Email be rejected a spam question

CraftyPanda

Well-Known Member
Nov 15, 2012
88
2
58
cPanel Access Level
Root Administrator
Hi guys,

Someone is trying to email a client on our server and it being rejected as spam by the server. Looking on mail delivery reports in WHM and no entries appear at all, but looking through exims logs and they are there.

Now the only IP address on a blacklist appears to be a broadband connection IP thats in the middle of the log. Would someone be kind enough to explain to me if and how its possible this could be causing the rejection. Im thinking they are trying to send email from home perhaps through a works exchange server??
Code:
2014-11-13 09:07:26 1XoqNA-001sZ9-EQ H=relay.mail-info.co.uk [144.76.217.16]:60740 Warning: "SpamAssassin as rhujhnbg detected message as NOT spam (4.3)"
2014-11-13 09:07:26 1XoqNA-001sZ9-EQ H=relay.mail-info.co.uk [144.76.217.16]:60740 Warning: Message has been scanned: no virus or other harmful content was found
2014-11-13 09:07:26 1XoqNA-001sZ9-EQ H=relay.mail-info.co.uk [144.76.217.16]:60740 F=<[email protected]> rejected after DATA: "The mail server detected your message as spam and has prevented delivery (40)."
2014-11-13 09:07:26 SMTP connection from relay.mail-info.co.uk [144.76.217.16]:60740 closed by QUIT
2014-11-13 09:07:32 SMTP connection from [144.76.217.16]:60748 (TCP/IP connection count = 1)
2014-11-13 09:07:33 SMTP connection from [68.213.80.77]:49958 (TCP/IP connection count = 2)
2014-11-13 09:07:34 1XoqNI-001sZM-LJ H=relay.mail-info.co.uk [144.76.217.16]:60748 Warning: "SpamAssassin as rhujhnbg detected message as NOT spam (4.3)"
2014-11-13 09:07:34 1XoqNI-001sZM-LJ H=relay.mail-info.co.uk [144.76.217.16]:60748 Warning: Message has been scanned: no virus or other harmful content was found
2014-11-13 09:07:34 1XoqNI-001sZM-LJ H=relay.mail-info.co.uk [144.76.217.16]:60748 F=<[email protected]> rejected after DATA: "The mail server detected your message as spam and has prevented delivery (40)."
2014-11-13 09:07:34 SMTP connection from relay.mail-info.co.uk [144.76.217.16]:60748 closed by QUIT
2014-11-13 09:07:36 dovecot_login authenticator failed for adsl-068-213-080-077.sip.sdf.bellsouth.net (ylmf-pc) [68.213.80.77]:49958: 535 Incorrect authentication data ([email protected])
2014-11-13 09:07:36 SMTP connection from adsl-068-213-080-077.sip.sdf.bellsouth.net (ylmf-pc) [68.213.80.77]:49958 lost
2014-11-13 09:07:53 SMTP connection from [68.213.80.77]:51431 (TCP/IP connection count = 1)
2014-11-13 09:07:56 dovecot_login authenticator failed for adsl-068-213-080-077.sip.sdf.bellsouth.net (ylmf-pc) [68.213.80.77]:51431: 535 Incorrect authentication data ([email protected])
2014-11-13 09:07:56 SMTP connection from adsl-068-213-080-077.sip.sdf.bellsouth.net (ylmf-pc) [68.213.80.77]:51431 lost
2014-11-13 09:07:56 SMTP connection from [185.38.248.39]:51873 (TCP/IP connection count = 1)
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello :)

To clarify, which blacklist is that IP address on? Is it the IP address referenced with the "rejected after DATA" message? Does the delivery succeed after removing the IP from the blacklist?

Thank you.