The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED Incoming Emails bouncing (SPF) AND accepted

Discussion in 'E-mail Discussions' started by inspyre, Feb 8, 2017.

Tags:
  1. inspyre

    inspyre Member

    Joined:
    Jul 20, 2011
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    51
    An account on our server has had an issue over the last couple of days, where multiple incoming emails are both bouncing and being delivered. The problem isn't affecting all incoming emails, just a few each day, and I can't find any link between the senders. Different domains, different providers (some with Office 365, some with other providers).

    Even though the emails are only being sent once, there are two entries in the 'Email Trace' log. Here are the delivery details for one of these emails:
    Code:
    Event:    failure
    User:    xxx
    Domain:    xxx.co.nz
    Sender:    name@domain.co.nz
    Sent Time:    Feb 9, 2017 9:33:09 AM
    Sender Host:    mail-xxxx.outbound.protection.outlook.com
    Sender IP:    xxx.xx.xxx.x
    Authentication:    forwarder
    Spam Score:    0
    Recipient:    name@customer.co.nz
    Delivery User:    xxx
    Delivery Domain:    xxx.co.nz
    Delivered To:  
    Router:    lookuphost
    Transport:    remote_smtp
    Out Time:    Feb 9, 2017 9:37:09 AM
    ID:    1xxxxx-000xxx-ON
    Delivery Host:    mx.xtra.co.nz
    Delivery IP:    xxx.xx.xx.x
    Size:    577.23 KB
    Result:    DHE-RSA-AES256-GCM-SHA384:256 CV=yes DN="/C=NZ/ST=Auckland/L=Auckland/O=Spark New Zealand Limited/OU=Spark Connect/CN=mx.xtra.co.nz": SMTP error from remote mail server after end of data: 550 5.7.1 Message rejected due to SPF policy
    
    
    Event:    success
    User:    xxx
    Domain:    xxx.co.nz
    Sender:    name@domain.co.nz
    Sent Time:    Feb 9, 2017 9:33:09 AM
    Sender Host:    mail-xxxx.outbound.protection.outlook.com
    Sender IP:    xxx.xx.xxx.x
    Authentication:    forwarder
    Spam Score:    0
    Recipient:    name@customer.co.nz
    Delivery User:    xxx
    Delivery Domain:    xxx.co.nz
    Delivered To:    name@customer.co.nz
    Router:    virtual_user
    Transport:    dovecot_virtual_delivery
    Out Time:    Feb 9, 2017 9:33:09 AM
    ID:    1xxxxx-000xxx-ON
    Delivery Host:    localhost
    Delivery IP:    127.0.0.1
    Size:    577.23 KB
    Result:    Accepted
    
    There's nothing wrong with the SPF records for any of the incoming emails' domains. Has anyone seen this problem before?

    Thanks :)
     
    #1 inspyre, Feb 8, 2017
    Last edited by a moderator: Feb 9, 2017
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,404
    Likes Received:
    53
    Trophy Points:
    28
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,


    Connect/CN=mx.xtra.co.nz": SMTP error from remote mail server after end of data: 550 5.7.1 Message rejected due to SPF policy
    --> I am seeing the above line in the logs meaning they are rejected due to SPF policy..

    You can test your mail score by testing it . Send in a mail to email ID mention and get the full report Newsletters spam test by mail-tester.com
     
  3. inspyre

    inspyre Member

    Joined:
    Jul 20, 2011
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    51
    thanks for your response. as mentioned in my above message, the SPF records appear to be fine, and the issue is happening with multiple senders. also, mail is both being delivered and bounced, oddly
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you provide the output from /var/log/exim_mainlog for one of the affected messages? EX:

    Code:
    exigrep MSGID /var/log/exim_mainlog
    Also, could you let us know of any custom Exim SmartHost configuration enabled on this system? You can review /etc/exim.conf.local to see what's enabled. EX:

    Code:
    cat /etc/exim.conf.local
    Also, is the Enable Sender Rewriting Scheme (SRS) Support option enabled in WHM Home >> Service Configuration >> Exim Configuration Manager?

    Thank you.
     
  5. inspyre

    inspyre Member

    Joined:
    Jul 20, 2011
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    51
    Thanks Michael, sorry for the delay in responding.

    Having looked through the exim main log myself now, I can see the issue.
    The customer had set up a forwarder on their email account, and it was being delivered locally fine, but the forwards failed dependent on the SPF records of the original sender.

    Thanks for your time and help!
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I'm happy to see you were able to determine the cause of the issue. Thank you for updating us with the outcome.
     
Loading...

Share This Page