Exchange using Smarthost email marked as spam

Hmmcrunchy

Registered
May 9, 2018
4
0
1
Norwich
cPanel Access Level
Root Administrator
Hi There

We are having some issues with proofpoint spam, they are saying our setup isn't correct -

SETUP

- we have an on premises exchange server
- we have an email mailbox host who
scans it etc
and collects email in a mailbox
- popgrabber software gets the email from the mailbox at mailbox host and puts it into the exchange server for users
- exchange sends through a smart host send connector
- we can't send through mailbox host as smart host uses one email user ([email protected]) to authenticate so emails come out for [email protected] as "[email protected] on behalf of [email protected]"
- Due to this we setup a vps running cpanel as a relay
- we create in WHM a new account domainx.com and put in an email address [email protected]
- then we use the IP of the vps as the smart host and the email as authentication

PROBLEMS

- 1) we can send using "basic authentication" through one domain domainY.com fine, but when we use basic authentications on domainX.com it doesn't work and we have to specify a trusted IP for the client and use "none".

both domains have accounts on cpanel and email setup the same, would different versions of exchange do this or do we have to change something our end to enable this on both

- 2) we can send to anyone fine apart from proofpoint clients - we have been in touch and they say

You are sending large volume of messages from a generic rDNS record, you will need to identify yourselves properly in your rDNS PTR record before Proofpoint can mitigate the issue
is this due to the mail coming in to the mailbox host and going out from the VPS? we have spf records in our domains for the VPS IP and hostname

thanks in advance for any help
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,273
313
Houston
Hi @Hmmcrunchy


It looks like their complaint is the rDNS record:
You are sending large volume of messages from a generic rDNS record, you will need to identify yourselves properly in your rDNS PTR record before Proofpoint can mitigate the issue

- Do domainx and domainy both have the same IP address? If so do you have rDNS set up on this? You can check this by running something like:

Code:
host <IPAddressHere>
Where IPAddressHere is the IP of the domain/s
 

Hmmcrunchy

Registered
May 9, 2018
4
0
1
Norwich
cPanel Access Level
Root Administrator
HI Lauren

sorry for the delay - crazy week

we resolved the proofpoint issue, they were just blocking us then had to admit they had no evidence to do so, so let us through kindly (after 3 weeks)


re the authentication both domains come into same shared host ( different package in the shared mailbox host so could be different IPs) , then they both send out through the relay server

domains are from different on premises exchange servers so different originating IPs but going through same server.

I take it this setup isn't too bad with the trusted IPs

ideally though (please correct me if im wrong) ive always wanted to have authentication on the outgoing server, to stop rogue machines or clients on the network sending unauthorised spam without the login details, but since we control these networks is that not as much of a problem ?
 

Hmmcrunchy

Registered
May 9, 2018
4
0
1
Norwich
cPanel Access Level
Root Administrator
Hi Lauren

sure thing,

so we bring email down to our shared mailbox host who do all the spam and scanning then grab the emails from it and push them into our exchange server

since the exchange send connector sends from one address (eg [email protected]), we cant send everyones mail through the shared mailbox host or we get "on behalf of" on them all as dave would come out as "[email protected] on behalf of dave" - part of the policy on the shared mailbox host

so we have set up the relay server to send out.

ive setup the account on cpanel domain.com
then add in [email protected] email address with password to the account

then I set the send connector ( or my own software) to try to send through that email account and it fails, the only way ive found to allow it is to in the exim manager use "Bypass all SMTP sender verification checks (White List)" and add to the "Trusted SMTP IP addresses" to white list our IP to let the mail through ( assuming this then doesn't authenticate as any password will then work )
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,273
313
Houston
@Hmmcrunchy

the only way ive found to allow it is to in the exim manager use "Bypass all SMTP sender verification checks (White List)" and add to the "Trusted SMTP IP addresses" to white list our IP to let the mail through ( assuming this then doesn't authenticate as any password will then work )
Neither of those settings should allow for unauthenticated mail to be sent though. Could you open a ticket using the link in my signature so that we can take a closer look? Once it's opened please update this thread with the ticket ID.

Thanks!