inbound mail : " no MAIL in SMTP connection from..." after "SMTP connection from..."

Markif

Well-Known Member
Nov 9, 2016
55
7
133
Toulouse
cPanel Access Level
Root Administrator
Have an external domain that is supposed to send inbound mail to our server,
but the maillog always give
Code:
Dec 15 21:28:24 **** exim[1112302]: 2021-12-15 21:28:24.810 [1112302] SMTP connection from host.domain.tld [REMOTE_SERVER_IP]:3472 I=[HOST_IP]:25 lost D=10s
Dec 15 21:28:24 **** exim[1112302]: 2021-12-15 21:28:24.810 [1112302] no MAIL in SMTP connection from host.domain.tld [REMOTE_SERVER_IP]:3472 I=[HOST_IP]:25 D=10s
and this is continuously repeating
The IP from the REMOTE_SERVER_IP is not blocked in the firewall, and is even in the csf.ignore list.
Has someone an idea where to search to solve this ?
Thanks !
 

Markif

Well-Known Member
Nov 9, 2016
55
7
133
Toulouse
cPanel Access Level
Root Administrator
Hello ! The server is accepting mail from other external host, only this one "REMOTE-MAIL-HOST" gives this messages

Code:
Dec 16 23:28:15 <OUR-HOSTNAME> exim[2376085]: 2021-12-16 23:28:15.661 [2376085] SMTP connection from <REMOTE-MAIL-HOST> [***.***.***.***]:20911 I=[<OUR-DOMAIN>]:25 lost D=10s
Dec 16 23:28:15 <OUR-HOSTNAME> exim[2376085]: 2021-12-16 23:28:15.661 [2376085] no MAIL in SMTP connection from <REMOTE-MAIL-HOST> [***.***.***.***]:20911 I=[<OUR-DOMAIN>]:25 D=10s
The <REMOTE-MAIL-HOST> try's again every 10 minutes, but with no luck.
And endusers that are supposed to get some transactional mail from that MAIL-HOST do not receive there mail.

The # traceroute seems to stop on an amazon-ip in Ireland.
Code:
# traceroute <REMOTE-MAIL-HOST>
traceroute to <REMOTE-MAIL-HOST> (***.***.***.***), 30 hops max, 60 byte packets
 1  ***.***.***.*** (***.***.***.***)  0.419 ms  0.586 ms  0.794 ms
 2  ***.***.***.*** (***.***.***.***)  0.448 ms  0.671 ms 51.158.1.2 (51.158.1.2)  0.511 ms
 3  ***.***.***.*** (***.***.***.***)  0.771 ms 51.158.8.66 (51.158.8.66)  0.512 ms 51.158.8.60 (51.158.8.60)  0.650 ms
 4  amazon-th2.********* (37.49.236.118)  0.733 ms  0.761 ms  0.785 ms
 5  ***.***.***.*** (***.***.***.***)  1.107 ms  1.134 ms 52.46.95.108 (52.46.95.108)  0.958 ms
 6  <AMAZON-IP> (<AMAZON-IP>)  0.702 ms ***.***.***.*** (***.***.***.***)  0.670 ms 52.93.16.33 (52.93.16.33)  1.086 ms
 7  * * *
The # dig +short based on the own cpanel server gives the same results as when forcint @8.8.8.8 or @1.1.1.1

An # nmap -v <REMOTE-MAIL-HOST> results in "Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn"
An # nmap -v -Pn <REMOTE-MAIL-HOST> gives "Host is up. (..) All 1000 scanned ports on <REMOTE-MAIL-HOST> (***.***.***.***) are filtered" witch can be normal for an outgoing mail relay

The "no MAIL in SMTP connection" seems to be logged also for other domains, even for cpanel own tests from localhost
Code:
Dec 17 00:57:26 <OWN-HOST> exim[2922027]: 2021-12-17 00:57:26.771 [2922027] no MAIL in SMTP connection from (localhost) [127.0.0.1]:41232 I=[127.0.0.1]:25 D=0.008s A=dovecot_plain:__cpanel__service__auth__exim__tnsc_fgw_vs4mw3eodvm7varev******************lw0qwa0c1cdflm0j8 C=EHLO,AUTH,QUIT
And also from know internet-services as uptimerobot.com
Code:
Dec 17 00:48:29 <OWN-HOST> exim[2871985]: 2021-12-17 00:48:29.929 [2871985] no MAIL in SMTP connection from engine**.uptimerobot.com [***.***.***.***]:59516 I=[163.172.205.216]:587 D=0.649s
witch *does* ping

I have changed some settings to see if this has effects :
- Require HELO before MAIL : set to OFF
- Added IF of the REMOTE-MAIL-HOST to "Only-verify-recipient" list
- Added IF of the REMOTE-MAIL-HOST to "Sender verification bypass IP addresses"
- Added reverse DNS of IP to " Backup MX hosts"
for a <REMOTE-MAIL-HOST> as engine**.uptimerobot.com it makes no difference ...

Thanks for advice.
 

Markif

Well-Known Member
Nov 9, 2016
55
7
133
Toulouse
cPanel Access Level
Root Administrator
To update : the last actions have solved the problem for the host REMOTE_MAIL_HOST, but don't know if it is recommended.
Code:
Require HELO before MAIL : set to OFF
- Added IF of the REMOTE-MAIL-HOST to "Only-verify-recipient" list
- Added IF of the REMOTE-MAIL-HOST to "Sender verification bypass IP addresses"
- Added reverse DNS of IP to " Backup MX hosts"
for a <REMOTE-MAIL-HOST>