EXIM issue: Administrative prohibition: How to diagnose and resolve

Operating System & Version
CentOS
cPanel & WHM Version
102.18

martin MHC

Well-Known Member
Sep 14, 2016
257
59
78
UK
cPanel Access Level
Root Administrator
I have legitimate emails being refused by the server and feeding back to the sender:


550 Administrative prohibition (in reply to end of DATA command)


And checking exim rejectlog it doesn't give any indication as to why the mail is being refused.
I have reset Exim on the server (version 4.95) and this persists.

For what its worth, The mail server passes all tests set by MXToolBox.

The sending email also passes the MXToolBox and has previously always delivered emails (like, a day ago).

The sending IP is not in a spamlisting.

I have looked up the exim rejectlog but nothing seems to stand out as to why this is rejecting. I have that at the bottom of this message.

How can I as server admin resolve what's going on here?

=====================================================
exim_rejectlog entry:
(names and references have been substituted)
=====================================================

2022-06-18 13:11:56 1o2XIy-0006xE-9i H=brodie.folleszet.co.uk (motalzet.co.uk) [177.168.231.187]:44735 X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=no rejected DKIM
Envelope-from: <[email protected]>
Envelope-to: <[email protected]>
P Received: from brodie.folleszet.co.uk ([177.168.231.187]:44735 helo=motalzet.co.uk)
by basic.mhccoreone.co.uk with esmtps (TLS1.2) tls TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
(Exim 4.95)
(envelope-from <[email protected]>)
id 1o2XIy-0006xE-9i
for [email protected];
Sat, 18 Jun 2022 13:11:56 +0100
P Received: from brodie.folleszet.co.uk (localhost.localdomain [127.0.0.1])
by brodie.folleszet.co.uk (Postfix) with ESMTP id 347835925
for <[email protected]>; Sat, 18 Jun 2022 12:11:51 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=motalzet.co.uk;
s=default; t=1655554311;
bh=m5kPUhEoWQHJM41bB3gmXafz/mbLHch5mveKvjwiXlg=;
h=Received:Received:To:From:Subject;
b=MZ0D7SNaEA1j1o0DlsaPw4ECJuR7/64TjaLQemEhNQoSIhzkwYaRJvJ5qlafa06bx
+jQyNQTpg1AmleuOC9rsm+NHQ78LNjaGaNtBLgaI59PHNZ5pRTDPQw8R2+dU7mHoaN
lT+hlY6DfBmJ34MW9iPNjW7wzy/xYHybDit4+Yfc=
Authentication-Results: brodie.folleszet.co.uk;
spf=pass (sender IP is 127.0.0.1) smtp.mailfrom=[email protected] smtp.helo=brodie.folleszet.co.uk
Received-SPF: pass (brodie.folleszet.co.uk: localhost is always allowed.) client-ip=127.0.0.1; envelope-from=[email protected]; helo=brodie.folleszet.co.uk;
X-Spam-Flag: NO
X-Spam-Score: -3.111
X-Spam-Level:
X-Spam-Status: No, score=-3.111 tagged_above=-9999 required=3
tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01]
autolearn=ham autolearn_force=no
Authentication-Results: brodie.folleszet.co.uk (amavisd-new);
dkim=pass (1024-bit key) header.d=motalzet.co.uk
P Received: from brodie.folleszet.co.uk ([127.0.0.1])
by brodie.folleszet.co.uk (brodie.folleszet.co.uk [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id hxqovkxV0wa0 for <[email protected]>;
Sat, 18 Jun 2022 12:11:47 +0000 (UTC)
P Received: from [192.168.1.14] (host-221-159-185-55.static.as13285.net [221.159.185.55])
by brodie.folleszet.co.uk (Postfix) with ESMTPSA id C20E058EF
for <[email protected]>; Sat, 18 Jun 2022 12:11:46 +0000 (UTC)
Received-SPF: pass (brodie.folleszet.co.uk: connection is authenticated)
T To: Receiver Person <[email protected]>
F From: Martin <[email protected]>
Subject: Email tester check
I Message-ID: <[email protected]>
Date: Sat, 18 Jun 2022 13:11:46 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101
Thunderbird/68.12.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Language: en-GB
X-PPP-Message-ID: <[email protected]>
X-PPP-Vhost: motalzet.co.uk
 
Last edited by a moderator:

martin MHC

Well-Known Member
Sep 14, 2016
257
59
78
UK
cPanel Access Level
Root Administrator
Hey there! When we've run into similar issues in the past, there has been some type of Exim customization that was the root cause of the error. Can you backup the Exim configuration and reset to default and see if the problem still occurs?

Is there no mechanism for finding out error feedback without resetting and hoping?

I have reset exim and had to spend a long time individually updating each customisation setting to steam out the issue.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
10,360
1,628
363
cPanel Access Level
Root Administrator
Instead of manually checking the configuration, you could do do this first:

cp /etc/exim.conf /etc/exim.conf.original

Then perform your backup and reset to default, which will create a new Exim configuration file. Then you can do this to see any differences between the files:

sdiff -s /etc/exim.conf.original /etc/exim.conf

That's a quick way to compare all the changes made to help isolate the issue.

You're also always welcome to submit a ticket to our team and we can see if there is something else to be found on the system.
 
  • Like
Reactions: martin MHC

martin MHC

Well-Known Member
Sep 14, 2016
257
59
78
UK
cPanel Access Level
Root Administrator
Instead of manually checking the configuration, you could do do this first:

cp /etc/exim.conf /etc/exim.conf.original

Then perform your backup and reset to default, which will create a new Exim configuration file. Then you can do this to see any differences between the files:

sdiff -s /etc/exim.conf.original /etc/exim.conf

That's a quick way to compare all the changes made to help isolate the issue.

You're also always welcome to submit a ticket to our team and we can see if there is something else to be found on the system.
Thanks Rex, that is a useful nugget of info to know for next time.

I had raised a ticket but it didn't really get very far and as mentioned I had manually resolved the issue

Cheers
 
  • Like
Reactions: cPRex