserver and virtualbox to share it in my house and some neighbors.
192.168.77.19x/24 is my internal home network,
192.168.77.11 its internal IP of my home zentyal,
111.94.40.87 its the external IP of my home zentyal.
( Zentyal is working great in my house :)) )
my home using FirstMedia as ISP , and at office Welldone Communications.com is using Telkom Speedy.
no i do not have other IP for this:(


In the meantime, do you confirm that:
- mail client is configure to send mail to Zentyal SMTP, either from the LAN or from outside. From outside, it works thanks to authentication.
Almost correct. The Welldone Communications mail server is configured to send email from both LAN and outside, yes it works using authentication, and now workin with port 25, 587 and 465. but when i send using client from outside to outside world, it got bounced back, when I see the log mail, the difference is just the part of header check as before mail, Please see the different between delivered mail (green) adn bounce back mail (red)

Received: from mail.welldone-communications.com (localhost [127.0.0.1]) -- Sample mail send form inside LAN.
   by mail.welldone-communications.com (Postfix) with ESMTP id A63A010046DFB
   for <bouvy@padepokan-suralaya.co.cc>; Wed,  2 May 2012 04:22:52 +0700 (WIT)


Received: from [192.168.77.199] (unknown [111.94.40.87]) - This send by thunderbird from my house
   by mail.welldone-communications.com (Postfix) with ESMTPSA id 693691003ECAF
   for <bouvy@padepokan-suralaya.co.cc>; Wed,  2 May 2012 03:42:27 +0700 (WIT)

- Then Zentyal SMTP can be configured either to send mail directly or to relay via smarthost...
before the ISP close all outgoing port 25, the server is working flawlessy for about a year, i was not using ISP smart host at those time but use only the mailserver it self... but when ISP decide to close port 25 and open more secure port as 587 and 465, the problem begin to rise. even if i used the ISP smarthost port 587 or 465.

Seems right now the ISP used by welldone communications.com is using spam filtering technic so called Deep Header Check. and since then welldone communications mailserver begin to experience this trouble. can only send from inside LAN to anywhere .. sending from outside LAN to outside wolrd is giving the same result, bounced ...

using regex to change the header will end up being mark as spammer? I think almost all public mail service like google mail is also remove original IP sender for their user. and change it into theirs... right?
fortunately i still strugle to use the regex to change the header and still cannot change it in zentyal .. stiil looking for some opinion and help for this.
I the mean time i still pursuing the perfect PTR record by the ISP. I report it back when its done

Many Big Thanks n Regards

Bouvy
« Last Edit: May 11, 2012, 04:22:54 pm by B_Khuwera »

christian

  • Guest
Re: how to enable outgoing to use only port 587
« Reply #18 on: May 06, 2012, 04:05:32 pm »
Bouvy,

I'm afraid we will go nowhere with such approach because you show only truncated headers, so it's quite difficult to understand or confirm that you extracted the relevant information.

Mail delivery is made of multiple steps:
- first one from MUA to MTA (MUA is your mail client, e.g. Thunderbird, Outlook or webmail client), MTA (standing for Mail Transfer Agent) is your mail server (f.i. Postfix)
- then you may have one or multiple steps from MTA to MTA (shortest case is when "your" MTA delivers directly to recipient's MTA) but you may also have multiple MTA to MTA steps when mail is transferred from anti-virus to anti-spam.
- last step is when MTA sends to MDA (Mail Delivery Agent)
- all these steps (except the MDA step) are stored in mail header and all have to be checked in case of mail routing problem.

1 - Which one do you want to forge and why?
2 - SMTP error code is missing. Is it always "spam detected"?

B_Khuwera

  • Zen Monk
  • **
  • Posts: 51
  • Karma: +0/-1
    • View Profile
Re: how to enable outgoing to use only port 587
« Reply #19 on: May 09, 2012, 09:21:55 pm »
Dear Christian,

1 - Which one do you want to forge and why?
I need to change only the header on MUA to MTA, i send you the log for this below and from where / what i use to send it.

Below is the mail.log when i use thunderbird from outside office send to my account hosted at google.
May 10 01:51:11 WELLDONE2 postfix/smtpd[2773]: connect from unknown[111.94.40.87]
May 10 01:51:11 WELLDONE2 postfix/smtpd[2773]: setting up TLS connection from unknown[111.94.40.87]
May 10 01:51:11 WELLDONE2 postfix/smtpd[2773]: Anonymous TLS connection established from unknown[111.94.40.87]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
May 10 01:51:12 WELLDONE2 postfix/smtpd[2773]: 0A9DB1002EF9D: client=unknown[111.94.40.87], sasl_method=PLAIN, sasl_username=admin@welldone-communications.com
May 10 01:51:12 WELLDONE2 postfix/cleanup[2777]: 0A9DB1002EF9D: message-id=<4FAABA36.7080500@welldone-communications.com>
May 10 01:51:12 WELLDONE2 postfix/qmgr[1867]: 0A9DB1002EF9D: from=<admin@welldone-communications.com>, size=731, nrcpt=1 (queue active)
May 10 01:51:12 WELLDONE2 amavis[20059]: (20059-10) ESMTP::10024 /var/lib/amavis/amavis-20120509T191708-20059: <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc> SIZE=731 Received: from mail.welldone-communications.com ([127.0.0.1]) by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <bouvy@padepokan-suralaya.co.cc>; Thu, 10 May 2012 01:51:12 +0700 (WIT)
May 10 01:51:12 WELLDONE2 postfix/smtpd[2773]: disconnect from unknown[111.94.40.87]
May 10 01:51:12 WELLDONE2 amavis[20059]: (20059-10) Checking: Ct8nP0AKdurh [111.94.40.87] <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>
May 10 01:51:12 WELLDONE2 amavis[20059]: (20059-10) Open relay? Nonlocal recips but not originating: bouvy@padepokan-suralaya.co.cc
May 10 01:51:15 WELLDONE2 postfix/smtpd[2782]: connect from localhost[127.0.0.1]
May 10 01:51:15 WELLDONE2 postfix/smtpd[2782]: 6CD7710048BD5: client=localhost[127.0.0.1]
May 10 01:51:15 WELLDONE2 postfix/cleanup[2783]: 6CD7710048BD5: message-id=<4FAABA36.7080500@welldone-communications.com>
May 10 01:51:15 WELLDONE2 postfix/qmgr[1867]: 6CD7710048BD5: from=<admin@welldone-communications.com>, size=1256, nrcpt=1 (queue active)
May 10 01:51:15 WELLDONE2 postfix/smtpd[2782]: disconnect from localhost[127.0.0.1]
May 10 01:51:15 WELLDONE2 amavis[20059]: (20059-10) FWD via SMTP: <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>,BODY=7BIT 250 2.0.0 Ok, id=20059-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6CD7710048BD5
May 10 01:51:15 WELLDONE2 amavis[20059]: (20059-10) Passed, <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>, quarantine Ct8nP0AKdurh, Message-ID: <4FAABA36.7080500@welldone-communications.com>,
May 10 01:51:15 WELLDONE2 amavis[20059]: (20059-10) Hits: -0.2
May 10 01:51:15 WELLDONE2 amavis[20059]: (20059-10) Passed CLEAN, <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>, Hits: -0.2, tag=0, tag2=5, kill=5, queued_as: 6CD7710048BD5, 0/Y/0/0
May 10 01:51:15 WELLDONE2 postfix/smtp[2778]: 0A9DB1002EF9D: to=<bouvy@padepokan-suralaya.co.cc>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.4, delays=0.12/0.01/0/3.3, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=20059-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6CD7710048BD5)
May 10 01:51:15 WELLDONE2 postfix/qmgr[1867]: 0A9DB1002EF9D: removed
May 10 01:51:16 WELLDONE2 postfix/smtp[2784]: certificate verification failed for smtp.telkom.net[222.124.18.79]:25: untrusted issuer /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com
May 10 01:51:23 WELLDONE2 postfix/smtp[2784]: 6CD7710048BD5: to=<bouvy@padepokan-suralaya.co.cc>, relay=smtp.telkom.net[222.124.18.79]:25, delay=8, delays=0.01/0.01/0.81/7.1, dsn=5.7.1, status=bounced (host smtp.telkom.net[222.124.18.79] said: 554 5.7.1 Message refused by DeepHeader check. This email has been rejected. The email message was detected as spam. (in reply to end of DATA command))
May 10 01:51:23 WELLDONE2 postfix/cleanup[2783]: 6169E1002EF9D: message-id=<20120509185123.6169E1002EF9D@mail.welldone-communications.com>
May 10 01:51:23 WELLDONE2 postfix/bounce[2815]: 6CD7710048BD5: sender non-delivery notification: 6169E1002EF9D
May 10 01:51:23 WELLDONE2 postfix/qmgr[1867]: 6169E1002EF9D: from=<>, size=3661, nrcpt=1 (queue active)
May 10 01:51:23 WELLDONE2 postfix/qmgr[1867]: 6CD7710048BD5: removed
May 10 01:51:23 WELLDONE2 dovecot: deliver(admin@welldone-communications.com): msgid=<20120509185123.6169E1002EF9D@mail.welldone-communications.com>: saved mail to INBOX
May 10 01:51:23 WELLDONE2 postfix/pipe[2816]: 6169E1002EF9D: to=<admin@welldone-communications.com>, relay=dovecot, delay=0.02, delays=0/0/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)
May 10 01:51:23 WELLDONE2 postfix/qmgr[1867]: 6169E1002EF9D: removed

and my email is bounced back with notice on my MUA is below,

From - Thu May 10 01:44:08 2012
X-Account-Key: account6
X-UIDL: 0000be804d16c61c
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-Path: <MAILER-DAEMON>
Delivered-To: admin@welldone-communications.com
Received: by mail.welldone-communications.com (Postfix)
   id 6169E1002EF9D; Thu, 10 May 2012 01:51:23 +0700 (WIT)
Date: Thu, 10 May 2012 01:51:23 +0700 (WIT)
From: MAILER-DAEMON@mail.welldone-communications.com (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: admin@welldone-communications.com
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
   boundary="6CD7710048BD5.1336589483/mail.welldone-communications.com"
Content-Transfer-Encoding: 7bit
Message-Id: <20120509185123.6169E1002EF9D@mail.welldone-communications.com>

This is a MIME-encapsulated message.

--6CD7710048BD5.1336589483/mail.welldone-communications.com
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii

This is the mail system at host mail.welldone-communications.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<bouvy@padepokan-suralaya.co.cc>: host smtp.telkom.net[222.124.18.79] said: 554
    5.7.1 Message refused by DeepHeader check. This email has been rejected.
    The email message was detected as spam. (in reply to end of DATA command)

--6CD7710048BD5.1336589483/mail.welldone-communications.com
Content-Description: Delivery report
Content-Type: message/delivery-status

Reporting-MTA: dns; mail.welldone-communications.com
X-Postfix-Queue-ID: 6CD7710048BD5
X-Postfix-Sender: rfc822; admin@welldone-communications.com
Arrival-Date: Thu, 10 May 2012 01:51:15 +0700 (WIT)

Final-Recipient: rfc822; bouvy@padepokan-suralaya.co.cc
Original-Recipient: rfc822;bouvy@padepokan-suralaya.co.cc
Action: failed
Status: 5.7.1
Remote-MTA: dns; smtp.telkom.net
Diagnostic-Code: smtp; 554 5.7.1 Message refused by DeepHeader check. This
    email has been rejected. The email message was detected as spam.

--6CD7710048BD5.1336589483/mail.welldone-communications.com
Content-Description: Undelivered Message
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit

Return-Path: <admin@welldone-communications.com>
Received: from localhost (localhost [127.0.0.1])
   by mail.welldone-communications.com (Postfix) with ESMTP id 6CD7710048BD5
   for <bouvy@padepokan-suralaya.co.cc>; Thu, 10 May 2012 01:51:15 +0700 (WIT)
X-Virus-Scanned: by amavisd-new-2.6.4 (20090625) (Debian) at localdomain
Received: from mail.welldone-communications.com ([127.0.0.1])
   by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024)
   with ESMTP id Ct8nP0AKdurh for <bouvy@padepokan-suralaya.co.cc>;
   Thu, 10 May 2012 01:51:12 +0700 (WIT)
Received: from [192.168.77.199] (unknown [111.94.40.87])
   by mail.welldone-communications.com (Postfix) with ESMTPSA id 0A9DB1002EF9D
   for <bouvy@padepokan-suralaya.co.cc>; Thu, 10 May 2012 01:51:12 +0700 (WIT)
Message-ID: <4FAABA36.7080500@welldone-communications.com>
Date: Thu, 10 May 2012 01:40:54 +0700
From: Admin WDC <admin@welldone-communications.com>
Reply-To: admin@welldone-communications.com
Organization: Welldone Communications
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: 'Bouvy Teguh Artono' <bouvy@padepokan-suralaya.co.cc>
Subject: test
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

test

--6CD7710048BD5.1336589483/mail.welldone-communications.com--


Below is the mail.log when i use webmail from outside office send to my account hosted at google.
May 10 01:58:13 WELLDONE2 dovecot: imap-login: Login: user=<admin@welldone-communications.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
May 10 01:58:13 WELLDONE2 postfix/smtpd[3059]: connect from localhost[127.0.0.1]
May 10 01:58:13 WELLDONE2 postfix/smtpd[3059]: 88D921002EF9D: client=localhost[127.0.0.1]
May 10 01:58:13 WELLDONE2 postfix/cleanup[3062]: 88D921002EF9D: message-id=<e5a5b4119c95ec5f78ffc0839928536d@127.0.0.1>
May 10 01:58:13 WELLDONE2 postfix/qmgr[1867]: 88D921002EF9D: from=<admin@welldone-communications.com>, size=641, nrcpt=1 (queue active)
May 10 01:58:13 WELLDONE2 dovecot: IMAP(admin@welldone-communications.com): Disconnected: Logged out bytes=470/566
May 10 01:58:13 WELLDONE2 postfix/smtpd[3059]: disconnect from localhost[127.0.0.1]
May 10 01:58:13 WELLDONE2 amavis[23095]: (23095-08) ESMTP::10024 /var/lib/amavis/amavis-20120509T210042-23095: <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc> SIZE=641 BODY=8BITMIME Received: from mail.welldone-communications.com ([127.0.0.1]) by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <bouvy@padepokan-suralaya.co.cc>; Thu, 10 May 2012 01:58:13 +0700 (WIT)
May 10 01:58:13 WELLDONE2 amavis[23095]: (23095-08) Checking: ttopoRPDXh6r [127.0.0.1] <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>
May 10 01:58:13 WELLDONE2 amavis[23095]: (23095-08) Open relay? Nonlocal recips but not originating: bouvy@padepokan-suralaya.co.cc
May 10 01:58:13 WELLDONE2 dovecot: imap-login: Login: user=<admin@welldone-communications.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
May 10 01:58:13 WELLDONE2 dovecot: IMAP(admin@welldone-communications.com): Disconnected: Logged out bytes=499/30523
May 10 01:58:14 WELLDONE2 dovecot: imap-login: Login: user=<admin@welldone-communications.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
May 10 01:58:14 WELLDONE2 dovecot: IMAP(admin@welldone-communications.com): Disconnected: Logged out bytes=392/3721
May 10 01:58:16 WELLDONE2 postfix/smtpd[3074]: connect from localhost[127.0.0.1]
May 10 01:58:16 WELLDONE2 postfix/smtpd[3074]: D244010048BCB: client=localhost[127.0.0.1]
May 10 01:58:16 WELLDONE2 postfix/cleanup[3062]: D244010048BCB: message-id=<e5a5b4119c95ec5f78ffc0839928536d@127.0.0.1>
May 10 01:58:16 WELLDONE2 postfix/qmgr[1867]: D244010048BCB: from=<admin@welldone-communications.com>, size=1166, nrcpt=1 (queue active)
May 10 01:58:16 WELLDONE2 amavis[23095]: (23095-08) FWD via SMTP: <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>,BODY=7BIT 250 2.0.0 Ok, id=23095-08, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D244010048BCB
May 10 01:58:16 WELLDONE2 postfix/smtpd[3074]: disconnect from localhost[127.0.0.1]
May 10 01:58:16 WELLDONE2 amavis[23095]: (23095-08) Passed, <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>, quarantine ttopoRPDXh6r, Message-ID: <e5a5b4119c95ec5f78ffc0839928536d@127.0.0.1>,
May 10 01:58:16 WELLDONE2 amavis[23095]: (23095-08) Hits: -0.2
May 10 01:58:16 WELLDONE2 amavis[23095]: (23095-08) Passed CLEAN, <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>, Hits: -0.2, tag=0, tag2=5, kill=5, queued_as: D244010048BCB, 0/Y/0/0
May 10 01:58:16 WELLDONE2 postfix/smtp[3063]: 88D921002EF9D: to=<bouvy@padepokan-suralaya.co.cc>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.3, delays=0.01/0.01/0/3.3, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=23095-08, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D244010048BCB)
May 10 01:58:16 WELLDONE2 postfix/qmgr[1867]: 88D921002EF9D: removed
May 10 01:58:17 WELLDONE2 postfix/smtp[3075]: certificate verification failed for smtp.telkom.net[222.124.18.79]:25: untrusted issuer /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com
May 10 01:58:23 WELLDONE2 postfix/smtp[3075]: D244010048BCB: to=<bouvy@padepokan-suralaya.co.cc>, relay=smtp.telkom.net[222.124.18.79]:25, delay=6.4, delays=0/0.01/0.39/6, dsn=2.0.0, status=sent (250 2.0.0 q49IwH65025141-q49IwH67025141 Message accepted for delivery)
May 10 01:58:23 WELLDONE2 postfix/qmgr[1867]: D244010048BCB: removed

my email got trough, and i see the receive source as below

Delivered-To: bouvy@padepokan-suralaya.co.cc
Received: by 10.229.131.100 with SMTP id w36csp18207qcs;
        Wed, 9 May 2012 11:58:29 -0700 (PDT)
Received: by 10.68.217.37 with SMTP id ov5mr12210106pbc.25.1336589908652;
        Wed, 09 May 2012 11:58:28 -0700 (PDT)
Return-Path: <admin@welldone-communications.com>
Received: from smtp-out0248-sv2.telkom.net (smtp-out0248-sv2.telkom.net. [125.160.10.248])
        by mx.google.com with ESMTPS id ql3si147373pbc.183.2012.05.09.11.58.28
        (version=TLSv1/SSLv3 cipher=OTHER);
        Wed, 09 May 2012 11:58:28 -0700 (PDT)
Received-SPF: neutral (google.com: 125.160.10.248 is neither permitted nor denied by domain of admin@welldone-communications.com) client-ip=125.160.10.248;
Authentication-Results: mx.google.com; spf=neutral (google.com: 125.160.10.248 is neither permitted nor denied by domain of admin@welldone-communications.com) smtp.mail=admin@welldone-communications.com
Received: from [222.124.18.76] (helo=fm1.smtp.telkom.net)
   by smtp-out0248-sv2.telkom.net with esmtps (TLSv1:AES256-SHA:256)
   id 1SSC5i-0008VP-3C
   for bouvy@padepokan-suralaya.co.cc; Thu, 10 May 2012 01:58:26 +0700
Received: from mail.welldone-communications.com (99.static.118-96-95.astinet.telkom.net.id [118.96.95.99] (may be forged))
   by fm1.smtp.telkom.net  with ESMTP id q49IwH65025141-q49IwH67025141
   (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=CAFAIL)
   for <bouvy@padepokan-suralaya.co.cc>; Thu, 10 May 2012 01:58:23 +0700
Received: from localhost (localhost [127.0.0.1])
   by mail.welldone-communications.com (Postfix) with ESMTP id D244010048BCB
   for <bouvy@padepokan-suralaya.co.cc>; Thu, 10 May 2012 01:58:16 +0700 (WIT)
X-Virus-Scanned: by amavisd-new-2.6.4 (20090625) (Debian) at localdomain
Received: from mail.welldone-communications.com ([127.0.0.1])
   by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024)
   with ESMTP id ttopoRPDXh6r for <bouvy@padepokan-suralaya.co.cc>;
   Thu, 10 May 2012 01:58:13 +0700 (WIT)
Received: from mail.welldone-communications.com (localhost [127.0.0.1])
   by mail.welldone-communications.com (Postfix) with ESMTP id 88D921002EF9D
   for <bouvy@padepokan-suralaya.co.cc>; Thu, 10 May 2012 01:58:13 +0700 (WIT)
MIME-Version: 1.0
Date: Thu, 10 May 2012 01:58:13 +0700
From: <admin@welldone-communications.com>
To: <bouvy@padepokan-suralaya.co.cc>
Subject: test webmail to google
Message-ID: <e5a5b4119c95ec5f78ffc0839928536d@127.0.0.1>
X-Sender: admin@welldone-communications.com
User-Agent: RoundCube Webmail/0.3.1
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
 charset=UTF-8

test webmail to google

So i figure perhaps i could forged the header of outside office MUA like
Received: from [192.168.77.199] (unknown [111.94.40.87]
into something like webmail
Received: from mail.welldone-communications.com (localhost [127.0.0.1])

2 - SMTP error code is missing. Is it always "spam detected"?
Yes all email form outside office MUA going to outside account always giving this error as example,
Final-Recipient: rfc822; bouvy@padepokan-suralaya.co.cc
Original-Recipient: rfc822;bouvy@padepokan-suralaya.co.cc
Action: failed
Status: 5.7.1
Remote-MTA: dns; smtp.telkom.net
Diagnostic-Code: smtp; 554 5.7.1 Message refused by DeepHeader check. This
    email has been rejected. The email message was detected as spam.

I am on outside office duty for several days now, but i will try to send the log using inside office MUA.
the only spamlister is spamrats and one singaporean spamlister. spamrat asking for only one records in PTR, the singaporean spamlister doesn't have any info on how to remove that.
the PTR records is still got two records and I still ask the ISP to change that.

Thank n regards

Bouvy

christian

  • Guest
Re: how to enable outgoing to use only port 587
« Reply #20 on: May 10, 2012, 09:25:29 am »
I've to admit that I can't really focus on this keeping in mind that failure (here spam tag) might be due to MUA.
Many reasons:
- almost all MUA have an IP based on RFC1918, meaning private, meaning not resolved by public DNS
- quite a lot are "unknown" even internally
- such control, if any, should be done by the first MTA.

Well all of this to explain that your conclusion looks strange, at least to me, and therefore you willingness to forge header is even stranger.

Looking at your log (very exhaustive now, thank you), it looks like you send mail from admin@welldone-communications.com using your mail client (Thunderbird) to bouvy@padepokan-suralaya.co.cc
issue is not with you local (MUA) IP (192.168.77.199) but with 111.94.40.87 that looks like to be another MTA, not MUA.
Am I wrong ?

B_Khuwera

  • Zen Monk
  • **
  • Posts: 51
  • Karma: +0/-1
    • View Profile
Re: how to enable outgoing to use only port 587
« Reply #21 on: May 11, 2012, 04:21:51 pm »
Dear Christian,

You are correct about is not my MUA, because it can send mail into other local user account.
but it cannot send to other mail account other than local user account at welldone-communications.com

this is the mail source when i send email from admin welldone-communications.com using MUA in home to my test account in welldone-communications.com, email receive at my test account at welldone-communications.com

Return-Path: <admin@welldone-communications.com>
Delivered-To: bouvy@welldone-communications.com
Received: from localhost (localhost [127.0.0.1])
   by mail.welldone-communications.com (Postfix) with ESMTP id 50EFC10049351
   for <bouvy@welldone-communications.com>; Fri, 11 May 2012 19:55:39 +0700 (WIT)
X-Virus-Scanned: by amavisd-new-2.6.4 (20090625) (Debian) at localdomain
X-Spam-Flag: NO
X-Spam-Score: -0.2
X-Spam-Level:
X-Spam-Status: No, score=-0.2 required=5 tests=[ALL_TRUSTED=-1, BAYES_50=0.8]
   autolearn=no
Received: from mail.welldone-communications.com ([127.0.0.1])
   by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024)
   with ESMTP id pai5QAAoQTW8 for <bouvy@welldone-communications.com>;
   Fri, 11 May 2012 19:55:35 +0700 (WIT)
Received: from [192.168.77.199] (unknown [111.94.40.87])
   by mail.welldone-communications.com (Postfix) with ESMTPSA id AE8511004934F
   for <bouvy@welldone-communications.com>; Fri, 11 May 2012 19:55:35 +0700 (WIT)
Message-ID: <4FAD09CC.6040706@welldone-communications.com>
Date: Fri, 11 May 2012 19:45:00 +0700
From: Admin WDC <admin@welldone-communications.com>
Reply-To: admin@welldone-communications.com
Organization: Welldone Communications
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: bouvy@welldone-communications.com
Subject: test
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

test

and this is the log at mail.log for above mail
May 11 19:55:34 WELLDONE2 postfix/smtpd[7071]: connect from unknown[111.94.40.87]
May 11 19:55:34 WELLDONE2 postfix/smtpd[7071]: setting up TLS connection from unknown[111.94.40.87]
May 11 19:55:35 WELLDONE2 postfix/smtpd[7071]: Anonymous TLS connection established from unknown[111.94.40.87]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
May 11 19:55:35 WELLDONE2 postfix/smtpd[7071]: AE8511004934F: client=unknown[111.94.40.87], sasl_method=PLAIN, sasl_username=admin@welldone-communications.com
May 11 19:55:35 WELLDONE2 postfix/cleanup[7075]: AE8511004934F: message-id=<4FAD09CC.6040706@welldone-communications.com>
May 11 19:55:35 WELLDONE2 postfix/qmgr[1867]: AE8511004934F: from=<admin@welldone-communications.com>, size=714, nrcpt=1 (queue active)

May 11 19:55:35 WELLDONE2 amavis[5077]: (05077-02) ESMTP::10024 /var/lib/amavis/amavis-20120511T193428-05077: <admin@welldone-communications.com> -> <bouvy@welldone-communications.com> SIZE=714 Received: from mail.welldone-communications.com ([127.0.0.1]) by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <bouvy@welldone-communications.com>; Fri, 11 May 2012 19:55:35 +0700 (WIT)
May 11 19:55:35 WELLDONE2 postfix/smtpd[7071]: disconnect from unknown[111.94.40.87]
May 11 19:55:35 WELLDONE2 amavis[5077]: (05077-02) Checking: pai5QAAoQTW8 [111.94.40.87] <admin@welldone-communications.com> -> <bouvy@welldone-communications.com>
May 11 19:55:39 WELLDONE2 postfix/smtpd[7080]: connect from localhost[127.0.0.1]
May 11 19:55:39 WELLDONE2 postfix/smtpd[7080]: 50EFC10049351: client=localhost[127.0.0.1]
May 11 19:55:39 WELLDONE2 postfix/cleanup[7081]: 50EFC10049351: message-id=<4FAD09CC.6040706@welldone-communications.com>
May 11 19:55:39 WELLDONE2 postfix/qmgr[1867]: 50EFC10049351: from=<admin@welldone-communications.com>, size=1392, nrcpt=1 (queue active)
May 11 19:55:39 WELLDONE2 postfix/smtpd[7080]: disconnect from localhost[127.0.0.1]
May 11 19:55:39 WELLDONE2 amavis[5077]: (05077-02) FWD via SMTP: <admin@welldone-communications.com> -> <bouvy@welldone-communications.com>,BODY=7BIT 250 2.0.0 Ok, id=05077-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 50EFC10049351
May 11 19:55:39 WELLDONE2 amavis[5077]: (05077-02) Passed, <admin@welldone-communications.com> -> <bouvy@welldone-communications.com>, quarantine pai5QAAoQTW8, Message-ID: <4FAD09CC.6040706@welldone-communications.com>,
May 11 19:55:39 WELLDONE2 amavis[5077]: (05077-02) Hits: -0.2
May 11 19:55:39 WELLDONE2 amavis[5077]: (05077-02) Passed CLEAN, <admin@welldone-communications.com> -> <bouvy@welldone-communications.com>, Hits: -0.2, tag=0, tag2=5, kill=5, queued_as: 50EFC10049351, L/Y/0/0
May 11 19:55:39 WELLDONE2 postfix/smtp[7076]: AE8511004934F: to=<bouvy@welldone-communications.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.7, delays=0.16/0.01/0/3.5, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=05077-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 50EFC10049351)
May 11 19:55:39 WELLDONE2 postfix/qmgr[1867]: AE8511004934F: removed
May 11 19:55:39 WELLDONE2 dovecot: deliver(bouvy@welldone-communications.com): msgid=<4FAD09CC.6040706@welldone-communications.com>: saved mail to INBOX
May 11 19:55:39 WELLDONE2 postfix/pipe[7082]: 50EFC10049351: to=<bouvy@welldone-communications.com>, relay=dovecot, delay=0.02, delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)
May 11 19:55:39 WELLDONE2 postfix/qmgr[1867]: 50EFC10049351: removed


the 111.94.40.87 is my gateway server at my home with no Mail service.
the 192.168.77.199, is my IP at LAN in my home.

the mailserver external IP in my office is 118.96.95.99, i use port forward service to route the mail traffic.
so i'm sending an email using my pc in my house in LAN that connected to internet using Zentyal gateway also at my home,

if i may clear it up .. its like below,

192.168.77.xxx/24 ---internal IP---- zentyal Gateway ----external IP---- INTERNET ------ modem ------ Router ---------- Mailserver
192.168.77.199 --- 192.168.77.11 ============= 111.94.40.87----INTERNET---- 118.96.95.99 -- 192.168.10.11--192.168.10.9

what i do not understand is why my home zentyal gateway act as MTA, even i not enabling its module of mails ?
this is the list of modules that i enable in my home zentyal, Network, Firewall, Antivirus, DHCP, DNS, Events, IDS, Logs, Monitoring       , NTP, VPN, Traffic Shaping, Users and Groups, Web Server, File Sharing and HTTP Proxy.

The same issues are also happen to all user outside the office using their MUA to send to other account other that local user at welldone-communications.com, as i said almost all dynamic IP given by ISP in my country is considered as spam.
email was receive fine by our mailserver but when it relayed to ISP's smarthost, it get bounced due to deep header check in ISP side.
but, if they send from within the office, the email can got trough with no problem.
That's why i want to forge the legitimate user mail header from outside the office, into something that can got trough this ISP deep header check.
As you see in mail.log above and below with the blue line, it almost the same with before log i send, its using STARTTLS connection (legitimate) .. but i do not know about the lot of "unknown" meaning in there. :(
Perhaps to be more precise i want to make a same mail header for all TLS connection, for both inside and outside the office MUA.

This is the sample email i send using MUA inside the office, to my account at google.com host, it working fine and receive at my account hosted in google.

source of email receive at my google host account
Delivered-To: bouvy@padepokan-suralaya.co.cc
Received: by 10.229.121.14 with SMTP id f14csp114802qcr;
        Fri, 11 May 2012 07:09:43 -0700 (PDT)
Received: by 10.50.212.70 with SMTP id ni6mr1724334igc.30.1336745383288;
        Fri, 11 May 2012 07:09:43 -0700 (PDT)
Return-Path: <admin@welldone-communications.com>
Received: from smtp-out094-sv3.telkom.net (smtp-out094-sv3.telkom.net. [125.160.6.94])
        by mx.google.com with ESMTPS id dp5si5209246igc.13.2012.05.11.07.09.42
        (version=TLSv1/SSLv3 cipher=OTHER);
        Fri, 11 May 2012 07:09:43 -0700 (PDT)
Received-SPF: neutral (google.com: 125.160.6.94 is neither permitted nor denied by domain of admin@welldone-communications.com) client-ip=125.160.6.94;
Authentication-Results: mx.google.com; spf=neutral (google.com: 125.160.6.94 is neither permitted nor denied by domain of admin@welldone-communications.com) smtp.mail=admin@welldone-communications.com
Received: from [222.124.18.77] (helo=fm2.smtp.telkom.net)
   by smtp-out094-sv3.telkom.net with esmtps (TLSv1:AES256-SHA:256)
   id 1SSqUl-00051A-Rk
   for bouvy@padepokan-suralaya.co.cc; Fri, 11 May 2012 21:06:59 +0700
Received: from mail.welldone-communications.com (99.static.118-96-95.astinet.telkom.net.id [118.96.95.99] (may be forged))
   by fm2.smtp.telkom.net  with ESMTP id q4BE9dsY026597-q4BE9dsa026597
   (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=CAFAIL)
   for <bouvy@padepokan-suralaya.co.cc>; Fri, 11 May 2012 21:09:40 +0700
Received: from localhost (localhost [127.0.0.1])
   by mail.welldone-communications.com (Postfix) with ESMTP id E5D6110049351
   for <bouvy@padepokan-suralaya.co.cc>; Fri, 11 May 2012 21:09:38 +0700 (WIT)
X-Virus-Scanned: by amavisd-new-2.6.4 (20090625) (Debian) at localdomain
Received: from mail.welldone-communications.com ([127.0.0.1])
   by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024)
   with ESMTP id 7NrGBo5VJCJS for <bouvy@padepokan-suralaya.co.cc>;
   Fri, 11 May 2012 21:09:38 +0700 (WIT)
Received: from [127.0.0.1] (unknown [192.168.10.30])
   by mail.welldone-communications.com (Postfix) with ESMTPSA id AACF810049341
   for <bouvy@padepokan-suralaya.co.cc>; Fri, 11 May 2012 21:09:38 +0700 (WIT)
Message-ID: <4FAD1DA0.2070405@welldone-communications.com>
Date: Fri, 11 May 2012 07:09:36 -0700
From: Admin Test <admin@welldone-communications.com>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: bouvy@padepokan-suralaya.co.cc
Subject: test inside to outside
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

test inside to outside

log from mail.log
May 11 21:09:38 WELLDONE2 postfix/smtpd[9860]: setting up TLS connection from unknown[192.168.10.30]
May 11 21:09:38 WELLDONE2 postfix/smtpd[9860]: Anonymous TLS connection established from unknown[192.168.10.30]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
May 11 21:09:38 WELLDONE2 postfix/smtpd[9860]: AACF810049341: client=unknown[192.168.10.30], sasl_method=PLAIN, sasl_username=admin@welldone-communications.com
May 11 21:09:38 WELLDONE2 postfix/cleanup[9862]: AACF810049341: message-id=<4FAD1DA0.2070405@welldone-communications.com>
May 11 21:09:38 WELLDONE2 postfix/qmgr[1867]: AACF810049341: from=<admin@welldone-communications.com>, size=656, nrcpt=1 (queue active)

May 11 21:09:38 WELLDONE2 amavis[5077]: (05077-05) ESMTP::10024 /var/lib/amavis/amavis-20120511T193428-05077: <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc> SIZE=656 Received: from mail.welldone-communications.com ([127.0.0.1]) by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <bouvy@padepokan-suralaya.co.cc>; Fri, 11 May 2012 21:09:38 +0700 (WIT)
May 11 21:09:38 WELLDONE2 postfix/smtpd[9860]: disconnect from unknown[192.168.10.30]
May 11 21:09:38 WELLDONE2 amavis[5077]: (05077-05) Checking: 7NrGBo5VJCJS [192.168.10.30] <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>
May 11 21:09:38 WELLDONE2 amavis[5077]: (05077-05) Open relay? Nonlocal recips but not originating: bouvy@padepokan-suralaya.co.cc
May 11 21:09:38 WELLDONE2 postfix/smtpd[9868]: connect from localhost[127.0.0.1]
May 11 21:09:38 WELLDONE2 postfix/smtpd[9868]: E5D6110049351: client=localhost[127.0.0.1]
May 11 21:09:38 WELLDONE2 postfix/cleanup[9869]: E5D6110049351: message-id=<4FAD1DA0.2070405@welldone-communications.com>
May 11 21:09:38 WELLDONE2 postfix/qmgr[1867]: E5D6110049351: from=<admin@welldone-communications.com>, size=1181, nrcpt=1 (queue active)
May 11 21:09:38 WELLDONE2 postfix/smtpd[9868]: disconnect from localhost[127.0.0.1]
May 11 21:09:38 WELLDONE2 amavis[5077]: (05077-05) FWD via SMTP: <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>,BODY=7BIT 250 2.0.0 Ok, id=05077-05, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E5D6110049351
May 11 21:09:38 WELLDONE2 amavis[5077]: (05077-05) Passed, <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>, quarantine 7NrGBo5VJCJS, Message-ID: <4FAD1DA0.2070405@welldone-communications.com>,
May 11 21:09:38 WELLDONE2 amavis[5077]: (05077-05) Hits: -0.2
May 11 21:09:38 WELLDONE2 amavis[5077]: (05077-05) Passed CLEAN, <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>, Hits: -0.2, tag=0, tag2=5, kill=5, queued_as: E5D6110049351, 0/Y/0/0
May 11 21:09:38 WELLDONE2 postfix/smtp[9863]: AACF810049341: to=<bouvy@padepokan-suralaya.co.cc>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.27, delays=0.13/0/0/0.13, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=05077-05, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E5D6110049351)
May 11 21:09:38 WELLDONE2 postfix/qmgr[1867]: AACF810049341: removed
May 11 21:09:39 WELLDONE2 postfix/smtp[9920]: certificate verification failed for smtp.telkom.net[222.124.18.79]:25: untrusted issuer /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com
May 11 21:09:40 WELLDONE2 postfix/smtp[9920]: E5D6110049351: to=<bouvy@padepokan-suralaya.co.cc>, relay=smtp.telkom.net[222.124.18.79]:25, delay=1.4, delays=0/0.01/0.47/0.93, dsn=2.0.0, status=sent (250 2.0.0 q4BE9dsY026597-q4BE9dsa026597 Message accepted for delivery)
May 11 21:09:40 WELLDONE2 postfix/qmgr[1867]: E5D6110049351: removed

Many Thanks for looking into this long log, I read several times and still thinking the forged mail header will resolve this issue but i couldn't manage to do that.

Regards
« Last Edit: May 11, 2012, 04:24:08 pm by B_Khuwera »

B_Khuwera

  • Zen Monk
  • **
  • Posts: 51
  • Karma: +0/-1
    • View Profile
Re: how to enable outgoing to use only port 587
« Reply #22 on: May 15, 2012, 08:20:59 am »
Dear Christian,

Should I create a new thread due to different of content with subject ?
content i think about mail header and subject is outgoing 587 only

Regards

christian

  • Guest
Re: how to enable outgoing to use only port 587
« Reply #23 on: May 15, 2012, 08:31:34 am »
no, I don't think so. I rather feel that we have to simplify a bit  :-[
You focus on header rewriting while, to me, issue is something else due to spam and mail sent from home without PTR.

B_Khuwera

  • Zen Monk
  • **
  • Posts: 51
  • Karma: +0/-1
    • View Profile
Re: how to enable outgoing to use only port 587
« Reply #24 on: May 15, 2012, 11:08:52 am »
OK, :)  to simplify as you said, please do not hesitate to correct my conclusion, i still need much to learn.

I check again about this spam issues on several other blacklist test,
http://whatismyipaddress.com/blacklist-check
http://www.myiptest.com/staticpages/index.php/check-Blacklisted-IP-DNSBL/118.96.95.99
http://www.myiptest.com/staticpages/index.php/check-blacklisted-domain-URIBL/mail.welldone-communications.com
all clear except mxtoolbox tool, just blacklisted from RATS-Dyna, due to the mailserver ip is in the blacklisted subnet range.
even the singaporean blacklisted (blackholes.five-ten-sg.com) is now unlisted our server. I think this is not the spam issues,
i contact several blacklisted url before and asking where is the proof our IP is doing spam, and none of them could show me even one but subnet involved.
UCEPROTECT.NET, barracuda, spamhouse, dnsbl, and others agreed thereś no exact proof for our IP involvement but the subnet involved, so they monitor for several days and finally remove our IP from their blacklist. I do not know how Spamrats operate but i feels not many using their list.
the spamrat standart is hard to get in our condition and location. As long as email trough google/yahoo/other client mailserver is not bouncing back,
we are not spamming, i think i have to live with that.

If the MUA is inside the office LAN, no issues, no bounce back as spam.
if using webmail feature, no issue using it from inside/outside office LAN, no bounce back as spam either.

if the MUA is OUTSIDE the office, here the issues begin.
1. Can only send email to local account.
2. Email to others except local users were bounce back, but when i check the log all of these bounced mail, it was bounced back from ISP smarthost that just adapt DeepHeader check.
3. I compare the bounce mail, sent mail, webbase mail, the different is on first mail header, right after Received : from xxxxxxxxxx

that the main reason i want to rewrite the mail header. just for all TLS sent mail. I google around about rewriting mail header in postfix but still no luck applying it to our zentyal mailserver. Anyone had any pointer about mailheader in zentyal mailserver ?

Is it PTR needed for MUA ?
i will test to shutdown my house gateway (home zentyal) tonight, use backup cable and directly connect my PC to modem and test again.

Thanks and regards

christian

  • Guest
Re: how to enable outgoing to use only port 587
« Reply #25 on: May 15, 2012, 11:15:00 am »
So my understanding of what you call "outside" is instead from home where you are using another MTA isn't it?
and no, PTR is not required for MUA  ;) except that properly set-up (internal) DNS will show in your headers, sender host name instead of unknown.

B_Khuwera

  • Zen Monk
  • **
  • Posts: 51
  • Karma: +0/-1
    • View Profile
Re: how to enable outgoing to use only port 587
« Reply #26 on: May 15, 2012, 11:35:37 am »
Dear Christian ..
what i mean outside is outside the LAN of our office server, including my home network (public 111.94.40.87, local 192.168.77.xxx/24) :)

Office LAN is 192.168.10.xxx/24, and the Office public IP is 118.96.95.99, so other than these IP is what i called outside..
sorry for misleading you with this inside outside term..

I understand the no need PTR for MUA as you said, but will continue to check tonight, if it still fail with same result, i will again look the log, if succeeded, something worng with my home zentyal acting as MTA.
i wonder what is this means i setup the home server wrong ?
except that properly set-up (internal) DNS will show in your headers, sender host name instead of unknown.
i inform about the result late tonight.

Thanks n Regards

christian

  • Guest
Re: how to enable outgoing to use only port 587
« Reply #27 on: May 15, 2012, 11:43:21 am »
I understand and share your inside vs. outside concept.
What I aimed to said is that all tests I saw so far from "outside" where done from your home where you are running another Zentyal server with local MTA. Am I wrong ?

B_Khuwera

  • Zen Monk
  • **
  • Posts: 51
  • Karma: +0/-1
    • View Profile
Re: how to enable outgoing to use only port 587
« Reply #28 on: May 15, 2012, 12:41:19 pm »
yes .. you are right.

but i have also reported from the other user about this cannot send to outside local user when they are outside the office,
but i rarely seen them due to diiferent workhour and such.

i will try outside other than my home..:)

Regards

christian

  • Guest
Re: how to enable outgoing to use only port 587
« Reply #29 on: May 15, 2012, 12:49:47 pm »
The point here is to connect to your Zentyal SMTP server in the office from internet, therefore using external interface and authentication and see whenever your mail is rejected.
Obviously any other MTA in the middle will not give consistent result  ;) or at least it may show problem with this MTA...