Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Rejected relay attempt

Discussion in 'E-mail Discussions' started by cuzzmunger, Jun 29, 2017.

  1. cuzzmunger

    cuzzmunger Member

    Joined:
    Apr 28, 2017
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Sydney
    cPanel Access Level:
    Root Administrator
    Hi Everyone, I've been having an issue with a customer relaying through optusnet in Australia.
    This has been going on for some time. I originally had spf & dkim running fine for a long time until a few updates ago.

    I've turned off SPF now but I had added many of the optusnet ip address's and to no avail.

    The error is:
    Code:
    Delivery Event Details
    Event: rejected
    Sender User: -remote-
    Sender Domain:
    Sender: trent@domain-name.com.au
    Sent Time: Jun 29, 2017 5:34:17 PM
    Sender Host: pa49-180-135-47.pa.nsw.optusnet.com.au
    Sender IP: 49.180.135.47
    Authentication: unauthorized
    Spam Score: 0
    Recipient: person@hotmail.com
    Delivered To:
    Delivery User:
    Delivery Domain: hotmail.com
    Router: reject
    Transport: **rejected**
    Out Time: Jun 29, 2017 5:34:17 PM
    ID: 1dQTy1-0008gO-sT
    Delivery Host: pa49-180-135-47.pa.nsw.optusnet.com.au
    Delivery IP: 49.180.135.47
    Size: 0 bytes
    Result: Rejected relay attempt: '49.180.135.47' From: 'trent@domain-name.com.au' To: 'person@hotmail.com'
    
    I would really like to work this out.

    CENTOS 6.9 x86_64 standard
    cPanel & WHM 64.0 (build 29)


    How can I allow optusnet to relay through the server?

    Any help appreciated
    Thanks
    Kim.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you let us know the output from /var/log/exim_mainlog for that message ID? EX:

    Code:
    exigrep 1dQTy1-0008gO-sT /var/log/exim_mainlog
    Thank you.
     
  3. cuzzmunger

    cuzzmunger Member

    Joined:
    Apr 28, 2017
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Sydney
    cPanel Access Level:
    Root Administrator
    Thanks for the reply Michael,
    I got no data back from that command.
    I did find it manually in the log.

    Code:
    2017-06-29 17:34:21 SMTP connection identification H=pa49-180-135-47.pa.nsw.optusnet.com.au A=49.180.135.47 P=33380 U=trent ID=508 S=trent@domain-name.com.au B=get_recent_authed_mail_ips_entry
    2017-06-29 17:34:21 H=pa49-180-135-47.pa.nsw.optusnet.com.au ([10.109.203.224]) [49.180.135.47]:33380 X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no F=<trent@domain-name.com.au> rejected RCPT <person@hotmail.com>: Rejected relay attempt: '49.180.135.47' From: 'trent@domain-name.com.au' To: 'person@hotmail.com'
    2017-06-29 17:34:21 H=pa49-180-135-47.pa.nsw.optusnet.com.au ([10.109.203.224]) [49.180.135.47]:33380 Warning: Sender rate 1.0 / 1h
    2017-06-29 17:34:21 SMTP connection from pa49-180-135-47.pa.nsw.optusnet.com.au ([10.109.203.224]) [49.180.135.47]:33380 lost while reading message data
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Do you notice any corresponding entries in /var/log/maillog that appear at the same time as the error messages referenced above? Also, do you have Greylisting enabled via "WHM >> Home » Email » Greylisting" on this server?

    Thank you.
     
  5. cuzzmunger

    cuzzmunger Member

    Joined:
    Apr 28, 2017
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Sydney
    cPanel Access Level:
    Root Administrator
    Hi Michael, We don't have Greylisting on.
    Here is the mail log from about the same time.
    I have placed xxx for other customers and domain-name for the person in question. I hope this helps

    Code:
    Jun 29 17:33:35 vr4 dovecot: imap(__cpanel__service__auth__imap__h6b5wwyol0adxlqvfmukgbpyh5yxb1lykgjjglnhrlfxm_4l5znyhxrhwkixbyjz): Logged out in=11, out=462, bytes=11/462
    Jun 29 17:33:43 vr4 dovecot: imap-login: Login: user=<xxx@xxx.xxx>, method=PLAIN, rip=144.132.209.27, lip=184.168.72.117, mpid=13839, TLS, session=<GG7zURRTOd2QhNEb>
    Jun 29 17:33:43 vr4 dovecot: imap-login: Login: user=<production@domain-name.com.au>, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13841, TLS, session=<zPj3URRTWIIxtIcv>
    Jun 29 17:33:43 vr4 dovecot: imap-login: Login: user=<trent@domain-name.com.au>, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13843, TLS, session=<s7b4URRTWYIxtIcv>
    Jun 29 17:33:43 vr4 dovecot: imap-login: Login: user=<president@domain-name.org.au>, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13846, TLS, session=<1o/5URRTXIIxtIcv>
    Jun 29 17:33:43 vr4 dovecot: imap-login: Login: user=<production@domain-name.com.au>, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13849, TLS, session=<Lbn5URRTW4IxtIcv>
    Jun 29 17:33:44 vr4 dovecot: imap-login: Login: user=<xxx@xxx.xxx>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=13856, secured, session=<uWASUhRTotV/AAAB>
    Jun 29 17:33:44 vr4 dovecot: imap(xxx@xxx.xxx): Logged out in=92, out=1031, bytes=92/1031
    Jun 29 17:33:46 vr4 dovecot: imap-login: Login: user=<xxx@xxx.xxx>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=13860, secured, session=<IxkmUhRTpNV/AAAB>
    Jun 29 17:33:46 vr4 dovecot: imap(xxx@xxx.xxx): Logged out in=93, out=1022, bytes=93/1022
    Jun 29 17:33:50 vr4 dovecot: imap-login: Login: user=<trent@domain-name>, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13862, TLS, session=<GA1kUhRTYYIxtIcv>
    Jun 29 17:33:53 vr4 dovecot: imap-login: Login: user=<president@domain-name.org.au>, method=PLAIN, rip=49.180.135.47, lip=184.168.72.117, mpid=13872, TLS, session=<gU+RUhRTYoIxtIcv>
    Jun 29 17:33:59 vr4 dovecot: imap-login: Login: user=<xxx@xxx.xxx>, method=PLAIN, rip=144.132.209.27, lip=184.168.74.116, mpid=13883, TLS, session=<HAfxUhRTO92QhNEb>
    Jun 29 17:34:09 vr4 dovecot: pop3-login: Login: user=<trent@domain-name.com.au>, method=PLAIN, rip=14.200.38.147, lip=184.168.72.117, mpid=13899, TLS, session=<zQuAUxRTn9YOyCaT>
    Jun 29 17:34:12 vr4 dovecot: pop3(trent@domain-name.com.au): Disconnected: Logged out top=0/0, retr=0/0, del=0/14093, size=5224633864, bytes=24/543263
    Jun 29 17:34:24 vr4 dovecot: pop3-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=80.82.77.139, lip=184.168.72.64, session=<batuVBRTQMVQUk2L>
    Jun 29 17:34:45 vr4 dovecot: imap-login: Login: user=<xxx@xxx.xxx>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=13948, secured, session=<e9a0VRRTKNZ/AAAB>
    Jun 29 17:34:46 vr4 dovecot: imap(xxx@xxx.xxx): Logged out in=92, out=1031, bytes=92/1031
    Jun 29 17:34:47 vr4 dovecot: imap-login: Login: user=<xxx@xxx.xxx>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=13953, secured, session=<68LFVRRTLNZ/AAAB>
    Jun 29 17:34:47 vr4 dovecot: imap(xxx@xxx.xxx): Logged out in=93, out=1030, bytes=93/1030
    Jun 29 17:34:57 vr4 dovecot: pop3-login: Login: user=<xxx@xxx.xxx>, method=PLAIN, rip=184.168.72.117, lip=184.168.72.117, mpid=13978, secured, session=<ZN5hVhRTYrm4qEh1>
    Jun 29 17:34:57 vr4 dovecot: pop3(xxx@xxx.xxx): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0, bytes=12/43
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you open a support ticket using the link in my signature so we can take a closer look?

    Thank you.
     
  7. cuzzmunger

    cuzzmunger Member

    Joined:
    Apr 28, 2017
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Sydney
    cPanel Access Level:
    Root Administrator
    Thanks Michael, I have submitted a ticket. Thanks again.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    To update, it appears the affected user needed to enable "SMTP Authentication" in their email client.

    Thank you.
     
Loading...

Share This Page