#1 (permalink)  
Old 07-01-2009, 05:00 PM
Registered User
 
Join Date: Jul 2009
Posts: 12
Dodi300 is on a distinguished road
Turn on SMTP Authentication

Hello. I cannot send emails from my server to Hotmail.
I get this error:

Quote:
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

****-****@hotmail.co.uk
SMTP error from remote mail server after MAIL FROM:<******@*****.com>
SIZE=1832:
host mx1.hotmail.com [65.55.37.104]: 550 DY-001 Mail rejected by Windows Live
Hotmail for policy reasons. We generally do not accept email from dynamic IP's
as they are not typically used to deliver unauthenticated SMTP e-mail to an
Internet mail server. The Spamhaus Project maintains lists of dynamic and
residential IP addresses. If you are not an email/network admin please contact
your E-mail/Internet Service Provider for help. Email/network admins, please
visit MSN Postmaster for email delivery information and support
I went to the address in the email, The Spamhaus Project, and I'm listed on the Policy Block List (PBL).
It says I simply need to turn on "SMTP Authentication".

Does anyone know how to do this in Cpanel?
Thanks for the help!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 07-01-2009, 05:08 PM
cPanelDavidG's Avatar
cPanel Technical Sales
 
Join Date: Nov 2006
Location: Houston, TX
Posts: 8,033
cPanelDavidG is on a distinguished road
Quote:
Originally Posted by Dodi300 View Post
Hello. I cannot send emails from my server to Hotmail.
I get this error:



I went to the address in the email, The Spamhaus Project, and I'm listed on the Policy Block List (PBL).
It says I simply need to turn on "SMTP Authentication".

Does anyone know how to do this in Cpanel?
Thanks for the help!
By default, cPanel/WHM will allow those who have authenticated successfully via POP3 within the past 30 to login to send mail via SMTP without authentication (since they already authenticated via POP3).

To disable this behavior and thus force all your customers to use SMTP authentication, run the following command as root via SSH:

Code:
/usr/local/cpanel/bin/tailwatchd --disable=Cpanel::TailWatch::Antirelayd
__________________
Need technical assistance? You can find your best avenue for support at: http://support.cPanel.net
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 07-01-2009, 10:44 PM
cPanelEricE's Avatar
cPanel Staff (Administrator)
 
Join Date: Nov 2007
Location: Texas
Posts: 186
cPanelEricE is on a distinguished road
If you're still having trouble after doing what Dave suggested send me your IP in a PM. I used to do a lot of work with spam and antispam stuff including the PBL list over at spamhaus. You could be listed for a number of other reasons.

Thanks!
__________________
--Eric(E)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 07-02-2009, 09:29 AM
Registered User
 
Join Date: Jul 2009
Posts: 12
Dodi300 is on a distinguished road
Thanks for the help.
It didnt work though, and now I cant send any emails

Do you know how I can re-enable it?
I'll send you a PM cpanelerice.

Thanks!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 07-02-2009, 10:33 AM
cpanelchrish's Avatar
Registered User
 
Join Date: Jun 2009
Posts: 24
cpanelchrish is on a distinguished road
The esmtp auth piece on the Spamhaus site is mentioned for those needing to route outbound mail through their ISP's SMTP server

Forcing your clients to auth to use your smtp server won't do heaps - the hotmail systems are going to have zero real visibility into whether or not your users have authenticated to a system which it (hotmail) has no control over (headers are easily forged, so this is not an adequate indicator).

Regarding the PBL inclusion, flat-out they believe your IP address to be dynamic/residential.

This leaves you with two options:

-if you aren't on dynamic/residential address space, it'd be worthwhile engaging Spamhaus and seeing if they can correct their records

-if you are on such address space, you're pretty much limited to routing outbound email through a smarthost; if nothing else, on a case by case basis, though I would wager given the popularity of Spamhaus ZEN, you'll see this same issue with a fair number of other sites.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 07-02-2009, 12:22 PM
Infopro's Avatar
Forum Moderator
 
Join Date: May 2003
Location: Pennsylvania
Posts: 3,762
Infopro is on a distinguished road
Lightbulb

Quote:
Originally Posted by Dodi300 View Post
Hello. I cannot send emails from my server to Hotmail.
I get this error:



I went to the address in the email, The Spamhaus Project, and I'm listed on the Policy Block List (PBL).
It says I simply need to turn on "SMTP Authentication".

Does anyone know how to do this in Cpanel?
Thanks for the help!
Your IP is listed or your server's IP is listed? If it's your server IP that's listed, you can't run cPanel on a dynamic IP.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 07-02-2009, 12:51 PM
Registered User
 
Join Date: Jul 2009
Posts: 12
Dodi300 is on a distinguished road
My IP is not dynamic.

Still can't get emails to send.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 07-02-2009, 12:55 PM
cPanelEricE's Avatar
cPanel Staff (Administrator)
 
Join Date: Nov 2007
Location: Texas
Posts: 186
cPanelEricE is on a distinguished road
Howdy,

You're really going to need to contact spamhaus or get your ISP to do so on your behalf. The block they have in place is pretty broad need to be rechecked.

Thanks!
__________________
--Eric(E)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 07-02-2009, 01:27 PM
Registered User
 
Join Date: Jul 2009
Posts: 12
Dodi300 is on a distinguished road
Ok, Will do.
I've started a Support Ticket, like you said.

Thanks for the help.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 07-04-2009, 01:19 PM
Registered User
 
Join Date: Sep 2007
Posts: 69
blargman is on a distinguished road
If the ISP has the policy of putting their ip's in the PBL. There's pretty much nothing that can be done except for forging the Received From: headers yourself. Otherwise they need to use the ISP's outbound servers. That's my idea of the matter anyway. Though I thought this was just for unauthenticated mail, I'm seeing an issue of it myself currently with authenticated mail. :\ It's showing ESMTPA in the header yet SpamHaus is still blocking it.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #11 (permalink)  
Old 07-06-2009, 02:59 AM
Registered User
 
Join Date: Jul 2009
Posts: 12
Dodi300 is on a distinguished road
Hey,
The Cpanel support team fixed all the errors on my server and I've contacted SpamHaus and they have removed my IP.
So now I can send/receive emails to Hotmail accounts!

Thanks everyone for the help.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #12 (permalink)  
Old 07-06-2009, 07:49 AM
cPanelEricE's Avatar
cPanel Staff (Administrator)
 
Join Date: Nov 2007
Location: Texas
Posts: 186
cPanelEricE is on a distinguished road
Yea, a happy ending
__________________
--Eric(E)
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #13 (permalink)  
Old 07-06-2009, 09:12 AM
cpanelchrish's Avatar
Registered User
 
Join Date: Jun 2009
Posts: 24
cpanelchrish is on a distinguished road
Quote:
Originally Posted by blargman View Post
If the ISP has the policy of putting their ip's in the PBL. There's pretty much nothing that can be done except for forging the Received From: headers yourself. Otherwise they need to use the ISP's outbound servers. That's my idea of the matter anyway. Though I thought this was just for unauthenticated mail, I'm seeing an issue of it myself currently with authenticated mail. :\ It's showing ESMTPA in the header yet SpamHaus is still blocking it.
Something to watch out for regarding this, it'll depend upon how the remote MTA is evaluating the RBL

If they're checking the connecting IP, even mangling/rewriting the Received header won't do the trick - the connecting IP will still be exposed, queried, and buggered. The headers won't be visible until the DATA command is sent, acknowledged, etc.

The other thing to point out, is the "Received" header that the remote MTA creates is one you'll have no control over - and is the one most likely to contain your IP. So to that end, you'd be somewhat stuck.

Generally RBL providers (among others) will recommend that with lists such as the PBL, you query *only* the connecting IP against the blacklist - reason being, it is perfectly legitimate for a host on a dynamic IP to connect to their ISP's SMTP server and send away; in fact, this is what Spamhaus recommends if you're listed on the PBL (assuming the listing isn't in error). If you do deep header parsing, and query every IP found against an RBL (such as Spamhaus PBL) which is intended solely to restrict what IP's are allowed to connect directly, you end up with a considerable amount of what are by most accounts false positives.

Similar logic applies for those using the ZEN aggregate zone - if you utilize ZEN, and do deep header parsing (a practice which is generally not recommended) for RBL checks, the return code should be evaluated beyond the topmost (or most recent, rather) header and only trigger policy if found in SBL-XBL, but not PBL. A listing on SBL-XBL 2 or 3 layers deep is cause for suspicion. A listing on PBL 2 or 3 layers deep is not.

At any rate, rather than continuing on this tangent....headers are very, very easily forged, and no *single* header is a reliable indicator of spam. Tis usually best to consider the makeup of the header, or extract specific tokens that are common to mail sent from botnets.

Hope this helps someone, and doesn't bore everyone to sleep
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #14 (permalink)  
Old 07-17-2009, 10:13 AM
Registered User
 
Join Date: Sep 2007
Posts: 69
blargman is on a distinguished road
cpanelchrish. That's the odd part. I've been seeing a lot of MTA's like comcast parsing received headers. ie the original connecting ip to the cpanel server and then blocking based on that. When it is the cpanel server connecting to comcast?! Very strange.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

Tags
antispam , pbl , ptr , rdns , spam , spamhaus

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
SMTP Authentication larryl cPanel and WHM Discussions 1 03-19-2007 01:31 PM
Changes to SMTP Authentication bvanderw cPanel and WHM Discussions 4 11-07-2006 10:25 AM
Turn off SMTP Auth Selectively BWS cPanel and WHM Discussions 4 06-22-2006 03:34 PM
Turn off authentication for webmail falmon cPanel and WHM Discussions 3 07-26-2005 11:58 AM
Can you use cookie authentication without having to turn off http authentication? bjdea1 cPanel and WHM Discussions 0 12-10-2004 08:20 AM


All times are GMT -5. The time now is 11:12 AM.


Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
© cPanel Inc