Email delivery problem [details inside]

iSumitG

Member
Apr 15, 2012
11
0
51
cPanel Access Level
Root Administrator
I am having WHM + cPanel on my CentOS server. Emails from my domain (which is on dedicated ip) are taking hours for delivery. Some even not being delivered. Could anyone suggest the possible problem and the checks that I should perform?

I sent one email to my personal gmail id. It came to Gmail 6 hours after it was sent (showing in gmail that it was sent 6 hours ago).


Please help.
 

mtindor

Well-Known Member
Sep 14, 2004
1,370
65
178
inside a catfish
cPanel Access Level
Root Administrator
You call those details? There's nothing to go on.

grep '[email protected]' /var/log/exim_mainlog | more

Scroll through and find the instances where you sent an email to your Gmail account. You'll then see a message ID similar to this: 1SO2zw-0004Ui-5s [just an example]

Then:

grep <message ID> /var/log/exim_mainlog
[ ex: grep '1SO2zw-0004Ui-5s' /var/log/exim_mainlog ]

You should be able to tell why that particular email was delayed. You'll want to look specifically for the message that you sent to Gmail which arrived 6 hours later. In your Gmail account, if you 'View Original' you will be able to see the message ID that exim gave to the message. Then you could just go back in and do a 'grep <message_id> /var/log/exim_mainlog' . That would probably be easier.

Mike
 

iSumitG

Member
Apr 15, 2012
11
0
51
cPanel Access Level
Root Administrator
Sorry I didn't have much technical knowledge.

I tried checking with the ID and log. Here's the output. (Some xx's -- just for the privacy.)

Looking at the time-stamps. I don't think there is any problem. The whole process completed within seconds. Right?
Are you able to identify any problems here? Please advice. Thank you.

[email protected] [/home/webmanager]# grep '1SO6wr-000xxx-xx' /var/log/exim_mainlog
2012-04-28 18:10:01 1SO6wr-000xxx-xx <= [email protected] H=localhost (ip-182-xx-xxx-xx.ip.secureserver.net) [127.0.0.1]:36103 P=esmtpa A=dovecot_login:[email protected] S=1174 [email protected] T="Test" for [email protected]
2012-04-28 18:10:01 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1SO6wr-000xxx-xx
2012-04-28 18:10:01 1SO6wr-000xxx-xx => [email protected] R=send_to_smart_host T=remote_smtp H=sg2nlvphout-v01.shr.prod.sin2.secureserver.net [182.xx.xxx.xxx]
2012-04-28 18:10:01 1SO6wr-000xxx-xx Completed


You call those details? There's nothing to go on.

grep '[email protected]' /var/log/exim_mainlog | more

Scroll through and find the instances where you sent an email to your Gmail account. You'll then see a message ID similar to this: 1SO2zw-0004Ui-5s [just an example]

Then:

grep <message ID> /var/log/exim_mainlog
[ ex: grep '1SO2zw-0004Ui-5s' /var/log/exim_mainlog ]

You should be able to tell why that particular email was delayed. You'll want to look specifically for the message that you sent to Gmail which arrived 6 hours later. In your Gmail account, if you 'View Original' you will be able to see the message ID that exim gave to the message. Then you could just go back in and do a 'grep <message_id> /var/log/exim_mainlog' . That would probably be easier.

Mike
 
Last edited:

mtindor

Well-Known Member
Sep 14, 2004
1,370
65
178
inside a catfish
cPanel Access Level
Root Administrator
2012-04-28 18:10:01 1SO6wr-000xxx-xx <= [email protected] H=localhost (ip-182-xx-xxx-xx.ip.secureserver.net) [127.0.0.1]:36103 P=esmtpa A=dovecot_login:[email protected] S=1174 [email protected] T="Test" for [email protected]
2012-04-28 18:10:01 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1SO6wr-000xxx-xx
2012-04-28 18:10:01 1SO6wr-000xxx-xx => [email protected] R=send_to_smart_host T=remote_smtp H=sg2nlvphout-v01.shr.prod.sin2.secureserver.net [182.xx.xxx.xxx]
2012-04-28 18:10:01 1SO6wr-000xxx-xx Completed
It looks like when you send a piece of mail outbound, from your server, to a remote location [or at least to Gmail], instead of your server contacting the Gmail mail exchanger directly, your server is forwarding that outbound mail to another secureserver.net mailserver for for outbound relaying to the destination.

[email protected] --> [email protected]
- this mail should go direct from your server to a Gmail mail exchanger
- this is not the case though

Instead it's going from your server --> some intermediate secureserver.net mailserver --> Gmail mail exchanger

Are you purposefully forwarding your outbound mail through a secureserver mailserver? If so, that's probably why you are getting such delays.

Mike
 

iSumitG

Member
Apr 15, 2012
11
0
51
cPanel Access Level
Root Administrator
Thanks Mike for your reply.

I am having my server hosted on GoDaddy.com. I think the email first goes to their server then to Gmail. Not sure though.
After seeing my previous reply, do you think that there is any problem at my end?
I am asking because I am not sure if GoDaddy email servers are down. I have created a support ticket for the same, though.

Are you able to identify if email went from my server within proper timings?

ip-182-xx-xxx-xx.ip.secureserver.net is hostname of my server. Checked on my account settings on GoDaddy and found that SMTP service is sg2nlvphout-v01.shr.prod.sin2.secureserver.net

Thanks again.

It looks like when you send a piece of mail outbound, from your server, to a remote location [or at least to Gmail], instead of your server contacting the Gmail mail exchanger directly, your server is forwarding that outbound mail to another secureserver.net mailserver for for outbound relaying to the destination.

[email protected] --> [email protected]
- this mail should go direct from your server to a Gmail mail exchanger
- this is not the case though

Instead it's going from your server --> some intermediate secureserver.net mailserver --> Gmail mail exchanger

Are you purposefully forwarding your outbound mail through a secureserver mailserver? If so, that's probably why you are getting such delays.

Mike
 
Last edited:

mtindor

Well-Known Member
Sep 14, 2004
1,370
65
178
inside a catfish
cPanel Access Level
Root Administrator
Ok, either you set up your server to use sg2nlvphout-v01.shr.prod.sin2.secureserver.net as your smarthost for outbound delivery, or GoDaddy had made that configuration all on their own [either as a requirement or as a default].

Perhaps GoDaddy forces their colos to use GoDaddy smarthosts in an effort to stop spam eminating directly from Godaddy customer servers? Or perhaps they just set that up as a default. Or perhaps they do that because certain IPs that they may give their customers might be on DNS blacklists.

I have no way of knowing why it is configured as it is. You could try to configure your cPanel server to _not_ use the Godaddy server as a smarthost.

If you have root on your server, you can check to see if your server is able to send direct to Gmail. An example of how to do this is below -- and would require you to have SSH acess to your server.

# dig gmail.com mx
gmail.com. 559 IN MX 10 alt1.gmail-smtp-in.l.google.com.
gmail.com. 559 IN MX 20 alt2.gmail-smtp-in.l.google.com.
gmail.com. 559 IN MX 30 alt3.gmail-smtp-in.l.google.com.
gmail.com. 559 IN MX 40 alt4.gmail-smtp-in.l.google.com.

telnet alt1.gmail-smtp-in.l.google.com 25
Trying 173.194.76.27...
Connected to alt1.gmail-smtp-in.l.google.com (173.194.76.27).
Escape character is '^]'.
220 mx.google.com ESMTP eg2si3409681qab.17

If you don't get the 220 banner when you try to telnet out, then GoDaddy may be blocking the ability of your server to send outbound SMTP directly [and if so, this would be why they have your outbound mail forwarding through their smarthost].

Unfortunately, if GoDaddy is requiring you to use their mailservers as smarthosts for sending your outbound mail, any delay you have because of this just something you'd have to deal with. Otherwise, if you'are able to connect to outbound SMTp servers directly and your server IP is _not_ on a blacklist, then you might want to configure your server to _not_ use any smarthost [which would allow it to send outbound mail directly to the recipient domain's mail exchangers].

You definitely should open up a ticket with GoDaddy and ask them why things are configured as they are, and if they require you to use their servers as smarthosts instead of sending outbound mail directly to the recipient domain mail exchangers.

RE: proper timings

If you know that you sent the test email message to your Gmail account at/about 2012-04-28 18:10:01, then yes your server delivered the mail in a timely fashion to the GoDaddy smarthost -- which would then mean that the GoDaddy smarthost is responsible for the delayed delivery of your outbound mail to your Gmail account.

Mike
 

Mike_GoDaddy

Member
Apr 29, 2012
5
0
51
Scottsdale, AZ
cPanel Access Level
Root Administrator
Go Daddy blocks port 25 connections and you must use the Smarthost to send emails. If you are still having issues with sending email using the relay server I recommend that you contact Go Daddy support. You can contact support via Live Chat 24 hours a day.

Launch a Live Chat Session

Log in to your Account Manager.
Click Servers.
Next to the server you want to use, click Launch.
Click Live Chat.
 

nightfall_sg

Active Member
Apr 15, 2004
39
0
156
cPanel Access Level
Root Administrator
Hi mtindor,

I have a simliar situation and it is clear that the delay is on my end at the VPS. Could you tell from the log what could be the problem? Mail was generated by root on 29 Apr 18:34, completed only at 30 Apr 11:00.

Your assistance is greatly appreciated.

Regards


2012-04-29 18:34:04 1SORS8-0002Sw-Pf <= [email protected] U=root P=local S=1877 T="lfd: 173.23.165.194 (US/United States/173-23-165-194.client.mchsi.com) blocked for port scanning" for root

2012-04-30 11:00:00 cwd=/var/spool/MailScanner/incoming/9567 31 args: /usr/sbin/exim -C /etc/exim_outgoing.conf -Mc 1SORS8-0002Sw-Pf 1SOR28-0005hR-EW 1SOCqQ-0003UV-6T 1SOQ91-0004fd-UY 1SOPnk-0006ts-5q 1SOPkz-0000zh-3x 1SOQcJ-0002Xb-5a 1SOQ1u-0002Qb-0z 1SORTE-0003cL-CH 1SOQ2e-0005G1-Sw 1SOPnA-0006O0-WB 1SOPkD-0007Eb-6b 1SOPga-0000QY-P0 1SORWf-0005lQ-9r 1SOR7p-00031X-JF 1SOQvT-0007LH-Ga 1SOQtf-0004kF-PB 1SOPvK-0004Eo-2Z 1SOQpz-0000rX-W3 1SOQ0s-00026p-Gz 1SORTd-0003h6-PN 1SOBVx-00048R-VX 1SOPlq-0003BC-UH 1SOQo5-0007N4-LC 1SOQXR-0005EA-G6 1SOQYG-0005md-DH 1SOPqt-0000uC-Ef

2012-04-30 11:00:01 1SORS8-0002Sw-Pf => [email protected] <[email protected]> R=lookuphost T=remote_smtp H=gmail-smtp-in.l.google.com [173.194.73.27] X=TLSv1:RC4-SHA:128

2012-04-30 11:00:01 1SORS8-0002Sw-Pf Completed
 

mtindor

Well-Known Member
Sep 14, 2004
1,370
65
178
inside a catfish
cPanel Access Level
Root Administrator
Sorry. I cannot help. I don't use Mailscanner. I don't know why there would have been such a delay.

The results you posted above, are they from grepping the message ID in /var/log/exim_mainlog?

ex: grep 1SORS8-0002Sw-Pf /var/log/exim_mainlog

Is that what you did? If not, you might find a little more information if you grep for the actual message id in exim_mainlog.

And I don't know if Mailscanner creates some other log that it writes information to when it processes mail or not.

Mike
 

nightfall_sg

Active Member
Apr 15, 2004
39
0
156
cPanel Access Level
Root Administrator
Hi Mike, I appreciate you for taking the time to reply.

Yes the results are from a grep and that is all there is to this message ID. Thanks for your time.
 

mtindor

Well-Known Member
Sep 14, 2004
1,370
65
178
inside a catfish
cPanel Access Level
Root Administrator
Like I said, I have never used mailscanner. But those LFD/CSF mails look pretty spammy to spam filters sometimes, even ones on a local server. Is there any chance that mailscanner has an outbound quarantine of some sort and that it got deposited in the quarantine until somebody forced the quarantine at 11:00 ?

Might be something to ask the mailscanner folks about. I suspect it may have something to do with mailscanner.

Mike