Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1
Installation and Upgrades / Re: how to enable outgoing to use only port 587
« on: May 24, 2012, 12:07:21 am »
Dear Christian,
After waiting for so long, the issue is with the ISP, now all mail working as usual. Seems one of their main antispam server is the culprit, it put their own IP in their own subnet into black list on port 587.
but still,
1. Double PTR records on nslookup, i complain about this but ISP doesn't respond.
or they just get bored to accept my call.
2. Due to no. 1, i have ask to spamrat to remove our IP from their weird blacklist and they insisting not going to change and giving howto but ends up in some payment to remove.
.. but i think it doesn't make a big difference, my sign is if google/yahoo/big mail server is still accepting our mail, then is safe for us. Spamrat can do whatever they like. I'm not gonna pay anything to them but ask to remove our IP.
3. Still doesn't succeeded it forging the mail header in Zentyal mail server, even i visit my friend who are mail-admin on his company and learn about that using postfix only, but stil lo luck. Seems i have to postpone about this for some other time to test it out.
Many thanks for all the support.
Regards
After waiting for so long, the issue is with the ISP, now all mail working as usual. Seems one of their main antispam server is the culprit, it put their own IP in their own subnet into black list on port 587.
but still,
1. Double PTR records on nslookup, i complain about this but ISP doesn't respond.
or they just get bored to accept my call. 2. Due to no. 1, i have ask to spamrat to remove our IP from their weird blacklist and they insisting not going to change and giving howto but ends up in some payment to remove.
.. but i think it doesn't make a big difference, my sign is if google/yahoo/big mail server is still accepting our mail, then is safe for us. Spamrat can do whatever they like. I'm not gonna pay anything to them but ask to remove our IP.3. Still doesn't succeeded it forging the mail header in Zentyal mail server, even i visit my friend who are mail-admin on his company and learn about that using postfix only, but stil lo luck. Seems i have to postpone about this for some other time to test it out.
Many thanks for all the support.
Regards
2
Installation and Upgrades / Re: how to enable outgoing to use only port 587
« on: May 15, 2012, 12:41:19 pm »
yes .. you are right.
but i have also reported from the other user about this cannot send to outside local user when they are outside the office,
but i rarely seen them due to diiferent workhour and such.
i will try outside other than my home..
Regards
but i have also reported from the other user about this cannot send to outside local user when they are outside the office,
but i rarely seen them due to diiferent workhour and such.
i will try outside other than my home..
Regards
3
Installation and Upgrades / Re: how to enable outgoing to use only port 587
« on: May 15, 2012, 11:35:37 am »
Dear Christian ..
what i mean outside is outside the LAN of our office server, including my home network (public 111.94.40.87, local 192.168.77.xxx/24)
Office LAN is 192.168.10.xxx/24, and the Office public IP is 118.96.95.99, so other than these IP is what i called outside..
sorry for misleading you with this inside outside term..
I understand the no need PTR for MUA as you said, but will continue to check tonight, if it still fail with same result, i will again look the log, if succeeded, something worng with my home zentyal acting as MTA.
i wonder what is this means i setup the home server wrong ?
Thanks n Regards
what i mean outside is outside the LAN of our office server, including my home network (public 111.94.40.87, local 192.168.77.xxx/24)
Office LAN is 192.168.10.xxx/24, and the Office public IP is 118.96.95.99, so other than these IP is what i called outside..
sorry for misleading you with this inside outside term..
I understand the no need PTR for MUA as you said, but will continue to check tonight, if it still fail with same result, i will again look the log, if succeeded, something worng with my home zentyal acting as MTA.
i wonder what is this means i setup the home server wrong ?
except that properly set-up (internal) DNS will show in your headers, sender host name instead of unknown.i inform about the result late tonight.
Thanks n Regards
4
Installation and Upgrades / Re: how to enable outgoing to use only port 587
« on: May 15, 2012, 11:08:52 am »
OK, to simplify as you said, please do not hesitate to correct my conclusion, i still need much to learn.
I check again about this spam issues on several other blacklist test,
http://whatismyipaddress.com/blacklist-check
http://www.myiptest.com/staticpages/index.php/check-Blacklisted-IP-DNSBL/118.96.95.99
http://www.myiptest.com/staticpages/index.php/check-blacklisted-domain-URIBL/mail.welldone-communications.com
all clear except mxtoolbox tool, just blacklisted from RATS-Dyna, due to the mailserver ip is in the blacklisted subnet range.
even the singaporean blacklisted (blackholes.five-ten-sg.com) is now unlisted our server. I think this is not the spam issues,
i contact several blacklisted url before and asking where is the proof our IP is doing spam, and none of them could show me even one but subnet involved.
UCEPROTECT.NET, barracuda, spamhouse, dnsbl, and others agreed thereś no exact proof for our IP involvement but the subnet involved, so they monitor for several days and finally remove our IP from their blacklist. I do not know how Spamrats operate but i feels not many using their list.
the spamrat standart is hard to get in our condition and location. As long as email trough google/yahoo/other client mailserver is not bouncing back,
we are not spamming, i think i have to live with that.
If the MUA is inside the office LAN, no issues, no bounce back as spam.
if using webmail feature, no issue using it from inside/outside office LAN, no bounce back as spam either.
if the MUA is OUTSIDE the office, here the issues begin.
1. Can only send email to local account.
2. Email to others except local users were bounce back, but when i check the log all of these bounced mail, it was bounced back from ISP smarthost that just adapt DeepHeader check.
3. I compare the bounce mail, sent mail, webbase mail, the different is on first mail header, right after Received : from xxxxxxxxxx
that the main reason i want to rewrite the mail header. just for all TLS sent mail. I google around about rewriting mail header in postfix but still no luck applying it to our zentyal mailserver. Anyone had any pointer about mailheader in zentyal mailserver ?
Is it PTR needed for MUA ?
i will test to shutdown my house gateway (home zentyal) tonight, use backup cable and directly connect my PC to modem and test again.
Thanks and regards
to simplify as you said, please do not hesitate to correct my conclusion, i still need much to learn.I check again about this spam issues on several other blacklist test,
http://whatismyipaddress.com/blacklist-check
http://www.myiptest.com/staticpages/index.php/check-Blacklisted-IP-DNSBL/118.96.95.99
http://www.myiptest.com/staticpages/index.php/check-blacklisted-domain-URIBL/mail.welldone-communications.com
all clear except mxtoolbox tool, just blacklisted from RATS-Dyna, due to the mailserver ip is in the blacklisted subnet range.
even the singaporean blacklisted (blackholes.five-ten-sg.com) is now unlisted our server. I think this is not the spam issues,
i contact several blacklisted url before and asking where is the proof our IP is doing spam, and none of them could show me even one but subnet involved.
UCEPROTECT.NET, barracuda, spamhouse, dnsbl, and others agreed thereś no exact proof for our IP involvement but the subnet involved, so they monitor for several days and finally remove our IP from their blacklist. I do not know how Spamrats operate but i feels not many using their list.
the spamrat standart is hard to get in our condition and location. As long as email trough google/yahoo/other client mailserver is not bouncing back,
we are not spamming, i think i have to live with that.
If the MUA is inside the office LAN, no issues, no bounce back as spam.
if using webmail feature, no issue using it from inside/outside office LAN, no bounce back as spam either.
if the MUA is OUTSIDE the office, here the issues begin.
1. Can only send email to local account.
2. Email to others except local users were bounce back, but when i check the log all of these bounced mail, it was bounced back from ISP smarthost that just adapt DeepHeader check.
3. I compare the bounce mail, sent mail, webbase mail, the different is on first mail header, right after Received : from xxxxxxxxxx
that the main reason i want to rewrite the mail header. just for all TLS sent mail. I google around about rewriting mail header in postfix but still no luck applying it to our zentyal mailserver. Anyone had any pointer about mailheader in zentyal mailserver ?
Is it PTR needed for MUA ?
i will test to shutdown my house gateway (home zentyal) tonight, use backup cable and directly connect my PC to modem and test again.
Thanks and regards
5
Installation and Upgrades / Re: how to enable outgoing to use only port 587
« on: May 15, 2012, 08:20:59 am »
Dear Christian,
Should I create a new thread due to different of content with subject ?
content i think about mail header and subject is outgoing 587 only
Regards
Should I create a new thread due to different of content with subject ?
content i think about mail header and subject is outgoing 587 only
Regards
6
Installation and Upgrades / Re: how to enable outgoing to use only port 587
« on: May 11, 2012, 04:21:51 pm »
Dear Christian,
You are correct about is not my MUA, because it can send mail into other local user account.
but it cannot send to other mail account other than local user account at welldone-communications.com
this is the mail source when i send email from admin welldone-communications.com using MUA in home to my test account in welldone-communications.com, email receive at my test account at welldone-communications.com
Return-Path: <admin@welldone-communications.com>
Delivered-To: bouvy@welldone-communications.com
Received: from localhost (localhost [127.0.0.1])
by mail.welldone-communications.com (Postfix) with ESMTP id 50EFC10049351
for <bouvy@welldone-communications.com>; Fri, 11 May 2012 19:55:39 +0700 (WIT)
X-Virus-Scanned: by amavisd-new-2.6.4 (20090625) (Debian) at localdomain
X-Spam-Flag: NO
X-Spam-Score: -0.2
X-Spam-Level:
X-Spam-Status: No, score=-0.2 required=5 tests=[ALL_TRUSTED=-1, BAYES_50=0.8]
autolearn=no
Received: from mail.welldone-communications.com ([127.0.0.1])
by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id pai5QAAoQTW8 for <bouvy@welldone-communications.com>;
Fri, 11 May 2012 19:55:35 +0700 (WIT)
Received: from [192.168.77.199] (unknown [111.94.40.87])
by mail.welldone-communications.com (Postfix) with ESMTPSA id AE8511004934F
for <bouvy@welldone-communications.com>; Fri, 11 May 2012 19:55:35 +0700 (WIT)
Message-ID: <4FAD09CC.6040706@welldone-communications.com>
Date: Fri, 11 May 2012 19:45:00 +0700
From: Admin WDC <admin@welldone-communications.com>
Reply-To: admin@welldone-communications.com
Organization: Welldone Communications
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: bouvy@welldone-communications.com
Subject: test
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
test
and this is the log at mail.log for above mail
May 11 19:55:34 WELLDONE2 postfix/smtpd[7071]: connect from unknown[111.94.40.87]
May 11 19:55:34 WELLDONE2 postfix/smtpd[7071]: setting up TLS connection from unknown[111.94.40.87]
May 11 19:55:35 WELLDONE2 postfix/smtpd[7071]: Anonymous TLS connection established from unknown[111.94.40.87]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
May 11 19:55:35 WELLDONE2 postfix/smtpd[7071]: AE8511004934F: client=unknown[111.94.40.87], sasl_method=PLAIN, sasl_username=admin@welldone-communications.com
May 11 19:55:35 WELLDONE2 postfix/cleanup[7075]: AE8511004934F: message-id=<4FAD09CC.6040706@welldone-communications.com>
May 11 19:55:35 WELLDONE2 postfix/qmgr[1867]: AE8511004934F: from=<admin@welldone-communications.com>, size=714, nrcpt=1 (queue active)
May 11 19:55:35 WELLDONE2 amavis[5077]: (05077-02) ESMTP::10024 /var/lib/amavis/amavis-20120511T193428-05077: <admin@welldone-communications.com> -> <bouvy@welldone-communications.com> SIZE=714 Received: from mail.welldone-communications.com ([127.0.0.1]) by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <bouvy@welldone-communications.com>; Fri, 11 May 2012 19:55:35 +0700 (WIT)
May 11 19:55:35 WELLDONE2 postfix/smtpd[7071]: disconnect from unknown[111.94.40.87]
May 11 19:55:35 WELLDONE2 amavis[5077]: (05077-02) Checking: pai5QAAoQTW8 [111.94.40.87] <admin@welldone-communications.com> -> <bouvy@welldone-communications.com>
May 11 19:55:39 WELLDONE2 postfix/smtpd[7080]: connect from localhost[127.0.0.1]
May 11 19:55:39 WELLDONE2 postfix/smtpd[7080]: 50EFC10049351: client=localhost[127.0.0.1]
May 11 19:55:39 WELLDONE2 postfix/cleanup[7081]: 50EFC10049351: message-id=<4FAD09CC.6040706@welldone-communications.com>
May 11 19:55:39 WELLDONE2 postfix/qmgr[1867]: 50EFC10049351: from=<admin@welldone-communications.com>, size=1392, nrcpt=1 (queue active)
May 11 19:55:39 WELLDONE2 postfix/smtpd[7080]: disconnect from localhost[127.0.0.1]
May 11 19:55:39 WELLDONE2 amavis[5077]: (05077-02) FWD via SMTP: <admin@welldone-communications.com> -> <bouvy@welldone-communications.com>,BODY=7BIT 250 2.0.0 Ok, id=05077-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 50EFC10049351
May 11 19:55:39 WELLDONE2 amavis[5077]: (05077-02) Passed, <admin@welldone-communications.com> -> <bouvy@welldone-communications.com>, quarantine pai5QAAoQTW8, Message-ID: <4FAD09CC.6040706@welldone-communications.com>,
May 11 19:55:39 WELLDONE2 amavis[5077]: (05077-02) Hits: -0.2
May 11 19:55:39 WELLDONE2 amavis[5077]: (05077-02) Passed CLEAN, <admin@welldone-communications.com> -> <bouvy@welldone-communications.com>, Hits: -0.2, tag=0, tag2=5, kill=5, queued_as: 50EFC10049351, L/Y/0/0
May 11 19:55:39 WELLDONE2 postfix/smtp[7076]: AE8511004934F: to=<bouvy@welldone-communications.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.7, delays=0.16/0.01/0/3.5, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=05077-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 50EFC10049351)
May 11 19:55:39 WELLDONE2 postfix/qmgr[1867]: AE8511004934F: removed
May 11 19:55:39 WELLDONE2 dovecot: deliver(bouvy@welldone-communications.com): msgid=<4FAD09CC.6040706@welldone-communications.com>: saved mail to INBOX
May 11 19:55:39 WELLDONE2 postfix/pipe[7082]: 50EFC10049351: to=<bouvy@welldone-communications.com>, relay=dovecot, delay=0.02, delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)
May 11 19:55:39 WELLDONE2 postfix/qmgr[1867]: 50EFC10049351: removed
the 111.94.40.87 is my gateway server at my home with no Mail service.
the 192.168.77.199, is my IP at LAN in my home.
the mailserver external IP in my office is 118.96.95.99, i use port forward service to route the mail traffic.
so i'm sending an email using my pc in my house in LAN that connected to internet using Zentyal gateway also at my home,
if i may clear it up .. its like below,
192.168.77.xxx/24 ---internal IP---- zentyal Gateway ----external IP---- INTERNET ------ modem ------ Router ---------- Mailserver
192.168.77.199 --- 192.168.77.11 ============= 111.94.40.87----INTERNET---- 118.96.95.99 -- 192.168.10.11--192.168.10.9
what i do not understand is why my home zentyal gateway act as MTA, even i not enabling its module of mails ?
this is the list of modules that i enable in my home zentyal, Network, Firewall, Antivirus, DHCP, DNS, Events, IDS, Logs, Monitoring , NTP, VPN, Traffic Shaping, Users and Groups, Web Server, File Sharing and HTTP Proxy.
The same issues are also happen to all user outside the office using their MUA to send to other account other that local user at welldone-communications.com, as i said almost all dynamic IP given by ISP in my country is considered as spam.
email was receive fine by our mailserver but when it relayed to ISP's smarthost, it get bounced due to deep header check in ISP side.
but, if they send from within the office, the email can got trough with no problem.
That's why i want to forge the legitimate user mail header from outside the office, into something that can got trough this ISP deep header check.
As you see in mail.log above and below with the blue line, it almost the same with before log i send, its using STARTTLS connection (legitimate) .. but i do not know about the lot of "unknown" meaning in there.
Perhaps to be more precise i want to make a same mail header for all TLS connection, for both inside and outside the office MUA.
This is the sample email i send using MUA inside the office, to my account at google.com host, it working fine and receive at my account hosted in google.
source of email receive at my google host account
Delivered-To: bouvy@padepokan-suralaya.co.cc
Received: by 10.229.121.14 with SMTP id f14csp114802qcr;
Fri, 11 May 2012 07:09:43 -0700 (PDT)
Received: by 10.50.212.70 with SMTP id ni6mr1724334igc.30.1336745383288;
Fri, 11 May 2012 07:09:43 -0700 (PDT)
Return-Path: <admin@welldone-communications.com>
Received: from smtp-out094-sv3.telkom.net (smtp-out094-sv3.telkom.net. [125.160.6.94])
by mx.google.com with ESMTPS id dp5si5209246igc.13.2012.05.11.07.09.42
(version=TLSv1/SSLv3 cipher=OTHER);
Fri, 11 May 2012 07:09:43 -0700 (PDT)
Received-SPF: neutral (google.com: 125.160.6.94 is neither permitted nor denied by domain of admin@welldone-communications.com) client-ip=125.160.6.94;
Authentication-Results: mx.google.com; spf=neutral (google.com: 125.160.6.94 is neither permitted nor denied by domain of admin@welldone-communications.com) smtp.mail=admin@welldone-communications.com
Received: from [222.124.18.77] (helo=fm2.smtp.telkom.net)
by smtp-out094-sv3.telkom.net with esmtps (TLSv1:AES256-SHA:256)
id 1SSqUl-00051A-Rk
for bouvy@padepokan-suralaya.co.cc; Fri, 11 May 2012 21:06:59 +0700
Received: from mail.welldone-communications.com (99.static.118-96-95.astinet.telkom.net.id [118.96.95.99] (may be forged))
by fm2.smtp.telkom.net with ESMTP id q4BE9dsY026597-q4BE9dsa026597
(version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=CAFAIL)
for <bouvy@padepokan-suralaya.co.cc>; Fri, 11 May 2012 21:09:40 +0700
Received: from localhost (localhost [127.0.0.1])
by mail.welldone-communications.com (Postfix) with ESMTP id E5D6110049351
for <bouvy@padepokan-suralaya.co.cc>; Fri, 11 May 2012 21:09:38 +0700 (WIT)
X-Virus-Scanned: by amavisd-new-2.6.4 (20090625) (Debian) at localdomain
Received: from mail.welldone-communications.com ([127.0.0.1])
by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 7NrGBo5VJCJS for <bouvy@padepokan-suralaya.co.cc>;
Fri, 11 May 2012 21:09:38 +0700 (WIT)
Received: from [127.0.0.1] (unknown [192.168.10.30])
by mail.welldone-communications.com (Postfix) with ESMTPSA id AACF810049341
for <bouvy@padepokan-suralaya.co.cc>; Fri, 11 May 2012 21:09:38 +0700 (WIT)
Message-ID: <4FAD1DA0.2070405@welldone-communications.com>
Date: Fri, 11 May 2012 07:09:36 -0700
From: Admin Test <admin@welldone-communications.com>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: bouvy@padepokan-suralaya.co.cc
Subject: test inside to outside
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
test inside to outside
log from mail.log
May 11 21:09:38 WELLDONE2 postfix/smtpd[9860]: setting up TLS connection from unknown[192.168.10.30]
May 11 21:09:38 WELLDONE2 postfix/smtpd[9860]: Anonymous TLS connection established from unknown[192.168.10.30]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
May 11 21:09:38 WELLDONE2 postfix/smtpd[9860]: AACF810049341: client=unknown[192.168.10.30], sasl_method=PLAIN, sasl_username=admin@welldone-communications.com
May 11 21:09:38 WELLDONE2 postfix/cleanup[9862]: AACF810049341: message-id=<4FAD1DA0.2070405@welldone-communications.com>
May 11 21:09:38 WELLDONE2 postfix/qmgr[1867]: AACF810049341: from=<admin@welldone-communications.com>, size=656, nrcpt=1 (queue active)
May 11 21:09:38 WELLDONE2 amavis[5077]: (05077-05) ESMTP::10024 /var/lib/amavis/amavis-20120511T193428-05077: <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc> SIZE=656 Received: from mail.welldone-communications.com ([127.0.0.1]) by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <bouvy@padepokan-suralaya.co.cc>; Fri, 11 May 2012 21:09:38 +0700 (WIT)
May 11 21:09:38 WELLDONE2 postfix/smtpd[9860]: disconnect from unknown[192.168.10.30]
May 11 21:09:38 WELLDONE2 amavis[5077]: (05077-05) Checking: 7NrGBo5VJCJS [192.168.10.30] <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>
May 11 21:09:38 WELLDONE2 amavis[5077]: (05077-05) Open relay? Nonlocal recips but not originating: bouvy@padepokan-suralaya.co.cc
May 11 21:09:38 WELLDONE2 postfix/smtpd[9868]: connect from localhost[127.0.0.1]
May 11 21:09:38 WELLDONE2 postfix/smtpd[9868]: E5D6110049351: client=localhost[127.0.0.1]
May 11 21:09:38 WELLDONE2 postfix/cleanup[9869]: E5D6110049351: message-id=<4FAD1DA0.2070405@welldone-communications.com>
May 11 21:09:38 WELLDONE2 postfix/qmgr[1867]: E5D6110049351: from=<admin@welldone-communications.com>, size=1181, nrcpt=1 (queue active)
May 11 21:09:38 WELLDONE2 postfix/smtpd[9868]: disconnect from localhost[127.0.0.1]
May 11 21:09:38 WELLDONE2 amavis[5077]: (05077-05) FWD via SMTP: <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>,BODY=7BIT 250 2.0.0 Ok, id=05077-05, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E5D6110049351
May 11 21:09:38 WELLDONE2 amavis[5077]: (05077-05) Passed, <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>, quarantine 7NrGBo5VJCJS, Message-ID: <4FAD1DA0.2070405@welldone-communications.com>,
May 11 21:09:38 WELLDONE2 amavis[5077]: (05077-05) Hits: -0.2
May 11 21:09:38 WELLDONE2 amavis[5077]: (05077-05) Passed CLEAN, <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>, Hits: -0.2, tag=0, tag2=5, kill=5, queued_as: E5D6110049351, 0/Y/0/0
May 11 21:09:38 WELLDONE2 postfix/smtp[9863]: AACF810049341: to=<bouvy@padepokan-suralaya.co.cc>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.27, delays=0.13/0/0/0.13, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=05077-05, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E5D6110049351)
May 11 21:09:38 WELLDONE2 postfix/qmgr[1867]: AACF810049341: removed
May 11 21:09:39 WELLDONE2 postfix/smtp[9920]: certificate verification failed for smtp.telkom.net[222.124.18.79]:25: untrusted issuer /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com
May 11 21:09:40 WELLDONE2 postfix/smtp[9920]: E5D6110049351: to=<bouvy@padepokan-suralaya.co.cc>, relay=smtp.telkom.net[222.124.18.79]:25, delay=1.4, delays=0/0.01/0.47/0.93, dsn=2.0.0, status=sent (250 2.0.0 q4BE9dsY026597-q4BE9dsa026597 Message accepted for delivery)
May 11 21:09:40 WELLDONE2 postfix/qmgr[1867]: E5D6110049351: removed
Many Thanks for looking into this long log, I read several times and still thinking the forged mail header will resolve this issue but i couldn't manage to do that.
Regards
You are correct about is not my MUA, because it can send mail into other local user account.
but it cannot send to other mail account other than local user account at welldone-communications.com
this is the mail source when i send email from admin welldone-communications.com using MUA in home to my test account in welldone-communications.com, email receive at my test account at welldone-communications.com
Return-Path: <admin@welldone-communications.com>
Delivered-To: bouvy@welldone-communications.com
Received: from localhost (localhost [127.0.0.1])
by mail.welldone-communications.com (Postfix) with ESMTP id 50EFC10049351
for <bouvy@welldone-communications.com>; Fri, 11 May 2012 19:55:39 +0700 (WIT)
X-Virus-Scanned: by amavisd-new-2.6.4 (20090625) (Debian) at localdomain
X-Spam-Flag: NO
X-Spam-Score: -0.2
X-Spam-Level:
X-Spam-Status: No, score=-0.2 required=5 tests=[ALL_TRUSTED=-1, BAYES_50=0.8]
autolearn=no
Received: from mail.welldone-communications.com ([127.0.0.1])
by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id pai5QAAoQTW8 for <bouvy@welldone-communications.com>;
Fri, 11 May 2012 19:55:35 +0700 (WIT)
Received: from [192.168.77.199] (unknown [111.94.40.87])
by mail.welldone-communications.com (Postfix) with ESMTPSA id AE8511004934F
for <bouvy@welldone-communications.com>; Fri, 11 May 2012 19:55:35 +0700 (WIT)
Message-ID: <4FAD09CC.6040706@welldone-communications.com>
Date: Fri, 11 May 2012 19:45:00 +0700
From: Admin WDC <admin@welldone-communications.com>
Reply-To: admin@welldone-communications.com
Organization: Welldone Communications
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: bouvy@welldone-communications.com
Subject: test
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
test
and this is the log at mail.log for above mail
May 11 19:55:34 WELLDONE2 postfix/smtpd[7071]: connect from unknown[111.94.40.87]
May 11 19:55:34 WELLDONE2 postfix/smtpd[7071]: setting up TLS connection from unknown[111.94.40.87]
May 11 19:55:35 WELLDONE2 postfix/smtpd[7071]: Anonymous TLS connection established from unknown[111.94.40.87]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
May 11 19:55:35 WELLDONE2 postfix/smtpd[7071]: AE8511004934F: client=unknown[111.94.40.87], sasl_method=PLAIN, sasl_username=admin@welldone-communications.com
May 11 19:55:35 WELLDONE2 postfix/cleanup[7075]: AE8511004934F: message-id=<4FAD09CC.6040706@welldone-communications.com>
May 11 19:55:35 WELLDONE2 postfix/qmgr[1867]: AE8511004934F: from=<admin@welldone-communications.com>, size=714, nrcpt=1 (queue active)
May 11 19:55:35 WELLDONE2 amavis[5077]: (05077-02) ESMTP::10024 /var/lib/amavis/amavis-20120511T193428-05077: <admin@welldone-communications.com> -> <bouvy@welldone-communications.com> SIZE=714 Received: from mail.welldone-communications.com ([127.0.0.1]) by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <bouvy@welldone-communications.com>; Fri, 11 May 2012 19:55:35 +0700 (WIT)
May 11 19:55:35 WELLDONE2 postfix/smtpd[7071]: disconnect from unknown[111.94.40.87]
May 11 19:55:35 WELLDONE2 amavis[5077]: (05077-02) Checking: pai5QAAoQTW8 [111.94.40.87] <admin@welldone-communications.com> -> <bouvy@welldone-communications.com>
May 11 19:55:39 WELLDONE2 postfix/smtpd[7080]: connect from localhost[127.0.0.1]
May 11 19:55:39 WELLDONE2 postfix/smtpd[7080]: 50EFC10049351: client=localhost[127.0.0.1]
May 11 19:55:39 WELLDONE2 postfix/cleanup[7081]: 50EFC10049351: message-id=<4FAD09CC.6040706@welldone-communications.com>
May 11 19:55:39 WELLDONE2 postfix/qmgr[1867]: 50EFC10049351: from=<admin@welldone-communications.com>, size=1392, nrcpt=1 (queue active)
May 11 19:55:39 WELLDONE2 postfix/smtpd[7080]: disconnect from localhost[127.0.0.1]
May 11 19:55:39 WELLDONE2 amavis[5077]: (05077-02) FWD via SMTP: <admin@welldone-communications.com> -> <bouvy@welldone-communications.com>,BODY=7BIT 250 2.0.0 Ok, id=05077-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 50EFC10049351
May 11 19:55:39 WELLDONE2 amavis[5077]: (05077-02) Passed, <admin@welldone-communications.com> -> <bouvy@welldone-communications.com>, quarantine pai5QAAoQTW8, Message-ID: <4FAD09CC.6040706@welldone-communications.com>,
May 11 19:55:39 WELLDONE2 amavis[5077]: (05077-02) Hits: -0.2
May 11 19:55:39 WELLDONE2 amavis[5077]: (05077-02) Passed CLEAN, <admin@welldone-communications.com> -> <bouvy@welldone-communications.com>, Hits: -0.2, tag=0, tag2=5, kill=5, queued_as: 50EFC10049351, L/Y/0/0
May 11 19:55:39 WELLDONE2 postfix/smtp[7076]: AE8511004934F: to=<bouvy@welldone-communications.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.7, delays=0.16/0.01/0/3.5, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=05077-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 50EFC10049351)
May 11 19:55:39 WELLDONE2 postfix/qmgr[1867]: AE8511004934F: removed
May 11 19:55:39 WELLDONE2 dovecot: deliver(bouvy@welldone-communications.com): msgid=<4FAD09CC.6040706@welldone-communications.com>: saved mail to INBOX
May 11 19:55:39 WELLDONE2 postfix/pipe[7082]: 50EFC10049351: to=<bouvy@welldone-communications.com>, relay=dovecot, delay=0.02, delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)
May 11 19:55:39 WELLDONE2 postfix/qmgr[1867]: 50EFC10049351: removed
the 111.94.40.87 is my gateway server at my home with no Mail service.
the 192.168.77.199, is my IP at LAN in my home.
the mailserver external IP in my office is 118.96.95.99, i use port forward service to route the mail traffic.
so i'm sending an email using my pc in my house in LAN that connected to internet using Zentyal gateway also at my home,
if i may clear it up .. its like below,
192.168.77.xxx/24 ---internal IP---- zentyal Gateway ----external IP---- INTERNET ------ modem ------ Router ---------- Mailserver
192.168.77.199 --- 192.168.77.11 ============= 111.94.40.87----INTERNET---- 118.96.95.99 -- 192.168.10.11--192.168.10.9
what i do not understand is why my home zentyal gateway act as MTA, even i not enabling its module of mails ?
this is the list of modules that i enable in my home zentyal, Network, Firewall, Antivirus, DHCP, DNS, Events, IDS, Logs, Monitoring , NTP, VPN, Traffic Shaping, Users and Groups, Web Server, File Sharing and HTTP Proxy.
The same issues are also happen to all user outside the office using their MUA to send to other account other that local user at welldone-communications.com, as i said almost all dynamic IP given by ISP in my country is considered as spam.
email was receive fine by our mailserver but when it relayed to ISP's smarthost, it get bounced due to deep header check in ISP side.
but, if they send from within the office, the email can got trough with no problem.
That's why i want to forge the legitimate user mail header from outside the office, into something that can got trough this ISP deep header check.
As you see in mail.log above and below with the blue line, it almost the same with before log i send, its using STARTTLS connection (legitimate) .. but i do not know about the lot of "unknown" meaning in there.
Perhaps to be more precise i want to make a same mail header for all TLS connection, for both inside and outside the office MUA.
This is the sample email i send using MUA inside the office, to my account at google.com host, it working fine and receive at my account hosted in google.
source of email receive at my google host account
Delivered-To: bouvy@padepokan-suralaya.co.cc
Received: by 10.229.121.14 with SMTP id f14csp114802qcr;
Fri, 11 May 2012 07:09:43 -0700 (PDT)
Received: by 10.50.212.70 with SMTP id ni6mr1724334igc.30.1336745383288;
Fri, 11 May 2012 07:09:43 -0700 (PDT)
Return-Path: <admin@welldone-communications.com>
Received: from smtp-out094-sv3.telkom.net (smtp-out094-sv3.telkom.net. [125.160.6.94])
by mx.google.com with ESMTPS id dp5si5209246igc.13.2012.05.11.07.09.42
(version=TLSv1/SSLv3 cipher=OTHER);
Fri, 11 May 2012 07:09:43 -0700 (PDT)
Received-SPF: neutral (google.com: 125.160.6.94 is neither permitted nor denied by domain of admin@welldone-communications.com) client-ip=125.160.6.94;
Authentication-Results: mx.google.com; spf=neutral (google.com: 125.160.6.94 is neither permitted nor denied by domain of admin@welldone-communications.com) smtp.mail=admin@welldone-communications.com
Received: from [222.124.18.77] (helo=fm2.smtp.telkom.net)
by smtp-out094-sv3.telkom.net with esmtps (TLSv1:AES256-SHA:256)
id 1SSqUl-00051A-Rk
for bouvy@padepokan-suralaya.co.cc; Fri, 11 May 2012 21:06:59 +0700
Received: from mail.welldone-communications.com (99.static.118-96-95.astinet.telkom.net.id [118.96.95.99] (may be forged))
by fm2.smtp.telkom.net with ESMTP id q4BE9dsY026597-q4BE9dsa026597
(version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=CAFAIL)
for <bouvy@padepokan-suralaya.co.cc>; Fri, 11 May 2012 21:09:40 +0700
Received: from localhost (localhost [127.0.0.1])
by mail.welldone-communications.com (Postfix) with ESMTP id E5D6110049351
for <bouvy@padepokan-suralaya.co.cc>; Fri, 11 May 2012 21:09:38 +0700 (WIT)
X-Virus-Scanned: by amavisd-new-2.6.4 (20090625) (Debian) at localdomain
Received: from mail.welldone-communications.com ([127.0.0.1])
by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 7NrGBo5VJCJS for <bouvy@padepokan-suralaya.co.cc>;
Fri, 11 May 2012 21:09:38 +0700 (WIT)
Received: from [127.0.0.1] (unknown [192.168.10.30])
by mail.welldone-communications.com (Postfix) with ESMTPSA id AACF810049341
for <bouvy@padepokan-suralaya.co.cc>; Fri, 11 May 2012 21:09:38 +0700 (WIT)
Message-ID: <4FAD1DA0.2070405@welldone-communications.com>
Date: Fri, 11 May 2012 07:09:36 -0700
From: Admin Test <admin@welldone-communications.com>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: bouvy@padepokan-suralaya.co.cc
Subject: test inside to outside
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
test inside to outside
log from mail.log
May 11 21:09:38 WELLDONE2 postfix/smtpd[9860]: setting up TLS connection from unknown[192.168.10.30]
May 11 21:09:38 WELLDONE2 postfix/smtpd[9860]: Anonymous TLS connection established from unknown[192.168.10.30]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
May 11 21:09:38 WELLDONE2 postfix/smtpd[9860]: AACF810049341: client=unknown[192.168.10.30], sasl_method=PLAIN, sasl_username=admin@welldone-communications.com
May 11 21:09:38 WELLDONE2 postfix/cleanup[9862]: AACF810049341: message-id=<4FAD1DA0.2070405@welldone-communications.com>
May 11 21:09:38 WELLDONE2 postfix/qmgr[1867]: AACF810049341: from=<admin@welldone-communications.com>, size=656, nrcpt=1 (queue active)
May 11 21:09:38 WELLDONE2 amavis[5077]: (05077-05) ESMTP::10024 /var/lib/amavis/amavis-20120511T193428-05077: <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc> SIZE=656 Received: from mail.welldone-communications.com ([127.0.0.1]) by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <bouvy@padepokan-suralaya.co.cc>; Fri, 11 May 2012 21:09:38 +0700 (WIT)
May 11 21:09:38 WELLDONE2 postfix/smtpd[9860]: disconnect from unknown[192.168.10.30]
May 11 21:09:38 WELLDONE2 amavis[5077]: (05077-05) Checking: 7NrGBo5VJCJS [192.168.10.30] <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>
May 11 21:09:38 WELLDONE2 amavis[5077]: (05077-05) Open relay? Nonlocal recips but not originating: bouvy@padepokan-suralaya.co.cc
May 11 21:09:38 WELLDONE2 postfix/smtpd[9868]: connect from localhost[127.0.0.1]
May 11 21:09:38 WELLDONE2 postfix/smtpd[9868]: E5D6110049351: client=localhost[127.0.0.1]
May 11 21:09:38 WELLDONE2 postfix/cleanup[9869]: E5D6110049351: message-id=<4FAD1DA0.2070405@welldone-communications.com>
May 11 21:09:38 WELLDONE2 postfix/qmgr[1867]: E5D6110049351: from=<admin@welldone-communications.com>, size=1181, nrcpt=1 (queue active)
May 11 21:09:38 WELLDONE2 postfix/smtpd[9868]: disconnect from localhost[127.0.0.1]
May 11 21:09:38 WELLDONE2 amavis[5077]: (05077-05) FWD via SMTP: <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>,BODY=7BIT 250 2.0.0 Ok, id=05077-05, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E5D6110049351
May 11 21:09:38 WELLDONE2 amavis[5077]: (05077-05) Passed, <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>, quarantine 7NrGBo5VJCJS, Message-ID: <4FAD1DA0.2070405@welldone-communications.com>,
May 11 21:09:38 WELLDONE2 amavis[5077]: (05077-05) Hits: -0.2
May 11 21:09:38 WELLDONE2 amavis[5077]: (05077-05) Passed CLEAN, <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>, Hits: -0.2, tag=0, tag2=5, kill=5, queued_as: E5D6110049351, 0/Y/0/0
May 11 21:09:38 WELLDONE2 postfix/smtp[9863]: AACF810049341: to=<bouvy@padepokan-suralaya.co.cc>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.27, delays=0.13/0/0/0.13, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=05077-05, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E5D6110049351)
May 11 21:09:38 WELLDONE2 postfix/qmgr[1867]: AACF810049341: removed
May 11 21:09:39 WELLDONE2 postfix/smtp[9920]: certificate verification failed for smtp.telkom.net[222.124.18.79]:25: untrusted issuer /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com
May 11 21:09:40 WELLDONE2 postfix/smtp[9920]: E5D6110049351: to=<bouvy@padepokan-suralaya.co.cc>, relay=smtp.telkom.net[222.124.18.79]:25, delay=1.4, delays=0/0.01/0.47/0.93, dsn=2.0.0, status=sent (250 2.0.0 q4BE9dsY026597-q4BE9dsa026597 Message accepted for delivery)
May 11 21:09:40 WELLDONE2 postfix/qmgr[1867]: E5D6110049351: removed
Many Thanks for looking into this long log, I read several times and still thinking the forged mail header will resolve this issue but i couldn't manage to do that.
Regards
7
Installation and Upgrades / Re: how to enable outgoing to use only port 587
« on: May 09, 2012, 09:21:55 pm »
Dear Christian,
1 - Which one do you want to forge and why?
I need to change only the header on MUA to MTA, i send you the log for this below and from where / what i use to send it.
Below is the mail.log when i use thunderbird from outside office send to my account hosted at google.
May 10 01:51:11 WELLDONE2 postfix/smtpd[2773]: connect from unknown[111.94.40.87]
May 10 01:51:11 WELLDONE2 postfix/smtpd[2773]: setting up TLS connection from unknown[111.94.40.87]
May 10 01:51:11 WELLDONE2 postfix/smtpd[2773]: Anonymous TLS connection established from unknown[111.94.40.87]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
May 10 01:51:12 WELLDONE2 postfix/smtpd[2773]: 0A9DB1002EF9D: client=unknown[111.94.40.87], sasl_method=PLAIN, sasl_username=admin@welldone-communications.com
May 10 01:51:12 WELLDONE2 postfix/cleanup[2777]: 0A9DB1002EF9D: message-id=<4FAABA36.7080500@welldone-communications.com>
May 10 01:51:12 WELLDONE2 postfix/qmgr[1867]: 0A9DB1002EF9D: from=<admin@welldone-communications.com>, size=731, nrcpt=1 (queue active)
May 10 01:51:12 WELLDONE2 amavis[20059]: (20059-10) ESMTP::10024 /var/lib/amavis/amavis-20120509T191708-20059: <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc> SIZE=731 Received: from mail.welldone-communications.com ([127.0.0.1]) by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <bouvy@padepokan-suralaya.co.cc>; Thu, 10 May 2012 01:51:12 +0700 (WIT)
May 10 01:51:12 WELLDONE2 postfix/smtpd[2773]: disconnect from unknown[111.94.40.87]
May 10 01:51:12 WELLDONE2 amavis[20059]: (20059-10) Checking: Ct8nP0AKdurh [111.94.40.87] <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>
May 10 01:51:12 WELLDONE2 amavis[20059]: (20059-10) Open relay? Nonlocal recips but not originating: bouvy@padepokan-suralaya.co.cc
May 10 01:51:15 WELLDONE2 postfix/smtpd[2782]: connect from localhost[127.0.0.1]
May 10 01:51:15 WELLDONE2 postfix/smtpd[2782]: 6CD7710048BD5: client=localhost[127.0.0.1]
May 10 01:51:15 WELLDONE2 postfix/cleanup[2783]: 6CD7710048BD5: message-id=<4FAABA36.7080500@welldone-communications.com>
May 10 01:51:15 WELLDONE2 postfix/qmgr[1867]: 6CD7710048BD5: from=<admin@welldone-communications.com>, size=1256, nrcpt=1 (queue active)
May 10 01:51:15 WELLDONE2 postfix/smtpd[2782]: disconnect from localhost[127.0.0.1]
May 10 01:51:15 WELLDONE2 amavis[20059]: (20059-10) FWD via SMTP: <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>,BODY=7BIT 250 2.0.0 Ok, id=20059-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6CD7710048BD5
May 10 01:51:15 WELLDONE2 amavis[20059]: (20059-10) Passed, <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>, quarantine Ct8nP0AKdurh, Message-ID: <4FAABA36.7080500@welldone-communications.com>,
May 10 01:51:15 WELLDONE2 amavis[20059]: (20059-10) Hits: -0.2
May 10 01:51:15 WELLDONE2 amavis[20059]: (20059-10) Passed CLEAN, <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>, Hits: -0.2, tag=0, tag2=5, kill=5, queued_as: 6CD7710048BD5, 0/Y/0/0
May 10 01:51:15 WELLDONE2 postfix/smtp[2778]: 0A9DB1002EF9D: to=<bouvy@padepokan-suralaya.co.cc>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.4, delays=0.12/0.01/0/3.3, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=20059-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6CD7710048BD5)
May 10 01:51:15 WELLDONE2 postfix/qmgr[1867]: 0A9DB1002EF9D: removed
May 10 01:51:16 WELLDONE2 postfix/smtp[2784]: certificate verification failed for smtp.telkom.net[222.124.18.79]:25: untrusted issuer /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com
May 10 01:51:23 WELLDONE2 postfix/smtp[2784]: 6CD7710048BD5: to=<bouvy@padepokan-suralaya.co.cc>, relay=smtp.telkom.net[222.124.18.79]:25, delay=8, delays=0.01/0.01/0.81/7.1, dsn=5.7.1, status=bounced (host smtp.telkom.net[222.124.18.79] said: 554 5.7.1 Message refused by DeepHeader check. This email has been rejected. The email message was detected as spam. (in reply to end of DATA command))
May 10 01:51:23 WELLDONE2 postfix/cleanup[2783]: 6169E1002EF9D: message-id=<20120509185123.6169E1002EF9D@mail.welldone-communications.com>
May 10 01:51:23 WELLDONE2 postfix/bounce[2815]: 6CD7710048BD5: sender non-delivery notification: 6169E1002EF9D
May 10 01:51:23 WELLDONE2 postfix/qmgr[1867]: 6169E1002EF9D: from=<>, size=3661, nrcpt=1 (queue active)
May 10 01:51:23 WELLDONE2 postfix/qmgr[1867]: 6CD7710048BD5: removed
May 10 01:51:23 WELLDONE2 dovecot: deliver(admin@welldone-communications.com): msgid=<20120509185123.6169E1002EF9D@mail.welldone-communications.com>: saved mail to INBOX
May 10 01:51:23 WELLDONE2 postfix/pipe[2816]: 6169E1002EF9D: to=<admin@welldone-communications.com>, relay=dovecot, delay=0.02, delays=0/0/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)
May 10 01:51:23 WELLDONE2 postfix/qmgr[1867]: 6169E1002EF9D: removed
and my email is bounced back with notice on my MUA is below,
From - Thu May 10 01:44:08 2012
X-Account-Key: account6
X-UIDL: 0000be804d16c61c
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <MAILER-DAEMON>
Delivered-To: admin@welldone-communications.com
Received: by mail.welldone-communications.com (Postfix)
id 6169E1002EF9D; Thu, 10 May 2012 01:51:23 +0700 (WIT)
Date: Thu, 10 May 2012 01:51:23 +0700 (WIT)
From: MAILER-DAEMON@mail.welldone-communications.com (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: admin@welldone-communications.com
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="6CD7710048BD5.1336589483/mail.welldone-communications.com"
Content-Transfer-Encoding: 7bit
Message-Id: <20120509185123.6169E1002EF9D@mail.welldone-communications.com>
This is a MIME-encapsulated message.
--6CD7710048BD5.1336589483/mail.welldone-communications.com
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii
This is the mail system at host mail.welldone-communications.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<bouvy@padepokan-suralaya.co.cc>: host smtp.telkom.net[222.124.18.79] said: 554
5.7.1 Message refused by DeepHeader check. This email has been rejected.
The email message was detected as spam. (in reply to end of DATA command)
--6CD7710048BD5.1336589483/mail.welldone-communications.com
Content-Description: Delivery report
Content-Type: message/delivery-status
Reporting-MTA: dns; mail.welldone-communications.com
X-Postfix-Queue-ID: 6CD7710048BD5
X-Postfix-Sender: rfc822; admin@welldone-communications.com
Arrival-Date: Thu, 10 May 2012 01:51:15 +0700 (WIT)
Final-Recipient: rfc822; bouvy@padepokan-suralaya.co.cc
Original-Recipient: rfc822;bouvy@padepokan-suralaya.co.cc
Action: failed
Status: 5.7.1
Remote-MTA: dns; smtp.telkom.net
Diagnostic-Code: smtp; 554 5.7.1 Message refused by DeepHeader check. This
email has been rejected. The email message was detected as spam.
--6CD7710048BD5.1336589483/mail.welldone-communications.com
Content-Description: Undelivered Message
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Return-Path: <admin@welldone-communications.com>
Received: from localhost (localhost [127.0.0.1])
by mail.welldone-communications.com (Postfix) with ESMTP id 6CD7710048BD5
for <bouvy@padepokan-suralaya.co.cc>; Thu, 10 May 2012 01:51:15 +0700 (WIT)
X-Virus-Scanned: by amavisd-new-2.6.4 (20090625) (Debian) at localdomain
Received: from mail.welldone-communications.com ([127.0.0.1])
by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Ct8nP0AKdurh for <bouvy@padepokan-suralaya.co.cc>;
Thu, 10 May 2012 01:51:12 +0700 (WIT)
Received: from [192.168.77.199] (unknown [111.94.40.87])
by mail.welldone-communications.com (Postfix) with ESMTPSA id 0A9DB1002EF9D
for <bouvy@padepokan-suralaya.co.cc>; Thu, 10 May 2012 01:51:12 +0700 (WIT)
Message-ID: <4FAABA36.7080500@welldone-communications.com>
Date: Thu, 10 May 2012 01:40:54 +0700
From: Admin WDC <admin@welldone-communications.com>
Reply-To: admin@welldone-communications.com
Organization: Welldone Communications
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: 'Bouvy Teguh Artono' <bouvy@padepokan-suralaya.co.cc>
Subject: test
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
test
--6CD7710048BD5.1336589483/mail.welldone-communications.com--
Below is the mail.log when i use webmail from outside office send to my account hosted at google.
May 10 01:58:13 WELLDONE2 dovecot: imap-login: Login: user=<admin@welldone-communications.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
May 10 01:58:13 WELLDONE2 postfix/smtpd[3059]: connect from localhost[127.0.0.1]
May 10 01:58:13 WELLDONE2 postfix/smtpd[3059]: 88D921002EF9D: client=localhost[127.0.0.1]
May 10 01:58:13 WELLDONE2 postfix/cleanup[3062]: 88D921002EF9D: message-id=<e5a5b4119c95ec5f78ffc0839928536d@127.0.0.1>
May 10 01:58:13 WELLDONE2 postfix/qmgr[1867]: 88D921002EF9D: from=<admin@welldone-communications.com>, size=641, nrcpt=1 (queue active)
May 10 01:58:13 WELLDONE2 dovecot: IMAP(admin@welldone-communications.com): Disconnected: Logged out bytes=470/566
May 10 01:58:13 WELLDONE2 postfix/smtpd[3059]: disconnect from localhost[127.0.0.1]
May 10 01:58:13 WELLDONE2 amavis[23095]: (23095-08) ESMTP::10024 /var/lib/amavis/amavis-20120509T210042-23095: <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc> SIZE=641 BODY=8BITMIME Received: from mail.welldone-communications.com ([127.0.0.1]) by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <bouvy@padepokan-suralaya.co.cc>; Thu, 10 May 2012 01:58:13 +0700 (WIT)
May 10 01:58:13 WELLDONE2 amavis[23095]: (23095-08) Checking: ttopoRPDXh6r [127.0.0.1] <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>
May 10 01:58:13 WELLDONE2 amavis[23095]: (23095-08) Open relay? Nonlocal recips but not originating: bouvy@padepokan-suralaya.co.cc
May 10 01:58:13 WELLDONE2 dovecot: imap-login: Login: user=<admin@welldone-communications.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
May 10 01:58:13 WELLDONE2 dovecot: IMAP(admin@welldone-communications.com): Disconnected: Logged out bytes=499/30523
May 10 01:58:14 WELLDONE2 dovecot: imap-login: Login: user=<admin@welldone-communications.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
May 10 01:58:14 WELLDONE2 dovecot: IMAP(admin@welldone-communications.com): Disconnected: Logged out bytes=392/3721
May 10 01:58:16 WELLDONE2 postfix/smtpd[3074]: connect from localhost[127.0.0.1]
May 10 01:58:16 WELLDONE2 postfix/smtpd[3074]: D244010048BCB: client=localhost[127.0.0.1]
May 10 01:58:16 WELLDONE2 postfix/cleanup[3062]: D244010048BCB: message-id=<e5a5b4119c95ec5f78ffc0839928536d@127.0.0.1>
May 10 01:58:16 WELLDONE2 postfix/qmgr[1867]: D244010048BCB: from=<admin@welldone-communications.com>, size=1166, nrcpt=1 (queue active)
May 10 01:58:16 WELLDONE2 amavis[23095]: (23095-08) FWD via SMTP: <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>,BODY=7BIT 250 2.0.0 Ok, id=23095-08, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D244010048BCB
May 10 01:58:16 WELLDONE2 postfix/smtpd[3074]: disconnect from localhost[127.0.0.1]
May 10 01:58:16 WELLDONE2 amavis[23095]: (23095-08) Passed, <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>, quarantine ttopoRPDXh6r, Message-ID: <e5a5b4119c95ec5f78ffc0839928536d@127.0.0.1>,
May 10 01:58:16 WELLDONE2 amavis[23095]: (23095-08) Hits: -0.2
May 10 01:58:16 WELLDONE2 amavis[23095]: (23095-08) Passed CLEAN, <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>, Hits: -0.2, tag=0, tag2=5, kill=5, queued_as: D244010048BCB, 0/Y/0/0
May 10 01:58:16 WELLDONE2 postfix/smtp[3063]: 88D921002EF9D: to=<bouvy@padepokan-suralaya.co.cc>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.3, delays=0.01/0.01/0/3.3, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=23095-08, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D244010048BCB)
May 10 01:58:16 WELLDONE2 postfix/qmgr[1867]: 88D921002EF9D: removed
May 10 01:58:17 WELLDONE2 postfix/smtp[3075]: certificate verification failed for smtp.telkom.net[222.124.18.79]:25: untrusted issuer /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com
May 10 01:58:23 WELLDONE2 postfix/smtp[3075]: D244010048BCB: to=<bouvy@padepokan-suralaya.co.cc>, relay=smtp.telkom.net[222.124.18.79]:25, delay=6.4, delays=0/0.01/0.39/6, dsn=2.0.0, status=sent (250 2.0.0 q49IwH65025141-q49IwH67025141 Message accepted for delivery)
May 10 01:58:23 WELLDONE2 postfix/qmgr[1867]: D244010048BCB: removed
my email got trough, and i see the receive source as below
Delivered-To: bouvy@padepokan-suralaya.co.cc
Received: by 10.229.131.100 with SMTP id w36csp18207qcs;
Wed, 9 May 2012 11:58:29 -0700 (PDT)
Received: by 10.68.217.37 with SMTP id ov5mr12210106pbc.25.1336589908652;
Wed, 09 May 2012 11:58:28 -0700 (PDT)
Return-Path: <admin@welldone-communications.com>
Received: from smtp-out0248-sv2.telkom.net (smtp-out0248-sv2.telkom.net. [125.160.10.248])
by mx.google.com with ESMTPS id ql3si147373pbc.183.2012.05.09.11.58.28
(version=TLSv1/SSLv3 cipher=OTHER);
Wed, 09 May 2012 11:58:28 -0700 (PDT)
Received-SPF: neutral (google.com: 125.160.10.248 is neither permitted nor denied by domain of admin@welldone-communications.com) client-ip=125.160.10.248;
Authentication-Results: mx.google.com; spf=neutral (google.com: 125.160.10.248 is neither permitted nor denied by domain of admin@welldone-communications.com) smtp.mail=admin@welldone-communications.com
Received: from [222.124.18.76] (helo=fm1.smtp.telkom.net)
by smtp-out0248-sv2.telkom.net with esmtps (TLSv1:AES256-SHA:256)
id 1SSC5i-0008VP-3C
for bouvy@padepokan-suralaya.co.cc; Thu, 10 May 2012 01:58:26 +0700
Received: from mail.welldone-communications.com (99.static.118-96-95.astinet.telkom.net.id [118.96.95.99] (may be forged))
by fm1.smtp.telkom.net with ESMTP id q49IwH65025141-q49IwH67025141
(version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=CAFAIL)
for <bouvy@padepokan-suralaya.co.cc>; Thu, 10 May 2012 01:58:23 +0700
Received: from localhost (localhost [127.0.0.1])
by mail.welldone-communications.com (Postfix) with ESMTP id D244010048BCB
for <bouvy@padepokan-suralaya.co.cc>; Thu, 10 May 2012 01:58:16 +0700 (WIT)
X-Virus-Scanned: by amavisd-new-2.6.4 (20090625) (Debian) at localdomain
Received: from mail.welldone-communications.com ([127.0.0.1])
by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id ttopoRPDXh6r for <bouvy@padepokan-suralaya.co.cc>;
Thu, 10 May 2012 01:58:13 +0700 (WIT)
Received: from mail.welldone-communications.com (localhost [127.0.0.1])
by mail.welldone-communications.com (Postfix) with ESMTP id 88D921002EF9D
for <bouvy@padepokan-suralaya.co.cc>; Thu, 10 May 2012 01:58:13 +0700 (WIT)
MIME-Version: 1.0
Date: Thu, 10 May 2012 01:58:13 +0700
From: <admin@welldone-communications.com>
To: <bouvy@padepokan-suralaya.co.cc>
Subject: test webmail to google
Message-ID: <e5a5b4119c95ec5f78ffc0839928536d@127.0.0.1>
X-Sender: admin@welldone-communications.com
User-Agent: RoundCube Webmail/0.3.1
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset=UTF-8
test webmail to google
So i figure perhaps i could forged the header of outside office MUA like
Received: from [192.168.77.199] (unknown [111.94.40.87]
into something like webmail
Received: from mail.welldone-communications.com (localhost [127.0.0.1])
2 - SMTP error code is missing. Is it always "spam detected"?
Yes all email form outside office MUA going to outside account always giving this error as example,
Final-Recipient: rfc822; bouvy@padepokan-suralaya.co.cc
Original-Recipient: rfc822;bouvy@padepokan-suralaya.co.cc
Action: failed
Status: 5.7.1
Remote-MTA: dns; smtp.telkom.net
Diagnostic-Code: smtp; 554 5.7.1 Message refused by DeepHeader check. This
email has been rejected. The email message was detected as spam.
I am on outside office duty for several days now, but i will try to send the log using inside office MUA.
the only spamlister is spamrats and one singaporean spamlister. spamrat asking for only one records in PTR, the singaporean spamlister doesn't have any info on how to remove that.
the PTR records is still got two records and I still ask the ISP to change that.
Thank n regards
Bouvy
1 - Which one do you want to forge and why?
I need to change only the header on MUA to MTA, i send you the log for this below and from where / what i use to send it.
Below is the mail.log when i use thunderbird from outside office send to my account hosted at google.
May 10 01:51:11 WELLDONE2 postfix/smtpd[2773]: connect from unknown[111.94.40.87]
May 10 01:51:11 WELLDONE2 postfix/smtpd[2773]: setting up TLS connection from unknown[111.94.40.87]
May 10 01:51:11 WELLDONE2 postfix/smtpd[2773]: Anonymous TLS connection established from unknown[111.94.40.87]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
May 10 01:51:12 WELLDONE2 postfix/smtpd[2773]: 0A9DB1002EF9D: client=unknown[111.94.40.87], sasl_method=PLAIN, sasl_username=admin@welldone-communications.com
May 10 01:51:12 WELLDONE2 postfix/cleanup[2777]: 0A9DB1002EF9D: message-id=<4FAABA36.7080500@welldone-communications.com>
May 10 01:51:12 WELLDONE2 postfix/qmgr[1867]: 0A9DB1002EF9D: from=<admin@welldone-communications.com>, size=731, nrcpt=1 (queue active)
May 10 01:51:12 WELLDONE2 amavis[20059]: (20059-10) ESMTP::10024 /var/lib/amavis/amavis-20120509T191708-20059: <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc> SIZE=731 Received: from mail.welldone-communications.com ([127.0.0.1]) by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <bouvy@padepokan-suralaya.co.cc>; Thu, 10 May 2012 01:51:12 +0700 (WIT)
May 10 01:51:12 WELLDONE2 postfix/smtpd[2773]: disconnect from unknown[111.94.40.87]
May 10 01:51:12 WELLDONE2 amavis[20059]: (20059-10) Checking: Ct8nP0AKdurh [111.94.40.87] <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>
May 10 01:51:12 WELLDONE2 amavis[20059]: (20059-10) Open relay? Nonlocal recips but not originating: bouvy@padepokan-suralaya.co.cc
May 10 01:51:15 WELLDONE2 postfix/smtpd[2782]: connect from localhost[127.0.0.1]
May 10 01:51:15 WELLDONE2 postfix/smtpd[2782]: 6CD7710048BD5: client=localhost[127.0.0.1]
May 10 01:51:15 WELLDONE2 postfix/cleanup[2783]: 6CD7710048BD5: message-id=<4FAABA36.7080500@welldone-communications.com>
May 10 01:51:15 WELLDONE2 postfix/qmgr[1867]: 6CD7710048BD5: from=<admin@welldone-communications.com>, size=1256, nrcpt=1 (queue active)
May 10 01:51:15 WELLDONE2 postfix/smtpd[2782]: disconnect from localhost[127.0.0.1]
May 10 01:51:15 WELLDONE2 amavis[20059]: (20059-10) FWD via SMTP: <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>,BODY=7BIT 250 2.0.0 Ok, id=20059-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6CD7710048BD5
May 10 01:51:15 WELLDONE2 amavis[20059]: (20059-10) Passed, <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>, quarantine Ct8nP0AKdurh, Message-ID: <4FAABA36.7080500@welldone-communications.com>,
May 10 01:51:15 WELLDONE2 amavis[20059]: (20059-10) Hits: -0.2
May 10 01:51:15 WELLDONE2 amavis[20059]: (20059-10) Passed CLEAN, <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>, Hits: -0.2, tag=0, tag2=5, kill=5, queued_as: 6CD7710048BD5, 0/Y/0/0
May 10 01:51:15 WELLDONE2 postfix/smtp[2778]: 0A9DB1002EF9D: to=<bouvy@padepokan-suralaya.co.cc>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.4, delays=0.12/0.01/0/3.3, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=20059-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6CD7710048BD5)
May 10 01:51:15 WELLDONE2 postfix/qmgr[1867]: 0A9DB1002EF9D: removed
May 10 01:51:16 WELLDONE2 postfix/smtp[2784]: certificate verification failed for smtp.telkom.net[222.124.18.79]:25: untrusted issuer /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com
May 10 01:51:23 WELLDONE2 postfix/smtp[2784]: 6CD7710048BD5: to=<bouvy@padepokan-suralaya.co.cc>, relay=smtp.telkom.net[222.124.18.79]:25, delay=8, delays=0.01/0.01/0.81/7.1, dsn=5.7.1, status=bounced (host smtp.telkom.net[222.124.18.79] said: 554 5.7.1 Message refused by DeepHeader check. This email has been rejected. The email message was detected as spam. (in reply to end of DATA command))
May 10 01:51:23 WELLDONE2 postfix/cleanup[2783]: 6169E1002EF9D: message-id=<20120509185123.6169E1002EF9D@mail.welldone-communications.com>
May 10 01:51:23 WELLDONE2 postfix/bounce[2815]: 6CD7710048BD5: sender non-delivery notification: 6169E1002EF9D
May 10 01:51:23 WELLDONE2 postfix/qmgr[1867]: 6169E1002EF9D: from=<>, size=3661, nrcpt=1 (queue active)
May 10 01:51:23 WELLDONE2 postfix/qmgr[1867]: 6CD7710048BD5: removed
May 10 01:51:23 WELLDONE2 dovecot: deliver(admin@welldone-communications.com): msgid=<20120509185123.6169E1002EF9D@mail.welldone-communications.com>: saved mail to INBOX
May 10 01:51:23 WELLDONE2 postfix/pipe[2816]: 6169E1002EF9D: to=<admin@welldone-communications.com>, relay=dovecot, delay=0.02, delays=0/0/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)
May 10 01:51:23 WELLDONE2 postfix/qmgr[1867]: 6169E1002EF9D: removed
and my email is bounced back with notice on my MUA is below,
From - Thu May 10 01:44:08 2012
X-Account-Key: account6
X-UIDL: 0000be804d16c61c
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <MAILER-DAEMON>
Delivered-To: admin@welldone-communications.com
Received: by mail.welldone-communications.com (Postfix)
id 6169E1002EF9D; Thu, 10 May 2012 01:51:23 +0700 (WIT)
Date: Thu, 10 May 2012 01:51:23 +0700 (WIT)
From: MAILER-DAEMON@mail.welldone-communications.com (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: admin@welldone-communications.com
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="6CD7710048BD5.1336589483/mail.welldone-communications.com"
Content-Transfer-Encoding: 7bit
Message-Id: <20120509185123.6169E1002EF9D@mail.welldone-communications.com>
This is a MIME-encapsulated message.
--6CD7710048BD5.1336589483/mail.welldone-communications.com
Content-Description: Notification
Content-Type: text/plain; charset=us-ascii
This is the mail system at host mail.welldone-communications.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<bouvy@padepokan-suralaya.co.cc>: host smtp.telkom.net[222.124.18.79] said: 554
5.7.1 Message refused by DeepHeader check. This email has been rejected.
The email message was detected as spam. (in reply to end of DATA command)
--6CD7710048BD5.1336589483/mail.welldone-communications.com
Content-Description: Delivery report
Content-Type: message/delivery-status
Reporting-MTA: dns; mail.welldone-communications.com
X-Postfix-Queue-ID: 6CD7710048BD5
X-Postfix-Sender: rfc822; admin@welldone-communications.com
Arrival-Date: Thu, 10 May 2012 01:51:15 +0700 (WIT)
Final-Recipient: rfc822; bouvy@padepokan-suralaya.co.cc
Original-Recipient: rfc822;bouvy@padepokan-suralaya.co.cc
Action: failed
Status: 5.7.1
Remote-MTA: dns; smtp.telkom.net
Diagnostic-Code: smtp; 554 5.7.1 Message refused by DeepHeader check. This
email has been rejected. The email message was detected as spam.
--6CD7710048BD5.1336589483/mail.welldone-communications.com
Content-Description: Undelivered Message
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Return-Path: <admin@welldone-communications.com>
Received: from localhost (localhost [127.0.0.1])
by mail.welldone-communications.com (Postfix) with ESMTP id 6CD7710048BD5
for <bouvy@padepokan-suralaya.co.cc>; Thu, 10 May 2012 01:51:15 +0700 (WIT)
X-Virus-Scanned: by amavisd-new-2.6.4 (20090625) (Debian) at localdomain
Received: from mail.welldone-communications.com ([127.0.0.1])
by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Ct8nP0AKdurh for <bouvy@padepokan-suralaya.co.cc>;
Thu, 10 May 2012 01:51:12 +0700 (WIT)
Received: from [192.168.77.199] (unknown [111.94.40.87])
by mail.welldone-communications.com (Postfix) with ESMTPSA id 0A9DB1002EF9D
for <bouvy@padepokan-suralaya.co.cc>; Thu, 10 May 2012 01:51:12 +0700 (WIT)
Message-ID: <4FAABA36.7080500@welldone-communications.com>
Date: Thu, 10 May 2012 01:40:54 +0700
From: Admin WDC <admin@welldone-communications.com>
Reply-To: admin@welldone-communications.com
Organization: Welldone Communications
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20120430 Thunderbird/12.0.1
MIME-Version: 1.0
To: 'Bouvy Teguh Artono' <bouvy@padepokan-suralaya.co.cc>
Subject: test
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
test
--6CD7710048BD5.1336589483/mail.welldone-communications.com--
Below is the mail.log when i use webmail from outside office send to my account hosted at google.
May 10 01:58:13 WELLDONE2 dovecot: imap-login: Login: user=<admin@welldone-communications.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
May 10 01:58:13 WELLDONE2 postfix/smtpd[3059]: connect from localhost[127.0.0.1]
May 10 01:58:13 WELLDONE2 postfix/smtpd[3059]: 88D921002EF9D: client=localhost[127.0.0.1]
May 10 01:58:13 WELLDONE2 postfix/cleanup[3062]: 88D921002EF9D: message-id=<e5a5b4119c95ec5f78ffc0839928536d@127.0.0.1>
May 10 01:58:13 WELLDONE2 postfix/qmgr[1867]: 88D921002EF9D: from=<admin@welldone-communications.com>, size=641, nrcpt=1 (queue active)
May 10 01:58:13 WELLDONE2 dovecot: IMAP(admin@welldone-communications.com): Disconnected: Logged out bytes=470/566
May 10 01:58:13 WELLDONE2 postfix/smtpd[3059]: disconnect from localhost[127.0.0.1]
May 10 01:58:13 WELLDONE2 amavis[23095]: (23095-08) ESMTP::10024 /var/lib/amavis/amavis-20120509T210042-23095: <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc> SIZE=641 BODY=8BITMIME Received: from mail.welldone-communications.com ([127.0.0.1]) by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <bouvy@padepokan-suralaya.co.cc>; Thu, 10 May 2012 01:58:13 +0700 (WIT)
May 10 01:58:13 WELLDONE2 amavis[23095]: (23095-08) Checking: ttopoRPDXh6r [127.0.0.1] <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>
May 10 01:58:13 WELLDONE2 amavis[23095]: (23095-08) Open relay? Nonlocal recips but not originating: bouvy@padepokan-suralaya.co.cc
May 10 01:58:13 WELLDONE2 dovecot: imap-login: Login: user=<admin@welldone-communications.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
May 10 01:58:13 WELLDONE2 dovecot: IMAP(admin@welldone-communications.com): Disconnected: Logged out bytes=499/30523
May 10 01:58:14 WELLDONE2 dovecot: imap-login: Login: user=<admin@welldone-communications.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
May 10 01:58:14 WELLDONE2 dovecot: IMAP(admin@welldone-communications.com): Disconnected: Logged out bytes=392/3721
May 10 01:58:16 WELLDONE2 postfix/smtpd[3074]: connect from localhost[127.0.0.1]
May 10 01:58:16 WELLDONE2 postfix/smtpd[3074]: D244010048BCB: client=localhost[127.0.0.1]
May 10 01:58:16 WELLDONE2 postfix/cleanup[3062]: D244010048BCB: message-id=<e5a5b4119c95ec5f78ffc0839928536d@127.0.0.1>
May 10 01:58:16 WELLDONE2 postfix/qmgr[1867]: D244010048BCB: from=<admin@welldone-communications.com>, size=1166, nrcpt=1 (queue active)
May 10 01:58:16 WELLDONE2 amavis[23095]: (23095-08) FWD via SMTP: <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>,BODY=7BIT 250 2.0.0 Ok, id=23095-08, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D244010048BCB
May 10 01:58:16 WELLDONE2 postfix/smtpd[3074]: disconnect from localhost[127.0.0.1]
May 10 01:58:16 WELLDONE2 amavis[23095]: (23095-08) Passed, <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>, quarantine ttopoRPDXh6r, Message-ID: <e5a5b4119c95ec5f78ffc0839928536d@127.0.0.1>,
May 10 01:58:16 WELLDONE2 amavis[23095]: (23095-08) Hits: -0.2
May 10 01:58:16 WELLDONE2 amavis[23095]: (23095-08) Passed CLEAN, <admin@welldone-communications.com> -> <bouvy@padepokan-suralaya.co.cc>, Hits: -0.2, tag=0, tag2=5, kill=5, queued_as: D244010048BCB, 0/Y/0/0
May 10 01:58:16 WELLDONE2 postfix/smtp[3063]: 88D921002EF9D: to=<bouvy@padepokan-suralaya.co.cc>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.3, delays=0.01/0.01/0/3.3, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=23095-08, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as D244010048BCB)
May 10 01:58:16 WELLDONE2 postfix/qmgr[1867]: 88D921002EF9D: removed
May 10 01:58:17 WELLDONE2 postfix/smtp[3075]: certificate verification failed for smtp.telkom.net[222.124.18.79]:25: untrusted issuer /C=US/ST=California/L=Sunnyvale/O=Fortinet/OU=Certificate Authority/CN=support/emailAddress=support@fortinet.com
May 10 01:58:23 WELLDONE2 postfix/smtp[3075]: D244010048BCB: to=<bouvy@padepokan-suralaya.co.cc>, relay=smtp.telkom.net[222.124.18.79]:25, delay=6.4, delays=0/0.01/0.39/6, dsn=2.0.0, status=sent (250 2.0.0 q49IwH65025141-q49IwH67025141 Message accepted for delivery)
May 10 01:58:23 WELLDONE2 postfix/qmgr[1867]: D244010048BCB: removed
my email got trough, and i see the receive source as below
Delivered-To: bouvy@padepokan-suralaya.co.cc
Received: by 10.229.131.100 with SMTP id w36csp18207qcs;
Wed, 9 May 2012 11:58:29 -0700 (PDT)
Received: by 10.68.217.37 with SMTP id ov5mr12210106pbc.25.1336589908652;
Wed, 09 May 2012 11:58:28 -0700 (PDT)
Return-Path: <admin@welldone-communications.com>
Received: from smtp-out0248-sv2.telkom.net (smtp-out0248-sv2.telkom.net. [125.160.10.248])
by mx.google.com with ESMTPS id ql3si147373pbc.183.2012.05.09.11.58.28
(version=TLSv1/SSLv3 cipher=OTHER);
Wed, 09 May 2012 11:58:28 -0700 (PDT)
Received-SPF: neutral (google.com: 125.160.10.248 is neither permitted nor denied by domain of admin@welldone-communications.com) client-ip=125.160.10.248;
Authentication-Results: mx.google.com; spf=neutral (google.com: 125.160.10.248 is neither permitted nor denied by domain of admin@welldone-communications.com) smtp.mail=admin@welldone-communications.com
Received: from [222.124.18.76] (helo=fm1.smtp.telkom.net)
by smtp-out0248-sv2.telkom.net with esmtps (TLSv1:AES256-SHA:256)
id 1SSC5i-0008VP-3C
for bouvy@padepokan-suralaya.co.cc; Thu, 10 May 2012 01:58:26 +0700
Received: from mail.welldone-communications.com (99.static.118-96-95.astinet.telkom.net.id [118.96.95.99] (may be forged))
by fm1.smtp.telkom.net with ESMTP id q49IwH65025141-q49IwH67025141
(version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=CAFAIL)
for <bouvy@padepokan-suralaya.co.cc>; Thu, 10 May 2012 01:58:23 +0700
Received: from localhost (localhost [127.0.0.1])
by mail.welldone-communications.com (Postfix) with ESMTP id D244010048BCB
for <bouvy@padepokan-suralaya.co.cc>; Thu, 10 May 2012 01:58:16 +0700 (WIT)
X-Virus-Scanned: by amavisd-new-2.6.4 (20090625) (Debian) at localdomain
Received: from mail.welldone-communications.com ([127.0.0.1])
by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id ttopoRPDXh6r for <bouvy@padepokan-suralaya.co.cc>;
Thu, 10 May 2012 01:58:13 +0700 (WIT)
Received: from mail.welldone-communications.com (localhost [127.0.0.1])
by mail.welldone-communications.com (Postfix) with ESMTP id 88D921002EF9D
for <bouvy@padepokan-suralaya.co.cc>; Thu, 10 May 2012 01:58:13 +0700 (WIT)
MIME-Version: 1.0
Date: Thu, 10 May 2012 01:58:13 +0700
From: <admin@welldone-communications.com>
To: <bouvy@padepokan-suralaya.co.cc>
Subject: test webmail to google
Message-ID: <e5a5b4119c95ec5f78ffc0839928536d@127.0.0.1>
X-Sender: admin@welldone-communications.com
User-Agent: RoundCube Webmail/0.3.1
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
charset=UTF-8
test webmail to google
So i figure perhaps i could forged the header of outside office MUA like
Received: from [192.168.77.199] (unknown [111.94.40.87]
into something like webmail
Received: from mail.welldone-communications.com (localhost [127.0.0.1])
2 - SMTP error code is missing. Is it always "spam detected"?
Yes all email form outside office MUA going to outside account always giving this error as example,
Final-Recipient: rfc822; bouvy@padepokan-suralaya.co.cc
Original-Recipient: rfc822;bouvy@padepokan-suralaya.co.cc
Action: failed
Status: 5.7.1
Remote-MTA: dns; smtp.telkom.net
Diagnostic-Code: smtp; 554 5.7.1 Message refused by DeepHeader check. This
email has been rejected. The email message was detected as spam.
I am on outside office duty for several days now, but i will try to send the log using inside office MUA.
the only spamlister is spamrats and one singaporean spamlister. spamrat asking for only one records in PTR, the singaporean spamlister doesn't have any info on how to remove that.
the PTR records is still got two records and I still ask the ISP to change that.
Thank n regards
Bouvy
8
Installation and Upgrades / Re: create user with limited bandwidth.
« on: May 06, 2012, 02:43:00 pm »
Hi, Tisa
I'm not using captive portal yet, but i used almost the same setup, its ue IP base object.
i created a network object for your IP (exp. 172.16.30.12)
add new object's policy under http proxy for above network object, edit the allowed time spec as you need
add new Bandwidth Throttling class 2 delay pools for above network object, edit the bandwitdh as you need.
or you can also use Traffic Shaping submenu Rules to do that.
Hope it help.
I'm not using captive portal yet, but i used almost the same setup, its ue IP base object.
i created a network object for your IP (exp. 172.16.30.12)
add new object's policy under http proxy for above network object, edit the allowed time spec as you need
add new Bandwidth Throttling class 2 delay pools for above network object, edit the bandwitdh as you need.
or you can also use Traffic Shaping submenu Rules to do that.
Hope it help.
9
Installation and Upgrades / Re: how to enable outgoing to use only port 587
« on: May 06, 2012, 02:25:16 pm »
Dear Christian
Sorry for late respond, i was out of town due to family loss almost this whole week
reply from your mail at may 2nd 2012,
- yes, its was mutliple records on the same IP, I ask the ISP to change that but seems the procedure gonna take some days as before
- sorry if its a long description, please be patient with me.
- 192.168.77.199 is your IP address, I mean the one from your mail client. it has no impact.
However, why do you relay via 111.94.40.87 that is unknown (meaning no PTR)
I was at my house and i also use zentyal as gateway for my home network used by my wife, daughter, little brother, sister and some neighbors, in total share internet to 12 user. we do share the internet cost
the 111.94.40.87 is the dynamic public IP (ADSL) in external network of my home zentyal network.
-Hopefully, you are not supposed to forge SMTP headers otherwise you will be tagged as spammer - Realy, i just want to send legitimate mail to outide world from my thunderbird using the office account like the old days.
To me, problems are:
- your MTA IP belonging to range tagged as spammer
too bad almost all ISP in my country who release dynamic public IP were within this range.
even welldone communictions.com static IP is used to be in range. i contact many spamlisted organization to remove this, and suddenly out of nowhere, spamrats insist for the PTR ..
- use of MTA without PTR when outside. why not relaying via Zentyal? or do you have multiple IP for this server?
i am not using my home zentyal as mailserver and i just have this one dynamic IP from ISP. so i use zentyal as gateway, proxy with adblock and content filter, fileserver and virtualbox to share it in my house and some neighbors.
192.168.77.19x/24 is my internal home network,
192.168.77.11 its internal IP of my home zentyal,
111.94.40.87 its the external IP of my home zentyal.
( Zentyal is working great in my house )
my home using FirstMedia as ISP , and at office Welldone Communications.com is using Telkom Speedy.
no i do not have other IP for this:(
In the meantime, do you confirm that:
- mail client is configure to send mail to Zentyal SMTP, either from the LAN or from outside. From outside, it works thanks to authentication.
Almost correct. The Welldone Communications mail server is configured to send email from both LAN and outside, yes it works using authentication, and now workin with port 25, 587 and 465. but when i send using client from outside to outside world, it got bounced back, when I see the log mail, the difference is just the part of header check as before mail, Please see the different between delivered mail (green) adn bounce back mail (red)
Received: from mail.welldone-communications.com (localhost [127.0.0.1]) -- Sample mail send form inside LAN.
by mail.welldone-communications.com (Postfix) with ESMTP id A63A010046DFB
for <bouvy@padepokan-suralaya.co.cc>; Wed, 2 May 2012 04:22:52 +0700 (WIT)
Received: from [192.168.77.199] (unknown [111.94.40.87]) - This send by thunderbird from my house
by mail.welldone-communications.com (Postfix) with ESMTPSA id 693691003ECAF
for <bouvy@padepokan-suralaya.co.cc>; Wed, 2 May 2012 03:42:27 +0700 (WIT)
- Then Zentyal SMTP can be configured either to send mail directly or to relay via smarthost...
before the ISP close all outgoing port 25, the server is working flawlessy for about a year, i was not using ISP smart host at those time but use only the mailserver it self... but when ISP decide to close port 25 and open more secure port as 587 and 465, the problem begin to rise. even if i used the ISP smarthost port 587 or 465.
Seems right now the ISP used by welldone communications.com is using spam filtering technic so called Deep Header Check. and since then welldone communications mailserver begin to experience this trouble. can only send from inside LAN to anywhere .. sending from outside LAN to outside wolrd is giving the same result, bounced ...
using regex to change the header will end up being mark as spammer? I think almost all public mail service like google mail is also remove original IP sender for their user. and change it into theirs... right?
fortunately i still strugle to use the regex to change the header and still cannot change it in zentyal .. stiil looking for some opinion and help for this.
I the mean time i still pursuing the perfect PTR record by the ISP. I report it back when its done
Many Big Thanks n Regards
Bouvy
Sorry for late respond, i was out of town due to family loss almost this whole week
reply from your mail at may 2nd 2012,
- yes, its was mutliple records on the same IP, I ask the ISP to change that but seems the procedure gonna take some days as before
- sorry if its a long description, please be patient with me.
- 192.168.77.199 is your IP address, I mean the one from your mail client. it has no impact.
However, why do you relay via 111.94.40.87 that is unknown (meaning no PTR)
I was at my house and i also use zentyal as gateway for my home network used by my wife, daughter, little brother, sister and some neighbors, in total share internet to 12 user. we do share the internet cost
the 111.94.40.87 is the dynamic public IP (ADSL) in external network of my home zentyal network.
-Hopefully, you are not supposed to forge SMTP headers otherwise you will be tagged as spammer -
Realy, i just want to send legitimate mail to outide world from my thunderbird using the office account like the old days. To me, problems are:
- your MTA IP belonging to range tagged as spammer
too bad
almost all ISP in my country who release dynamic public IP were within this range.even welldone communictions.com static IP is used to be in range. i contact many spamlisted organization to remove this, and suddenly out of nowhere, spamrats insist for the PTR ..
- use of MTA without PTR when outside. why not relaying via Zentyal? or do you have multiple IP for this server?
i am not using my home zentyal as mailserver and i just have this one dynamic IP from ISP. so i use zentyal as gateway, proxy with adblock and content filter, fileserver and virtualbox to share it in my house and some neighbors.
192.168.77.19x/24 is my internal home network,
192.168.77.11 its internal IP of my home zentyal,
111.94.40.87 its the external IP of my home zentyal.
( Zentyal is working great in my house
)my home using FirstMedia as ISP , and at office Welldone Communications.com is using Telkom Speedy.
no i do not have other IP for this:(
In the meantime, do you confirm that:
- mail client is configure to send mail to Zentyal SMTP, either from the LAN or from outside. From outside, it works thanks to authentication.
Almost correct. The Welldone Communications mail server is configured to send email from both LAN and outside, yes it works using authentication, and now workin with port 25, 587 and 465. but when i send using client from outside to outside world, it got bounced back, when I see the log mail, the difference is just the part of header check as before mail, Please see the different between delivered mail (green) adn bounce back mail (red)
Received: from mail.welldone-communications.com (localhost [127.0.0.1]) -- Sample mail send form inside LAN.
by mail.welldone-communications.com (Postfix) with ESMTP id A63A010046DFB
for <bouvy@padepokan-suralaya.co.cc>; Wed, 2 May 2012 04:22:52 +0700 (WIT)
Received: from [192.168.77.199] (unknown [111.94.40.87]) - This send by thunderbird from my house
by mail.welldone-communications.com (Postfix) with ESMTPSA id 693691003ECAF
for <bouvy@padepokan-suralaya.co.cc>; Wed, 2 May 2012 03:42:27 +0700 (WIT)
- Then Zentyal SMTP can be configured either to send mail directly or to relay via smarthost...
before the ISP close all outgoing port 25, the server is working flawlessy for about a year, i was not using ISP smart host at those time but use only the mailserver it self... but when ISP decide to close port 25 and open more secure port as 587 and 465, the problem begin to rise. even if i used the ISP smarthost port 587 or 465.
Seems right now the ISP used by welldone communications.com is using spam filtering technic so called Deep Header Check. and since then welldone communications mailserver begin to experience this trouble. can only send from inside LAN to anywhere .. sending from outside LAN to outside wolrd is giving the same result, bounced ...
using regex to change the header will end up being mark as spammer? I think almost all public mail service like google mail is also remove original IP sender for their user. and change it into theirs... right?
fortunately i still strugle to use the regex to change the header and still cannot change it in zentyal .. stiil looking for some opinion and help for this.
I the mean time i still pursuing the perfect PTR record by the ISP. I report it back when its done
Many Big Thanks n Regards
Bouvy
10
Installation and Upgrades / Re: how to enable outgoing to use only port 587
« on: May 01, 2012, 11:55:43 pm »
Dear Christian
Finaly ISP have done setup the Reverse DNS, now i have this
gopit@MyRig-Lucid:~$ nslookup mail.welldone-communications.com
Server: 192.168.77.11
Address: 192.168.77.11#53
Non-authoritative answer:
mail.welldone-communications.com canonical name = welldone-communications.com.
Name: welldone-communications.com
Address: 118.96.95.99
gopit@MyRig-Lucid:~$ nslookup 118.96.95.99
Server: 192.168.77.11
Address: 192.168.77.11#53
Non-authoritative answer:
99.95.96.118.in-addr.arpa name = mail.welldone-communications.com.
99.95.96.118.in-addr.arpa name = 99.static.118-96-95.astinet.telkom.net.id.
Authoritative answers can be found from:
95.96.118.in-addr.arpa nameserver = dns2.telkom.net.id.
95.96.118.in-addr.arpa nameserver = dns1.telkom.net.id.
but the problem for sending out mail still the same, only send available from within the local LAN,
if i try to send email from outside the LAN using 587 STARTTLS or 465 STARTTLS, it bounced back saying
<bouvy@padepokan-suralaya.co.cc>: host smtp.telkom.net[222.124.18.79] said: 554
5.7.1 Message refused by DeepHeader check. This email has been rejected.
The email message was detected as spam. (in reply to end of DATA command)
but if i send the same email from within Local LAN, it got trough.
i check the mail source, there some different.
1. Send from within LAN to outside
Received: from mail.welldone-communications.com ([127.0.0.1])
by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id izO1E6Ipicl6 for <bouvy@padepokan-suralaya.co.cc>;
Wed, 2 May 2012 04:22:52 +0700 (WIT)
Received: from mail.welldone-communications.com (localhost [127.0.0.1])
by mail.welldone-communications.com (Postfix) with ESMTP id A63A010046DFB
for <bouvy@padepokan-suralaya.co.cc>; Wed, 2 May 2012 04:22:52 +0700 (WIT)
2. send from outside LAN to outside
Received: from mail.welldone-communications.com ([127.0.0.1])
by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id PK8lOPj13fSk for <bouvy@padepokan-suralaya.co.cc>;
Wed, 2 May 2012 03:42:27 +0700 (WIT)
Received: from [192.168.77.199] (unknown [111.94.40.87])
by mail.welldone-communications.com (Postfix) with ESMTPSA id 693691003ECAF
for <bouvy@padepokan-suralaya.co.cc>; Wed, 2 May 2012 03:42:27 +0700 (WIT)
Both the same if i use the ISP smarthost or not using ISP smarthost.
seems the process of DeepHeader check from ISP is making te problem, and have to use replace mail header using regex
and I still cannot done that.
Is it impossible to change mail header in zentyal? i use some tips from google using postfix but still no luck.
Regards
Finaly ISP have done setup the Reverse DNS, now i have this
gopit@MyRig-Lucid:~$ nslookup mail.welldone-communications.com
Server: 192.168.77.11
Address: 192.168.77.11#53
Non-authoritative answer:
mail.welldone-communications.com canonical name = welldone-communications.com.
Name: welldone-communications.com
Address: 118.96.95.99
gopit@MyRig-Lucid:~$ nslookup 118.96.95.99
Server: 192.168.77.11
Address: 192.168.77.11#53
Non-authoritative answer:
99.95.96.118.in-addr.arpa name = mail.welldone-communications.com.
99.95.96.118.in-addr.arpa name = 99.static.118-96-95.astinet.telkom.net.id.
Authoritative answers can be found from:
95.96.118.in-addr.arpa nameserver = dns2.telkom.net.id.
95.96.118.in-addr.arpa nameserver = dns1.telkom.net.id.
but the problem for sending out mail still the same, only send available from within the local LAN,
if i try to send email from outside the LAN using 587 STARTTLS or 465 STARTTLS, it bounced back saying
<bouvy@padepokan-suralaya.co.cc>: host smtp.telkom.net[222.124.18.79] said: 554
5.7.1 Message refused by DeepHeader check. This email has been rejected.
The email message was detected as spam. (in reply to end of DATA command)
but if i send the same email from within Local LAN, it got trough.
i check the mail source, there some different.
1. Send from within LAN to outside
Received: from mail.welldone-communications.com ([127.0.0.1])
by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id izO1E6Ipicl6 for <bouvy@padepokan-suralaya.co.cc>;
Wed, 2 May 2012 04:22:52 +0700 (WIT)
Received: from mail.welldone-communications.com (localhost [127.0.0.1])
by mail.welldone-communications.com (Postfix) with ESMTP id A63A010046DFB
for <bouvy@padepokan-suralaya.co.cc>; Wed, 2 May 2012 04:22:52 +0700 (WIT)
2. send from outside LAN to outside
Received: from mail.welldone-communications.com ([127.0.0.1])
by localhost (WELLDONE2.localdomain [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id PK8lOPj13fSk for <bouvy@padepokan-suralaya.co.cc>;
Wed, 2 May 2012 03:42:27 +0700 (WIT)
Received: from [192.168.77.199] (unknown [111.94.40.87])
by mail.welldone-communications.com (Postfix) with ESMTPSA id 693691003ECAF
for <bouvy@padepokan-suralaya.co.cc>; Wed, 2 May 2012 03:42:27 +0700 (WIT)
Both the same if i use the ISP smarthost or not using ISP smarthost.
seems the process of DeepHeader check from ISP is making te problem, and have to use replace mail header using regex
and I still cannot done that.
Is it impossible to change mail header in zentyal? i use some tips from google using postfix but still no luck.
Regards
11
Installation and Upgrades / Re: how to enable outgoing to use only port 587
« on: April 26, 2012, 10:56:17 pm »
I also done the same with you Toolman, send it to ISP's smarthost:587 using the account from them, but as i said before
unfortunately the ISP smarthost sometimes during work hour were over loaded with heavy mail traffic due to closing of port 25, and our mails cannot got trough them. so some mail got trough, and some don't. ,
so as Christian said, I like to consider other options like using just the zentyal and internet connection from ISP using opened port 587, no smarthost, and got stuck with spam issues from spamrat and blackholes.five-ten-sg.com (all with "your IP is on spammer list subnet"), bounce mail and need PTR to resolve that.
I wonder why the spamlister organization just block the whole subnet, and ignore request of removing just one clean IP,
even they cannot prove my IP is sending a spam, just some IP in the ISP subnet doing so, and my IP got busted also.
but there's an option for some cash, they can remove you for sometime, and its only on some spamlister, not paying and got clean on whole spamlister organization. had to pay to each one of them i guess. so a working PTR is a must these days.
Like if you are really a good guy living in a bad neighbourhood, you are treated the same as bad as them, and you can pay the cop to mark you clean for sometime, and only on their jurisdiction. Outside that you have to pay again to some other .
PS : no offense mean to the good cop.
our ISP is not yet setup the reverse DNS as i requested, so i think i also have to call them every single day while experiment with the regex header change.
I just try to remove all header not replace, and mailfilter not working haha, i get back to the backup config before more spam coming, and mailfilter working again .. quite a rush watching the mail log. Back to regex reading again .. something i must be missing.. placement of header_checks options ? the regex itself ? perhaps its not in the postfix side, but on mailfilter side?
oh yes, now i close / drop all outgoing using port 25 to internet, just 587 and 465. incoming is not change, still accepting 25, 465, 587, 143 all with STARTTLS.
anyone ever had a success changing the mail header before sending it out in zentyal?
Regards
unfortunately the ISP smarthost sometimes during work hour were over loaded with heavy mail traffic due to closing of port 25, and our mails cannot got trough them. so some mail got trough
, and some don't. , so as Christian said, I like to consider other options like using just the zentyal and internet connection from ISP using opened port 587, no smarthost, and got stuck with spam issues from spamrat and blackholes.five-ten-sg.com (all with "your IP is on spammer list subnet"), bounce mail and need PTR to resolve that.
I wonder why the spamlister organization just block the whole subnet, and ignore request of removing just one clean IP,
even they cannot prove my IP is sending a spam, just some IP in the ISP subnet doing so, and my IP got busted also.
but there's an option for some cash, they can remove you for sometime, and its only on some spamlister, not paying and got clean on whole spamlister organization. had to pay to each one of them i guess. so a working PTR is a must these days.
Like if you are really a good guy living in a bad neighbourhood, you are treated the same as bad as them, and you can pay the cop to mark you clean for sometime, and only on their jurisdiction. Outside that you have to pay again to some other .
PS : no offense mean to the good cop.
our ISP is not yet setup the reverse DNS as i requested, so i think i also have to call them every single day while experiment with the regex header change.
I just try to remove all header not replace, and mailfilter not working haha, i get back to the backup config before more spam coming, and mailfilter working again .. quite a rush watching the mail log. Back to regex reading again .. something i must be missing.. placement of header_checks options ? the regex itself ? perhaps its not in the postfix side, but on mailfilter side?
oh yes, now i close / drop all outgoing using port 25 to internet, just 587 and 465. incoming is not change, still accepting 25, 465, 587, 143 all with STARTTLS.
anyone ever had a success changing the mail header before sending it out in zentyal?
Regards
12
Installation and Upgrades / Re: how to enable outgoing to use only port 587
« on: April 25, 2012, 11:18:06 pm »
Dear Christian,
still ISP do not resolve our issue for reverse DNS, they said to keep on wait for the next 48hours again.
i was checkup the mail.log and found out that if i send from inside LAN (at office) it got trough.
but if it is send from WAN (outside office) even using port 587 or 465 is it going to be rejected by ISP.
i cek the message source and see something,
if i send from inside the office, it got trough, the message source is like below
Received: from [192.168.10.100] (unknown [192.168.10.100])
by WELLDONE2 (Postfix) with ESMTPSA id 8952D100322B2
for <bouvy@padepokan-suralaya.co.cc>; Tue, 24 Apr 2012 14:56:56 +0700 (WIT)
if i send from ouside the office, it bounced, the message is like below
Received: from [192.168.77.199] (unknown [111.94.127.137])
by WELLDONE2 (Postfix) with ESMTPSA id 2181110046C02
for <bouvy@padepokan-suralaya.co.cc>; Wed, 25 Apr 2012 04:19:22 +0700 (WIT)
i think it was cause by the header.
i browse and look around for solution regarding rewriting the header in postfix, using regex, using header_checks option, etc and had no luck to make it work in zentyal.
i just wonder how to change the line "Received: from [192.168.77.199] (unknown [111.94.127.137])"
into something like "Received: from [192.168.10.9] (localhost [127.0.0.1])"
could you help me on this ?
Regards
still ISP do not resolve our issue for reverse DNS, they said to keep on wait for the next 48hours again.
i was checkup the mail.log and found out that if i send from inside LAN (at office) it got trough.
but if it is send from WAN (outside office) even using port 587 or 465 is it going to be rejected by ISP.
i cek the message source and see something,
if i send from inside the office, it got trough, the message source is like below
Received: from [192.168.10.100] (unknown [192.168.10.100])
by WELLDONE2 (Postfix) with ESMTPSA id 8952D100322B2
for <bouvy@padepokan-suralaya.co.cc>; Tue, 24 Apr 2012 14:56:56 +0700 (WIT)
if i send from ouside the office, it bounced, the message is like below
Received: from [192.168.77.199] (unknown [111.94.127.137])
by WELLDONE2 (Postfix) with ESMTPSA id 2181110046C02
for <bouvy@padepokan-suralaya.co.cc>; Wed, 25 Apr 2012 04:19:22 +0700 (WIT)
i think it was cause by the header.
i browse and look around for solution regarding rewriting the header in postfix, using regex, using header_checks option, etc and had no luck to make it work in zentyal.
i just wonder how to change the line "Received: from [192.168.77.199] (unknown [111.94.127.137])"
into something like "Received: from [192.168.10.9] (localhost [127.0.0.1])"
could you help me on this ?
Regards
13
Installation and Upgrades / Re: how to enable outgoing to use only port 587
« on: April 24, 2012, 03:54:29 pm »
Dear Christian,
Thanks for the help, i have call and fight on the phone with the ISP, now they ask me to wait as they said they would setup the reverse DNS for us.
This afternoon the mails start to flow, i still see the error for certificate but all mails got trough, i check the reverse DNS is not yet setup, even the blacklist is still there because the requirement is to have the reverse DNS setup properly. I do not know how, but for the time being mail is working again .. i will follow ISP for the reverse DNS.
after it setup, i will try to figure it to macth the smtp banner, i will update on this ..
Thanks n Regards
Thanks for the help, i have call and fight on the phone with the ISP, now they ask me to wait as they said they would setup the reverse DNS for us.
This afternoon the mails start to flow, i still see the error for certificate but all mails got trough, i check the reverse DNS is not yet setup, even the blacklist is still there because the requirement is to have the reverse DNS setup properly. I do not know how, but for the time being mail is working again .. i will follow ISP for the reverse DNS.
after it setup, i will try to figure it to macth the smtp banner, i will update on this ..
Thanks n Regards
14
Installation and Upgrades / Re: how to enable outgoing to use only port 587
« on: April 23, 2012, 11:17:00 pm »
Dear Christian,
do you know how to set reverse DNS to match smtp banner?
is it setting on postfix for the smtp banner?
Regards
do you know how to set reverse DNS to match smtp banner?
is it setting on postfix for the smtp banner?
Regards
15
Installation and Upgrades / Re: how to enable outgoing to use only port 587
« on: April 23, 2012, 09:33:21 pm »
Dear Christian,
- 111.94.127.137 is the IP when i try to send the email trough thunderbird client outside, i was out of the office that time. The real IP for mail.welldone-communications.com is 118.96.95.99,
- i will check about this spammer issues. I have this issue before right after installation, and already got it solve by asking new IP to ISP, but seems the new one 118.96.95.99 is also having problem now. My bad i did not regulary check the spamlist.
- but as for the outside IP, 111.94.137.137, or other IP that unfortunately listed on spamlist, when it send mail trough authentication 465 or 587 STARTTLS in our zentyal mail, 118.96.95.99, is still got bounced ?
i was at public place that time, so it is the public IP, i notice and take a note about the IP before sending it, but what about our client connections connecting from outside the office?
i will test sending when i got in the office tomorrow.
so it doesńt have any relation with certificate i supposed?
i will inform the result regarding the spam...
regards
- 111.94.127.137 is the IP when i try to send the email trough thunderbird client outside, i was out of the office that time. The real IP for mail.welldone-communications.com is 118.96.95.99,
- i will check about this spammer issues. I have this issue before right after installation, and already got it solve by asking new IP to ISP, but seems the new one 118.96.95.99 is also having problem now. My bad i did not regulary check the spamlist.
- but as for the outside IP, 111.94.137.137, or other IP that unfortunately listed on spamlist, when it send mail trough authentication 465 or 587 STARTTLS in our zentyal mail, 118.96.95.99, is still got bounced ?
i was at public place that time, so it is the public IP, i notice and take a note about the IP before sending it, but what about our client connections connecting from outside the office?
i will test sending when i got in the office tomorrow.
so it doesńt have any relation with certificate i supposed?
i will inform the result regarding the spam...
regards